Skip to main content
CVE-2025-60710 HIGH POC KEV THREAT Act Now

Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.3%
Threat
4.6
CVE-2025-62215 HIGH POC KEV THREAT Act Now

Windows Kernel contains a race condition vulnerability enabling local privilege escalation through concurrent resource access with improper synchronization.

Race Condition Microsoft Information Disclosure Windows 10 1809 Windows 10 21h2 +9
NVD Exploit-DB VulDB
CVSS 3.1
7.0
EPSS
0.5%
CVE-2025-11307 HIGH POC This Week

The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.48 does not sanitize user input provided via an AJAX action, allowing unauthenticated users to store XSS payloads which are later. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Google XSS PHP
NVD WPScan
CVSS 3.1
8.8
EPSS
7.0%
CVE-2025-13014 HIGH PATCH This Week

Use-after-free in the Audio/Video component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Use After Free Mozilla
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-13020 HIGH PATCH This Week

Use-after-free in the WebRTC: Audio/Video component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Use After Free Mozilla
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-13027 HIGH PATCH This Week

Memory safety bugs present in Firefox 144 and Thunderbird 144. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE Mozilla
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-30398 HIGH This Week

Missing authorization in Nuance PowerScribe allows an unauthorized attacker to disclose information over a network. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Nuance Powerscribe One
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-13019 HIGH PATCH This Week

Same-origin policy bypass in the DOM: Workers component. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cors Misconfiguration Authentication Bypass Mozilla
NVD VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-13018 HIGH PATCH This Week

Mitigation bypass in the DOM: Security component. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mozilla
NVD VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-13017 HIGH PATCH This Week

Same-origin policy bypass in the DOM: Notifications component. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cors Misconfiguration Authentication Bypass Mozilla
NVD VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-11959 HIGH This Week

Files or Directories Accessible to External Parties, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Premierturk Information Technologies Inc. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-13016 HIGH PATCH This Week

Incorrect boundary conditions in the JavaScript: WebAssembly component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Mozilla
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-13012 HIGH PATCH This Week

Race condition in the Graphics component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Race Condition Mozilla
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-13025 HIGH PATCH This Week

Incorrect boundary conditions in the Graphics: WebGPU component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Privilege Escalation
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-10161 HIGH This Week

Improper Restriction of Excessive Authentication Attempts, Client-Side Enforcement of Server-Side Security, Reliance on Untrusted Inputs in a Security Decision vulnerability in Turkguven Software. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-61830 HIGH This Week

Adobe Pass versions 3.7.3 and earlier are affected by an Incorrect Authorization vulnerability. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Adobe
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-64531 HIGH This Month

Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE Use After Free Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-61835 HIGH This Month

Substance3D - Stager versions 3.1.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-61834 HIGH This Month

Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE Use After Free Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-61833 HIGH This Month

Substance3D - Stager versions 3.1.5 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-40827 HIGH This Month

A vulnerability has been identified in Siemens Software Center (All versions < V3.5), Solid Edge SE2025 (All versions < V225.0 Update 10). Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Siemens RCE
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-40817 HIGH This Month

A vulnerability has been identified in LOGO!. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-40816 HIGH This Month

A vulnerability has been identified in LOGO!. Rated high severity (CVSS 7.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
7.2
EPSS
0.1%
CVE-2025-40815 HIGH This Month

A vulnerability has been identified in LOGO!. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow
NVD
CVSS 4.0
8.6
EPSS
0.1%
CVE-2025-40763 HIGH This Month

A vulnerability has been identified in Altair Grid Engine (All versions < V2026.0.0). Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

RCE
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-40744 HIGH This Month

A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 11). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2024-32011 HIGH This Month

A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2024-32010 HIGH This Month

A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2024-32009 HIGH This Month

A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2024-32008 HIGH This Month

A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-61839 HIGH This Month

Format Plugins versions 1.1.1 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Format Plugins
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-61838 HIGH This Month

Format Plugins versions 1.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Format Plugins
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-61837 HIGH This Month

Format Plugins versions 1.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Format Plugins
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-62452 HIGH This Month

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Heap Overflow Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-62222 HIGH This Month

Improper neutralization of special elements used in a command ('command injection') in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Github Copilot Chat
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-62220 HIGH This Month

Heap-based buffer overflow in Windows Subsystem for Linux GUI allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Heap Overflow Windows Subsystem For Linux Windows
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-62219 HIGH This Month

Double free in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Microsoft Information Disclosure Windows 10 1607 Windows 10 1809 +5
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-62218 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Microsoft Information Disclosure Windows 10 1607 Windows 10 1809 +5
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-62217 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Microsoft Information Disclosure Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-62216 HIGH This Month

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Microsoft Use After Free 365 Apps +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-62213 HIGH This Month

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Microsoft Use After Free Windows 10 1607 +14
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-62211 HIGH This Month

Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dynamics 365
NVD
CVSS 3.1
8.7
EPSS
0.1%
CVE-2025-62210 HIGH This Month

Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dynamics 365
NVD
CVSS 3.1
8.7
EPSS
0.1%
CVE-2025-62205 HIGH This Month

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Microsoft Use After Free 365 Apps +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-62204 HIGH This Month

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Microsoft Sharepoint Server
NVD
CVSS 3.1
8.0
EPSS
3.0%
CVE-2025-62203 HIGH This Month

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Microsoft Use After Free 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-62202 HIGH This Month

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure 365 Apps Excel +3
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-62201 HIGH This Month

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Heap Overflow 365 Apps Excel +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-62200 HIGH This Month

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass 365 Apps Excel Office +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-62199 HIGH This Month

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Microsoft Use After Free 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
0.9%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy