Skip to main content
CVE-2025-54916 HIGH This Month

Stack-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Stack Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54913 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows UI XAML Maps MapControlSettings allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8). No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 1507 Windows 10 1607 +12
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-54912 HIGH This Month

Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54911 HIGH This Month

Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-54910 HIGH This Month

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft 365 Apps Office +1
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2025-54908 HIGH This Month

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54907 HIGH This Month

Heap-based buffer overflow in Microsoft Office Visio allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft 365 Apps Office +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54906 HIGH This Month

Free of memory not on the heap in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Microsoft Authentication Bypass 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54905 HIGH This Month

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to disclose information locally. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure 365 Apps Office Office Long Term Servicing Channel +3
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-54904 HIGH This Month

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54903 HIGH This Month

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54902 HIGH This Month

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure 365 Apps Excel +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54900 HIGH This Month

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft 365 Apps Excel +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54899 HIGH This Month

Free of memory not on the heap in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft 365 Apps Excel Office +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54898 HIGH This Month

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure 365 Apps Excel +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54897 HIGH This Month

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Microsoft Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
8.5%
CVE-2025-54896 HIGH This Month

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54895 HIGH This Month

Integer overflow or wraparound in Windows SPNEGO Extended Negotiation allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8). No vendor patch available.

Buffer Overflow Microsoft Integer Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54894 HIGH This Month

Local Security Authority Subsystem Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54248 HIGH This Month

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Experience Manager
NVD
CVSS 3.1
7.7
EPSS
0.1%
CVE-2025-54108 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Race Condition Windows 11 24h2 Windows Server 2025 Microsoft
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-54106 HIGH This Month

Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Integer Overflow Windows Server 2012 Windows Server 2016 +5
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-54105 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 11 24h2 Windows Server 2022 23h2 +1
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-54103 HIGH This Month

Use after free in Windows Management Services allows an unauthorized attacker to elevate privileges locally. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 21h2 +7
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2025-54102 HIGH This Month

Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1607 +12
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53802 HIGH This Month

Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 21h2 +8
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-53801 HIGH This Month

Untrusted pointer dereference in Windows DWM allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53800 HIGH This Month

No cwe for this issue in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1607 Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-49734 HIGH This Month

Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Information Disclosure Powershell Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-49692 HIGH This Month

Improper access control in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Azure Connected Machine Agent Windows
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-9872 HIGH This Month

Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker to achieve remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Ivanti Endpoint Manager
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2025-9712 HIGH This Month

Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker to achieve remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Ivanti Endpoint Manager
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2025-55148 HIGH This Month

Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Connect Secure Policy Secure Zero Trust Access Gateway +1
NVD
CVSS 3.1
7.6
EPSS
1.8%
CVE-2025-55147 HIGH This Month

CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Ivanti Connect Secure Policy Secure Zero Trust Access Gateway +1
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-55145 HIGH This Month

Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Neurons For Secure Access Connect Secure Policy Secure +1
NVD
CVSS 3.1
8.9
EPSS
0.4%
CVE-2025-55142 HIGH This Month

Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Connect Secure Policy Secure Zero Trust Access Gateway +1
NVD
CVSS 3.1
8.8
EPSS
3.4%
CVE-2025-55141 HIGH This Month

Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Connect Secure Policy Secure Zero Trust Access Gateway +1
NVD
CVSS 3.1
8.8
EPSS
3.4%
CVE-2025-52915 HIGH This Month

K7RKScan.sys 23.0.0.10, part of the K7 Security Anti-Malware suite, allows an admin-privileged user to send crafted IOCTL requests to terminate processes that are protected through a third-party. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-9364 HIGH This Month

An open database issue exists in the affected product and version. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Redis Factorytalk Analytics Logixai
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-9166 HIGH This Month

A denial-of-service security issue exists in the affected product and version. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Controllogix 5580 Firmware
NVD
CVSS 4.0
8.2
EPSS
0.1%
CVE-2025-9161 HIGH This Month

A security issue exists within FactoryTalk Optix MQTT broker due to the lack of URI sanitization. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection RCE Factorytalk Optix
NVD
CVSS 4.0
7.3
EPSS
0.1%
CVE-2025-9160 HIGH This Month

A code execution security issue exists in the affected product. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE
NVD
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-9065 HIGH This Month

A server-side request forgery security issue exists within Rockwell Automation ThinManager® software due to the lack of input sanitization. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Rockwell SSRF Thinmanager
NVD
CVSS 4.0
8.6
EPSS
0.0%
CVE-2025-8008 HIGH This Month

A security issue exists in the protected mode of EN4TR devices, where sending specifically crafted messages during a Forward Close operation can cause the device to crash. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service 1756 En2Tr Series A Firmware 1756 En2Tr Series B Firmware 1756 En2Tr Series C Firmware 1756 En4Tr Firmware +1
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-8007 HIGH This Month

A security issue exists in the protected mode of 1756-EN4TR and 1756-EN2TR communication modules, where a Concurrent Forward Close operation can trigger a Major Non-Recoverable (MNFR) fault. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service 1756 En2Tr Series A Firmware 1756 En2Tr Series B Firmware 1756 En2Tr Series C Firmware 1756 En4Tr Firmware +1
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-7970 HIGH This Month

A security issue exists within FactoryTalk Activation Manager. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Factorytalk Activation Manager
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-7350 HIGH This Month

A security issue affecting multiple Cisco devices also directly impacts Stratix® 5410, 5700, and 8000 devices. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Cisco
NVD
CVSS 4.0
8.6
EPSS
0.5%
CVE-2025-48208 HIGH This Month

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache HertzBeat . Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

LDAP Code Injection Apache Hertzbeat
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-24404 HIGH This Month

XML Injection RCE by parse http sitemap xml response vulnerability in Apache HertzBeat. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Apache Hertzbeat
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-59018 HIGH PATCH This Month

Missing authorization checks in the Workspace Module of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke the. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Typo3
NVD
CVSS 4.0
7.1
EPSS
0.0%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy