Skip to main content
CVE-2025-54897 HIGH This Month

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Microsoft Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
8.5%
CVE-2025-54896 HIGH This Month

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54895 HIGH This Month

Integer overflow or wraparound in Windows SPNEGO Extended Negotiation allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8). No vendor patch available.

Buffer Overflow Microsoft Integer Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54894 HIGH This Month

Local Security Authority Subsystem Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54261 CRITICAL This Week

ColdFusion versions 2025.3, 2023.15, 2021.21 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Coldfusion
NVD
CVSS 3.1
10.0
EPSS
2.0%
CVE-2025-54252 MEDIUM This Month

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-54250 MEDIUM Monitor

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Experience Manager
NVD
CVSS 3.1
4.9
EPSS
0.2%
CVE-2025-54248 HIGH This Month

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Experience Manager
NVD
CVSS 3.1
7.7
EPSS
0.1%
CVE-2025-54247 MEDIUM This Month

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Experience Manager
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-54108 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Race Condition Windows 11 24h2 Windows Server 2025 Microsoft
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-54107 MEDIUM Monitor

Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-54106 HIGH This Month

Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Integer Overflow Windows Server 2012 Windows Server 2016 +5
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-54105 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 11 24h2 Windows Server 2022 23h2 +1
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-54104 MEDIUM This Month

Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2025-54103 HIGH This Month

Use after free in Windows Management Services allows an unauthorized attacker to elevate privileges locally. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 21h2 +7
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2025-54102 HIGH This Month

Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1607 +12
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54101 MEDIUM Monitor

Use after free in Windows SMBv3 Client allows an authorized attacker to execute code over a network. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +12
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2025-53802 HIGH This Month

Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 21h2 +8
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-53801 HIGH This Month

Untrusted pointer dereference in Windows DWM allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53800 HIGH This Month

No cwe for this issue in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1607 Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-53799 MEDIUM This Month

Use of uninitialized resource in Windows Imaging Component allows an unauthorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Office Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-53798 MEDIUM This Month

Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +5
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-53797 MEDIUM This Month

Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +5
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-53796 MEDIUM This Month

Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +5
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-49734 HIGH This Month

Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Information Disclosure Powershell Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-49692 HIGH This Month

Improper access control in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Azure Connected Machine Agent Windows
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-47997 MEDIUM This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in SQL Server allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sql Server 2016 Sql Server 2017 Sql Server 2019 Sql Server 2022
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-9872 HIGH This Month

Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker to achieve remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Ivanti Endpoint Manager
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2025-9712 HIGH This Month

Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker to achieve remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Ivanti Endpoint Manager
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2025-8712 MEDIUM This Month

Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Neurons For Secure Access Connect Secure Policy Secure +1
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2025-8711 MEDIUM This Month

CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Ivanti Connect Secure Policy Secure Zero Trust Access Gateway +1
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-55148 HIGH This Month

Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Connect Secure Policy Secure Zero Trust Access Gateway +1
NVD
CVSS 3.1
7.6
EPSS
1.8%
CVE-2025-55147 HIGH This Month

CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Ivanti Connect Secure Policy Secure Zero Trust Access Gateway +1
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-55146 MEDIUM Monitor

An unchecked return value in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Ivanti Connect Secure Policy Secure Zero Trust Access Gateway +1
NVD
CVSS 3.1
4.9
EPSS
1.0%
CVE-2025-55145 HIGH This Month

Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Neurons For Secure Access Connect Secure Policy Secure +1
NVD
CVSS 3.1
8.9
EPSS
0.4%
CVE-2025-55144 MEDIUM This Month

Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Connect Secure Policy Secure Zero Trust Access Gateway +1
NVD
CVSS 3.1
5.4
EPSS
1.2%
CVE-2025-55143 MEDIUM This Month

Reflected text injection in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti XSS Connect Secure Policy Secure Zero Trust Access Gateway +1
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-55142 HIGH This Month

Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Connect Secure Policy Secure Zero Trust Access Gateway +1
NVD
CVSS 3.1
8.8
EPSS
3.4%
CVE-2025-55141 HIGH This Month

Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Connect Secure Policy Secure Zero Trust Access Gateway +1
NVD
CVSS 3.1
8.8
EPSS
3.4%
CVE-2025-55139 MEDIUM This Month

SSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Ivanti Connect Secure Policy Secure Zero Trust Access Gateway +1
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2025-52915 HIGH This Month

K7RKScan.sys 23.0.0.10, part of the K7 Security Anti-Malware suite, allows an admin-privileged user to send crafted IOCTL requests to terminate processes that are protected through a third-party. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-43776 MEDIUM PATCH Monitor

A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7,. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure XSS Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
4.6
EPSS
0.0%
CVE-2025-10183 CRITICAL This Week

A blind XML External Entity (XXE) injection in the OpenMessaging webservice in TecCom TecConnect 4.1 allows an unauthenticated attacker to exfiltrate arbitrary files to an attacker-controlled server. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-9994 CRITICAL This Week

The Amp’ed RF BT-AP 111 Bluetooth access point's HTTP admin interface does not have an authentication feature, allowing unauthorized access to anyone with network access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-45325 MEDIUM This Month

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiDDoS-F version 7.0.0 through 7.02 and before 6.6.3 may allow a. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fortinet Fortiddos F
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-9364 HIGH This Month

An open database issue exists in the affected product and version. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Redis Factorytalk Analytics Logixai
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-9166 HIGH This Month

A denial-of-service security issue exists in the affected product and version. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Controllogix 5580 Firmware
NVD
CVSS 4.0
8.2
EPSS
0.1%
CVE-2025-9161 HIGH This Month

A security issue exists within FactoryTalk Optix MQTT broker due to the lack of URI sanitization. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection RCE Factorytalk Optix
NVD
CVSS 4.0
7.3
EPSS
0.1%
CVE-2025-9160 HIGH This Month

A code execution security issue exists in the affected product. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE
NVD
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-9065 HIGH This Month

A server-side request forgery security issue exists within Rockwell Automation ThinManager® software due to the lack of input sanitization. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Rockwell SSRF Thinmanager
NVD
CVSS 4.0
8.6
EPSS
0.0%
Prev Page 6 of 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy