Skip to main content
CVE-2025-10199 HIGH This Month

A local privilege escalation vulnerability exists in Sunshine for Windows (version v2025.122.141614 and likely prior versions) due to an unquoted service path. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Sunshine Windows
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-10198 HIGH This Month

Sunshine for Windows, version v2025.122.141614, contains a DLL search-order hijacking vulnerability, allowing attackers to insert a malicious DLL in user-writeable PATH directories. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Sunshine Windows
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-57540 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability exists in the WebAuthn Relying Party field within the Datacenter configuration of Proxmox Virtual Environment (PVE) 8.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Virtual Environment
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-57539 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the U2F Origin field of the Datacenter configuration in Proxmox Virtual Environment (PVE) 8.4 allows authenticated users to store malicious input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Virtual Environment
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-57538 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the HTTP Proxy field within the Datacenter configuration panel of Proxmox Virtual Environment (PVE) 8.4 allows an authenticated user to inject. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Virtual Environment
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-57087 HIGH POC This Month

Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the countryCode parameter in the werlessAdvancedSet function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Denial Of Service Buffer Overflow Stack Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57072 HIGH POC This Month

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the staticRouteGateway parameter in the formSetStaticRoute function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Denial Of Service Buffer Overflow Stack Overflow G3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57071 HIGH POC This Month

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the vpnUsers parameter in the formAddVpnUsers function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Denial Of Service Buffer Overflow Stack Overflow G3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57070 HIGH POC This Month

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the gstUp parameter in the guestWifiRuleRefresh function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Denial Of Service Buffer Overflow Stack Overflow G3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57069 HIGH POC This Month

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the pPppUser parameter in the getsinglepppuser function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Denial Of Service Buffer Overflow Stack Overflow G3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57064 HIGH POC This Month

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the bindDhcpIndex parameter in the modifyDhcpRule function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Denial Of Service Buffer Overflow Stack Overflow G3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57063 HIGH POC This Month

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the portMappingIndex parameter in the formDelPortMapping function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Denial Of Service Buffer Overflow Stack Overflow G3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57062 HIGH POC This Month

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the delDhcpIndex parameter in the formDelDhcpRule function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Denial Of Service Buffer Overflow Stack Overflow G3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57061 HIGH POC This Month

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain multiple stack overflows in the formIPMacBindModify function via the ruleId, ip, mac, v6 and remark parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Denial Of Service Buffer Overflow Stack Overflow G3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57059 HIGH POC This Month

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the dhcpIndex parameter in the addDhcpRule function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Denial Of Service Buffer Overflow Stack Overflow G3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57058 HIGH POC This Month

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain multiple stack overflows in the formSetDebugCfg function via the pEnable, pLevel, and pModule parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Denial Of Service Buffer Overflow Stack Overflow G3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57057 HIGH POC This Month

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the listStr parameter in the ipMacBindListStore function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Denial Of Service Buffer Overflow Stack Overflow G3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-55317 HIGH This Month

Improper link resolution before file access ('link following') in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Autoupdate
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-55316 HIGH This Month

External control of file name or path in Azure Arc allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Azure Connected Machine Agent
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-55245 HIGH This Month

Improper link resolution before file access ('link following') in Xbox allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Xbox Gaming Services
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-55243 HIGH This Month

Exposure of sensitive information to an unauthorized actor in Microsoft Office Plus allows an unauthorized attacker to perform spoofing over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Officeplus
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-55236 HIGH This Month

Time-of-check time-of-use (toctou) race condition in Graphics Kernel allows an authorized attacker to execute code locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Windows 10 1809 Windows 10 21h2 Windows 10 22h2 Windows 11 22h2 +7
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-55234 HIGH This Month

SMB Server might be susceptible to relay attacks depending on the configuration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-55232 CRITICAL This Week

Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an unauthorized attacker to execute code over a network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Microsoft Hpc Pack
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2025-55228 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally. Rated high severity (CVSS 7.8). No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 21h2 Windows 10 22h2 +7
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-55227 HIGH This Month

Improper neutralization of special elements used in a command ('command injection') in SQL Server allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sql Server 2016 Sql Server 2017 Sql Server 2019 Sql Server 2022
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-55226 MEDIUM This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to execute code locally. Rated medium severity (CVSS 6.7). No vendor patch available.

Information Disclosure Race Condition Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-55225 MEDIUM This Month

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure Windows Server 2008 Windows Server 2012 +6
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-55224 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally. Rated high severity (CVSS 7.8). No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-55223 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Race Condition Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +8
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-54919 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally. Rated high severity (CVSS 7.5). No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-54918 HIGH This Month

Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-54917 MEDIUM Monitor

Protection mechanism failure in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-54916 HIGH This Month

Stack-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Stack Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54915 MEDIUM This Month

Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2025-54913 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows UI XAML Maps MapControlSettings allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8). No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 1507 Windows 10 1607 +12
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-54912 HIGH This Month

Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54911 HIGH This Month

Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-54910 HIGH This Month

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft 365 Apps Office +1
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2025-54908 HIGH This Month

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54907 HIGH This Month

Heap-based buffer overflow in Microsoft Office Visio allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft 365 Apps Office +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54906 HIGH This Month

Free of memory not on the heap in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Microsoft Authentication Bypass 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54905 HIGH This Month

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to disclose information locally. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure 365 Apps Office Office Long Term Servicing Channel +3
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-54904 HIGH This Month

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54903 HIGH This Month

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54902 HIGH This Month

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure 365 Apps Excel +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54901 MEDIUM This Month

Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft 365 Apps Excel Office +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-54900 HIGH This Month

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft 365 Apps Excel +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54899 HIGH This Month

Free of memory not on the heap in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft 365 Apps Excel Office +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54898 HIGH This Month

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure 365 Apps Excel +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
Prev Page 5 of 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy