Skip to main content

Microsoft

17290 CVEs vendor

Monthly

CVE-2026-20823 MEDIUM PATCH This Month

Information disclosure in Windows File Explorer enables local authenticated users to read sensitive data on affected Windows systems including Windows 10 and Windows Server 2025. An attacker with valid local credentials can exploit this vulnerability to access confidential information without requiring user interaction. No patch is currently available for this issue.

Windows Windows Server 2025 Windows 10 22h2 Windows 10 21h2 Windows Server 2022 +9
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20822 HIGH PATCH This Week

Privilege escalation in Microsoft Graphics Component on Windows 11 25h2 and Windows Server 2019 exploits a use-after-free condition, enabling authenticated local attackers to gain elevated system privileges. The vulnerability requires moderate complexity to exploit and affects confidentiality, integrity, and availability of affected systems. No patch is currently available.

Microsoft Industrial Use After Free Windows 11 25h2 Windows Server 2019 +10
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20821 MEDIUM PATCH This Month

Windows RPC implementation leaks sensitive information to local attackers on Windows 10, Windows 11, and Windows Server 2022. An unauthenticated local attacker can exploit this information disclosure vulnerability without user interaction to access confidential data. No patch is currently available for this medium-severity vulnerability.

Windows Windows 11 25h2 Windows 10 1809 Windows 10 21h2 Windows Server 2022 +11
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-20820 HIGH PATCH This Week

Heap buffer overflow in Windows Common Log File System Driver (affecting Windows 10 1607, Server 2016, and Server 2022 23h2) enables authenticated local users to achieve complete system compromise through privilege escalation. The vulnerability requires valid credentials but no user interaction, making it a direct path to administrative control for insiders or attackers with initial access. No patch is currently available, leaving affected systems at elevated risk pending remediation.

Windows Buffer Overflow Heap Overflow Windows Server 2016 Windows Server 2022 23h2 +13
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20819 MEDIUM PATCH This Month

Improper pointer validation in Windows VBS Enclave allows authenticated local users to read sensitive information on Windows 11 systems across multiple versions. An attacker with local access and valid credentials can exploit this memory safety flaw to bypass enclave protections and disclose confidential data. No patch is currently available.

Windows Windows 11 25h2 Windows 11 23h2 Windows 11 24h2 Microsoft
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20818 MEDIUM PATCH This Month

Windows Kernel inadvertently logs sensitive information to accessible log files, enabling local attackers to read confidential data on affected Windows and Linux systems. This information disclosure vulnerability requires no privileges or user interaction to exploit and impacts Windows Server 2016, 2022, and 2025 along with standard Windows installations. No patch is currently available for this medium-severity issue.

Linux Windows Windows Server 2016 Windows Server 2025 Windows Server 2022 23h2 +3
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-20817 HIGH PATCH This Week

Windows Error Reporting on Windows 10, Windows 11, and Windows Server 2022 fails to properly validate user privileges, enabling local authenticated users to escalate to system-level access. An attacker with valid credentials can exploit this permission handling flaw to gain full control over the affected system. Currently no patch is available for this high-severity vulnerability (CVSS 7.8).

Microsoft Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20816 HIGH PATCH This Week

Windows Installer contains a time-of-check time-of-use race condition that allows authenticated local attackers to escalate privileges on Windows 10 1809, Windows 11 25h2, and Windows Server 2022 23h2. An attacker with local access can exploit the window between permission validation and file operation execution to gain elevated system access. No patch is currently available for this vulnerability.

Windows Race Condition Windows 11 25h2 Windows 10 1809 Windows Server 2022 23h2 +12
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20815 HIGH PATCH This Week

Privilege escalation in Windows 11 and Windows Server 2025 Capability Access Management Service stems from improper synchronization of shared resources, enabling a local authenticated attacker to gain elevated privileges. The vulnerability exploits a race condition that can be triggered without user interaction, though successful exploitation requires specific timing and system conditions. No patch is currently available for this high-severity issue.

Race Condition Windows 11 25h2 Windows 11 24h2 Windows Server 2025 Microsoft
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-20814 HIGH PATCH This Week

Privilege escalation in the Graphics Kernel affects Linux, Windows Server 2016, and Windows 10 1607 through a race condition in shared resource synchronization. A local authenticated attacker can exploit this vulnerability to gain elevated privileges on the affected system. No patch is currently available for this vulnerability.

Linux Industrial Race Condition Windows Server 2016 Windows 10 1607 +11
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-20812 MEDIUM PATCH This Month

Windows LDAP input validation bypass in Windows 10 21H2, Windows 11 24H2, and Windows Server 2022 23H2 enables authenticated network attackers to modify data integrity without detection. The vulnerability requires valid credentials and network access but does not provide elevation of privilege or confidentiality breaches. No patch is currently available for this medium-severity issue.

Windows LDAP Windows 10 21h2 Windows 11 24h2 Windows Server 2022 23h2 +10
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-20811 HIGH PATCH This Week

Local privilege escalation in Windows Win32K (ICOMP) via type confusion allows authenticated users to gain system-level access on Windows 11 and Windows Server 2025. The vulnerability affects multiple recent Windows versions with no available patch, requiring immediate mitigation strategies for at-risk environments. Exploitation requires local access but no user interaction, making it a significant risk for multi-user systems.

Windows Windows Server 2025 Windows 11 23h2 Windows Server 2022 23h2 Windows 11 24h2 +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-20810 HIGH PATCH This Week

The Windows Ancillary Function Driver for WinSock contains an improper memory deallocation vulnerability (CWE-590) that allows authenticated local attackers to achieve privilege escalation on affected Windows 10 and Windows Server 2019 systems. An attacker with local user privileges can exploit this flaw to gain SYSTEM-level access without user interaction. No patch is currently available for this vulnerability.

Windows Windows Server 2019 Windows 10 21h2 Windows 10 22h2 Windows 10 1809 +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20809 HIGH PATCH This Week

Privilege escalation in Windows Kernel Memory affects Windows 10 21h2 and Windows Server 2022 23h2, exploitable by local authenticated users through a race condition between permission checks and memory access. An attacker with local access can leverage this window to gain elevated system privileges. No patch is currently available.

Linux Windows Race Condition Windows Server 2022 23h2 Windows 10 21h2 +12
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20808 HIGH PATCH This Week

Privilege escalation in Windows Printer Association Object affects Windows 11 and Windows Server 2022/2025 through a race condition in shared resource access. An authenticated local attacker can exploit improper synchronization to gain elevated system privileges. No patch is currently available for this vulnerability.

Race Condition Windows Server 2025 Windows 11 25h2 Windows 11 24h2 Windows Server 2022 23h2 +1
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-20805 MEDIUM KEV PATCH THREAT Act Now

Desktop Windows Manager on Windows 10, Windows 11, and Windows Server 2022 leaks sensitive information to local authenticated users, enabling disclosure of confidential data without modifying or disrupting system functionality. This vulnerability is confirmed actively exploited and affects multiple Windows versions with no patch currently available. An authorized attacker can exploit this with minimal complexity to extract sensitive information from the system.

Windows Windows 11 23h2 Windows Server 2022 23h2 Windows 10 1809 Windows 11 25h2 +10
NVD VulDB
CVSS 3.1
5.5
EPSS
4.8%
CVE-2026-20804 HIGH PATCH This Week

Windows Hello privilege elevation flaw in Windows 10 21h2, Windows Server 2019, 2022, and 2022 23h2 enables local attackers to modify system data without authorization. The vulnerability stems from improper privilege assignment that bypasses access controls, allowing an unauthenticated attacker with local access to tamper with protected resources. Currently no patch is available and exploitation requires only local access with no special conditions or user interaction.

Windows Windows Server 2022 23h2 Windows Server 2022 Windows 10 21h2 Windows Server 2019 +9
NVD
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-0386 HIGH PATCH This Week

Windows Deployment Services contains improper access control that enables unauthenticated attackers on an adjacent network to execute arbitrary code with high privileges on affected Windows and Windows Server systems. The vulnerability affects multiple Windows versions including Server 2012, 2019, and 2022 variants, with no patch currently available. An adjacent network attacker requires only network proximity to exploit this vulnerability, making lateral movement within networked environments a significant risk.

Windows Windows Server 2019 Windows Server 2022 23h2 Windows Server 2012 Windows Server 2022 +4
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-62224 MEDIUM This Month

User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an authorized attacker to perform spoofing over a network. [CVSS 5.5 MEDIUM]

Microsoft Android Edge
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-9611 npm HIGH POC PATCH This Week

Missing Origin/Host header validation in Microsoft's Playwright MCP Server (versions before 0.0.40) lets a remote web page reach a developer's locally bound MCP HTTP endpoint through a DNS rebinding attack, causing unauthorized invocation of MCP tool endpoints that drive an automated browser. Publicly available exploit code exists (a proof-of-concept gist and a VulnCheck advisory), though the flaw is not listed in CISA KEV and EPSS probability is low (0.25%, 48th percentile). Exploitation requires that a victim with the server running visit an attacker-controlled page, so this is opportunistic rather than mass-scannable.

Microsoft Authentication Bypass
NVD GitHub
CVSS 4.0
7.2
EPSS
0.2%
CVE-2025-65319 CRITICAL POC Act Now

Protection-mechanism bypass in BlueMail 1.140.103 and earlier on Windows lets attackers deliver files that are saved via the attachment-interaction feature without a Mark-of-the-Web (MOTW) tag, defeating Windows SmartScreen, Office Protected View, and third-party security software that rely on the MOTW zone identifier. Publicly available exploit code exists; the flaw is not listed in CISA KEV and EPSS is low (0.48%, 38th percentile), indicating no confirmed widespread exploitation yet. The practical effect is that a malicious document or executable arriving by email loses the 'downloaded from the Internet' provenance that would normally trigger a warning or block.

Authentication Bypass Microsoft Bluemail
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2025-65318 CRITICAL POC Act Now

Protection-mechanism bypass in Canary Mail 5.1.40 and earlier on Windows lets attacker-supplied email attachments be written to disk without the Mark-of-the-Web (MOTW) NTFS tag, so files that reach a victim through the mail client are treated as trusted local content rather than internet-originated. This defeats SmartScreen, Office Protected View, and other MOTW-aware defenses in Windows and third-party software, materially easing malware delivery. Publicly available exploit code exists; the issue is not listed in CISA KEV and EPSS is low (0.48%, 38th percentile), indicating no evidence of widespread active exploitation.

Authentication Bypass Microsoft Canary Mail
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2025-64667 MEDIUM This Month

Spoofing via UI misrepresentation in Microsoft Exchange Server 2016 and Exchange Server Subscription Edition allows unauthenticated network attackers to falsify critical sender or authentication information as rendered by the Exchange interface. Rooted in CWE-451 (UI Misrepresentation of Critical Information), the flaw enables an attacker to craft messages or interactions that Exchange presents deceptively, undermining trust signals recipients rely upon to distinguish legitimate from malicious communications. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog; however, the PR:N/AC:L vector means exploitation requires no credentials and minimal attacker sophistication.

Microsoft Authentication Bypass Exchange Server Exchange Server Subscription Edition
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2025-64666 HIGH This Week

Privilege escalation in Microsoft Exchange Server 2016 (and Subscription Edition per vendor tagging) allows an authenticated attacker on the network to elevate privileges through improper input validation (CWE-20). The flaw carries a CVSS 7.5 score with high impact to confidentiality, integrity, and availability, though attack complexity is rated High. No public exploit identified at time of analysis.

Microsoft Information Disclosure Exchange Server Exchange Server Subscription Edition
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2025-62557 HIGH This Week

Local code execution in Microsoft Office (365 Apps, Office 2016/2019, and Office LTSC 2021 across Windows, macOS, and Android) stems from a use-after-free memory corruption flaw tracked as CVE-2025-62557. An attacker who entices a user to open a crafted document can achieve arbitrary code execution with the privileges of the current user, with no public exploit identified at time of analysis. The CVSS 8.4 rating reflects high impact across confidentiality, integrity, and availability despite the local attack vector.

Memory Corruption Microsoft Denial Of Service Use After Free 365 Apps +2
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2025-62554 HIGH This Week

Local code execution in Microsoft Office (365 Apps, Office 2016/2019, Office LTSC 2021, and Office for Android/macOS) stems from a type confusion flaw (CWE-843) that lets an attacker run arbitrary code in the context of the current user. Despite PR:N/UI:N in the CVSS vector, the AV:L attack vector means the attacker must deliver a malicious document to be opened on the target host. No public exploit has been identified at time of analysis and the CVE is not on the CISA KEV list.

Memory Corruption Microsoft Authentication Bypass 365 Apps Office +1
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2025-66461 MEDIUM This Month

A remote code execution vulnerability (CVSS 6.7). Remediation should follow standard vulnerability management procedures.

Microsoft RCE Windows
NVD
CVSS 3.0
6.7
EPSS
0.0%
CVE-2025-66334 LOW Monitor

Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.

Microsoft Denial Of Service
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-66333 LOW Monitor

Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.

Microsoft Denial Of Service
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-66332 LOW Monitor

Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.

Microsoft Denial Of Service
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-66331 LOW Monitor

Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.

Microsoft Denial Of Service
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-14218 MEDIUM POC This Month

A security flaw has been discovered in code-projects Currency Exchange System 1.0. The affected element is an unknown function of the file /editotheraccount.php. Performing manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited.

Microsoft PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-14217 MEDIUM POC This Month

A vulnerability was identified in code-projects Currency Exchange System 1.0. Impacted is an unknown function of the file /edittrns.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.

Microsoft PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-14216 MEDIUM POC This Month

A vulnerability was determined in code-projects Currency Exchange System 1.0. This issue affects some unknown processing of the file /viewserial.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.

Microsoft PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-14215 MEDIUM POC This Month

A vulnerability was found in code-projects Currency Exchange System 1.0. This vulnerability affects unknown code of the file /edit.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.

Microsoft PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-40271 POC PATCH CISA Monitor

In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in proc_readdir_de() Pde is erased from subdir rbtree through rb_erase(), but not set the node to EMPTY, which may result in uaf access. We should use RB_CLEAR_NODE() set the erased node to EMPTY, then pde_subdir_next() will return NULL to avoid uaf access. We found an uaf issue while using stress-ng testing, need to run testcase getdent and tun in the same time. The steps of the issue is as follows: 1) use getdent to traverse dir /proc/pid/net/dev_snmp6/, and current pde is tun3; 2) in the [time windows] unregister netdevice tun3 and tun2, and erase them from rbtree. erase tun3 first, and then erase tun2. the pde(tun2) will be released to slab; 3) continue to getdent process, then pde_subdir_next() will return pde(tun2) which is released, it will case uaf access. CPU 0 | CPU 1 ------------------------------------------------------------------------- traverse dir /proc/pid/net/dev_snmp6/ | unregister_netdevice(tun->dev) //tun3 tun2 sys_getdents64() | iterate_dir() | proc_readdir() | proc_readdir_de() | snmp6_unregister_dev() pde_get(de); | proc_remove() read_unlock(&proc_subdir_lock); | remove_proc_subtree() | write_lock(&proc_subdir_lock); [time window] | rb_erase(&root->subdir_node, &parent->subdir); | write_unlock(&proc_subdir_lock); read_lock(&proc_subdir_lock); | next = pde_subdir_next(de); | pde_put(de); | de = next; //UAF | rbtree of dev_snmp6 | pde(tun3) / \ NULL pde(tun2)

Microsoft Information Disclosure Linux Ubuntu Debian +2
NVD Exploit-DB VulDB
EPSS
0.1%
CVE-2025-59775 HIGH POC PATCH This Week

Server-Side Request Forgery (SSRF) vulnerability  in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off  allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes the issue.

Microsoft Apache SSRF Ubuntu Debian +5
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-32900 MEDIUM PATCH This Month

A security vulnerability in the KDE Connect information-exchange protocol (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Microsoft Information Disclosure Google Ubuntu Debian +2
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-62223 MEDIUM PATCH This Month

User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network.

Microsoft Authentication Bypass Apple Edge Chromium iOS
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-1910 MEDIUM This Month

The WatchGuard Mobile VPN with SSL Client on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM on the Windows machine where the VPN Client is installed.This issue affects the Mobile VPN with SSL Client 12.0 up to and including 12.11.2.

Microsoft Command Injection Windows
NVD
CVSS 4.0
6.3
EPSS
0.0%
CVE-2025-11838 HIGH This Week

A memory corruption vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker to trigger a Denial of Service (DoS) condition in the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer. This vulnerability affects Fireware OS 12.6.1 up to and including 12.11.4 and 2025.1 up to and including 2025.1.2.

Microsoft Buffer Overflow Denial Of Service Fireware
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-65958 PyPI HIGH POC PATCH This Week

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a Server-Side Request Forgery (SSRF) vulnerability in Open WebUI allows any authenticated user to force the server to make HTTP requests to arbitrary URLs. This can be exploited to access cloud metadata endpoints (AWS/GCP/Azure), scan internal networks, access internal services behind firewalls, and exfiltrate sensitive information. No special permissions beyond basic authentication are required. This vulnerability is fixed in 0.6.37.

Microsoft SSRF Open Webui
NVD GitHub VulDB
CVSS 3.1
8.5
EPSS
0.0%
CVE-2025-12385 HIGH PATCH This Week

Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the <img> tag could cause an application to become unresponsive. This issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0.

Microsoft Apple Google Denial Of Service Ubuntu +4
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-20387 HIGH PATCH This Week

In Splunk Universal Forwarder for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory. This lets non-administrator users on the machine access the directory and all its contents.

Microsoft Information Disclosure Splunk Windows
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-20386 HIGH PATCH This Week

In Splunk Enterprise for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Splunk Enterprise for Windows Installation directory. This lets non-administrator users on the machine access the directory and all its contents.

Microsoft Information Disclosure Splunk Windows
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-13751 MEDIUM PATCH This Month

Interactive service agent in OpenVPN version 2.5.0 through 2.6.16 and 2.7_alpha1 through 2.7_rc2 on Windows allows a local authenticated user to connect to the service and trigger an error causing a local denial of service.

Microsoft Denial Of Service Debian Openvpn Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-53841 HIGH PATCH This Week

The GC-AGENTS-SERVICE running as part of Akamai´s Guardicore Platform Agent for Windows versions prior to v49.20.1, v50.15.0, v51.12.0, v52.2.0 is affected by a local privilege escalation vulnerability. The service will attempt to read an OpenSSL configuration file from a non-existent location that standard Windows users have default write access to. This allows an unprivileged local user to create a crafted "openssl.cnf" file in that location and, by specifying the path to a custom DLL file in a custom OpenSSL engine definition, execute arbitrary commands with the privileges of the Guardicore Agent process. Since Guardicore Agent runs with SYSTEM privileges, this permits an unprivileged user to fully elevate privileges to SYSTEM level in this manner.

Microsoft Privilege Escalation OpenSSL Windows
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-29864 MEDIUM PATCH This Month

A security vulnerability in ESTsoft ALZip on Windows allows SmartScreen bypass (CVSS 6.2). Remediation should follow standard vulnerability management procedures.

Microsoft Authentication Bypass Windows
NVD
CVSS 4.0
6.2
EPSS
0.0%
CVE-2025-66476 HIGH PATCH This Week

Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious executables placed in the current working directory for the current edited file. On Windows, when using cmd.exe as a shell, Vim resolves external commands by searching the current working directory before system paths. When Vim invokes tools such as findstr for :grep, external commands or filters via :!, or compiler/:make commands, it may inadvertently run a malicious executable present in the same directory as the file being edited. The issue affects Vim for Windows prior to version 9.1.1947.

Information Disclosure Microsoft Ubuntu Debian Vim +2
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-64298 HIGH PATCH This Week

NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are exposed in the Windows share accessed by clients in networked installs. By default, this directory has insecure directory paths that allow access to the SQL Server database and configuration files, which can contain sensitive data.

Information Disclosure Microsoft Windows
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-62575 HIGH PATCH This Week

NMIS/BioDose V22.02 and previous versions rely on a Microsoft SQL Server database. The SQL user account 'nmdbuser' and other created accounts by default have the sysadmin role. This can lead to remote code execution through the use of certain built-in stored procedures.

RCE Microsoft
NVD
CVSS 3.1
8.3
EPSS
0.3%
CVE-2025-61940 HIGH PATCH This Week

CVE-2025-61940 is a security vulnerability (CVSS 8.3). High severity vulnerability requiring prompt remediation.

Information Disclosure Microsoft Windows
NVD
CVSS 3.1
8.3
EPSS
0.1%
CVE-2025-34352 HIGH PATCH This Week

JumpCloud Remote Assist for Windows versions prior to 0.317.0 include an uninstaller that is invoked by the JumpCloud Windows Agent as NT AUTHORITY\SYSTEM during agent uninstall or update operations. The Remote Assist uninstaller performs privileged create, write, execute, and delete actions on predictable files inside a user-writable %TEMP% subdirectory without validating that the directory is trusted or resetting its ACLs when it already exists. A local, low-privileged attacker can pre-create the directory with weak permissions and leverage mount-point or symbolic-link redirection to (a) coerce arbitrary file writes to protected locations, leading to denial of service (e.g., by overwriting sensitive system files), or (b) win a race to redirect DeleteFileW() to attacker-chosen targets, enabling arbitrary file or folder deletion and local privilege escalation to SYSTEM. This issue is fixed in JumpCloud Remote Assist 0.317.0 and affects Windows systems where Remote Assist is installed and managed through the Agent lifecycle.

Privilege Escalation Denial Of Service Microsoft Windows
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-13634 MEDIUM PATCH This Month

Inappropriate implementation in Downloads in Google Chrome on Windows prior to 143.0.7499.41 allowed a local attacker to bypass mark of the web via a crafted HTML page. (Chromium security severity: Medium)

Google Authentication Bypass Microsoft Ubuntu Debian +3
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-7007 HIGH POC This Week

NULL Pointer Dereference vulnerability in Avast Antivirus on MacOS, Avast Anitvirus on Linux when scanning a malformed Windows PE file causes the antivirus process to crash.This issue affects Antivirus: 16.0.0; Anitvirus: 3.0.3.

Microsoft Denial Of Service Null Pointer Dereference Apple Windows +1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-3500 CRITICAL PATCH Act Now

Integer Overflow or Wraparound vulnerability in Avast Antivirus (25.1.981.6) on Windows allows Privilege Escalation.This issue affects Antivirus: from 25.1.981.6 before 25.3.

Privilege Escalation Integer Overflow Microsoft Antivirus Windows
NVD
CVSS 3.1
9.0
EPSS
0.0%
CVE-2025-66221 PyPI MEDIUM PATCH This Month

Werkzeug is a comprehensive WSGI web application library. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Microsoft Werkzeug Windows Red Hat +1
NVD GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2025-13683 MEDIUM This Month

Exposure of credentials in unintended requests in Devolutions Server, Remote Desktop Manager on Windows.3.8.0; Remote Desktop Manager: through 2025.3.23.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Devolutions Server Remote Desktop Manager Windows
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-11156 MEDIUM This Month

Netskope was notified about a potential gap in its agent (NS Client) on Windows systems. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Microsoft Windows
NVD
CVSS 4.0
5.9
EPSS
0.0%
CVE-2025-64313 MEDIUM This Month

Denial of service (DoS) vulnerability in the office service. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Race Condition Microsoft Harmonyos
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-12421 Go CRITICAL PATCH Act Now

Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to to verify that the token used during the code exchange originates from the same authentication. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Mattermost Server Suse
NVD
CVSS 3.1
9.9
EPSS
0.1%
CVE-2025-30190 MEDIUM This Month

Malicious content at office documents can be used to inject script code when editing a document. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-26155 CRITICAL POC Act Now

NCP Secure Enterprise Client 13.18 and NCP Secure Entry Windows Client 13.19 have an Untrusted Search Path vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Ncp Secure Entry Client Secure Enterprise Client Windows
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-64657 CRITICAL Act Now

Stack-based buffer overflow in Azure Application Gateway allows an unauthorized attacker to elevate privileges over a network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Microsoft Azure Application Gateway
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-34350 HIGH This Week

UnForm Server versions < 10.1.15 contain an unauthenticated arbitrary file read and SMB coercion vulnerability in the Doc Flow feature’s 'arc' endpoint. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Microsoft Windows
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2025-64693 CRITICAL Act Now

Security Point (Windows) of MaLion and MaLionCloud contains a heap-based buffer overflow vulnerability in processing Content-Length. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Microsoft Heap Overflow Windows
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2025-62691 CRITICAL Act Now

Security Point (Windows) of MaLion and MaLionCloud contains a stack-based buffer overflow vulnerability in processing HTTP headers. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow RCE Buffer Overflow Microsoft Windows
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2025-59485 MEDIUM This Month

Incorrect default permissions issue exists in Security Point (Windows) of MaLion prior to Ver.5.3.4. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Privilege Escalation Windows
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-12893 LOW Monitor

Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usage (EKU) requirements. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Microsoft Information Disclosure MongoDB Windows
NVD
CVSS 4.0
2.3
EPSS
0.0%
CVE-2024-47856 CRITICAL Act Now

In RSA Authentication Agent before 7.4.7, service paths and shortcut paths may be vulnerable to path interception if the path has one or more spaces and is not surrounded by quotation marks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Authentication Agent For Windows Windows
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-65947 Cargo HIGH PATCH This Month

thread-amount is a tool that gets the amount of threads in the current process. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Microsoft Windows
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-13524 MEDIUM This Month

Improper resource release in the call termination process in AWS Wickr before version 6.62.13 on Windows, macOS and Linux may allow a call participant to continue receiving audio input from another. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Microsoft Information Disclosure Windows macOS
NVD
CVSS 4.0
6.8
EPSS
0.1%
CVE-2025-12881 MEDIUM This Month

The Return Refund and Exchange For WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.5.5 via the wps_rma_fetch_order_msgs(). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Microsoft Authentication Bypass PHP
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-12086 MEDIUM Monitor

The Return Refund and Exchange For WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.5.5 via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Microsoft Authentication Bypass PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-64695 HIGH This Month

Uncontrolled search path element issue exists in the installer of LogStare Collector (for Windows). Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Logstare Collector Windows
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2025-62459 HIGH This Month

Microsoft Defender Portal Spoofing Vulnerability. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS 365 Defender Portal
NVD
CVSS 3.1
8.3
EPSS
0.1%
CVE-2025-62207 HIGH This Month

Azure Monitor Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft SSRF Azure Monitor
NVD
CVSS 3.1
8.6
EPSS
0.2%
CVE-2025-59245 CRITICAL This Week

Microsoft SharePoint Online Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Microsoft Sharepoint Online
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2025-49752 CRITICAL This Week

Azure Bastion Elevation of Privilege Vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Azure Bastion Developer
NVD
CVSS 3.1
10.0
EPSS
0.1%
CVE-2025-13433 HIGH This Month

A security flaw has been discovered in Muse Group MuseHub 2.1.0.1567. Rated high severity (CVSS 7.3). No vendor patch available.

Information Disclosure Microsoft Windows
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-65089 Maven MEDIUM PATCH This Month

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian Microsoft Authentication Bypass Pro Macros
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-13316 HIGH POC THREAT Act Now

Twonky Server 8.5.2 uses hard-coded cryptographic keys for encrypting the administrator password. Combined with the credential exposure vulnerability (CVE-2025-13315), this allows attackers to decrypt the admin password from the leaked log file and gain full administrative control of the media server.

Information Disclosure Microsoft Twonky Server Windows
NVD
CVSS 4.0
8.2
EPSS
72.7%
Threat
5.3
CVE-2025-13315 CRITICAL POC THREAT Emergency

Twonky Server 8.5.2 on Linux and Windows allows unauthenticated access to the admin log file through a web service API bypass. The exposed log contains the administrator's username and encrypted password, which can be decrypted using hard-coded keys (CVE-2025-13316) to gain full administrative control.

Information Disclosure Microsoft Twonky Server Windows
NVD
CVSS 4.0
9.3
EPSS
82.4%
Threat
5.8
CVE-2025-34332 HIGH POC This Week

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component that controls back-end Windows services using helper batch scripts. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP Microsoft Privilege Escalation Fax Server Interactive Voice Response +2
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-34329 CRITICAL POC Act Now

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 expose an unauthenticated backup upload endpoint at AudioCodes_files/ajaxBackupUploadFile.php in the. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Microsoft Fax Server Interactive Voice Response +2
NVD
CVSS 4.0
9.3
EPSS
3.1%
CVE-2025-34328 CRITICAL POC Act Now

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component (F2MAdmin) that exposes an unauthenticated script-management. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Microsoft Fax Server Interactive Voice Response +2
NVD
CVSS 4.0
9.3
EPSS
0.6%
CVE-2025-13396 LOW POC Monitor

A weakness has been identified in code-projects Courier Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Microsoft
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-10703 HIGH This Month

Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Oracle Apache Google SAP +5
NVD
CVSS 4.0
8.6
EPSS
0.4%
CVE-2025-10702 HIGH This Month

Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Oracle Apache Google SAP +4
NVD
CVSS 4.0
8.6
EPSS
0.4%
CVE-2025-47761 HIGH This Month

An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.9 may allow an. Rated high severity (CVSS 7.8). No vendor patch available.

Fortinet Microsoft Authentication Bypass Forticlient Windows
NVD
CVSS 3.1
7.8
EPSS
0.0%
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Information disclosure in Windows File Explorer enables local authenticated users to read sensitive data on affected Windows systems including Windows 10 and Windows Server 2025. An attacker with valid local credentials can exploit this vulnerability to access confidential information without requiring user interaction. No patch is currently available for this issue.

Windows Windows Server 2025 Windows 10 22h2 +11
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Privilege escalation in Microsoft Graphics Component on Windows 11 25h2 and Windows Server 2019 exploits a use-after-free condition, enabling authenticated local attackers to gain elevated system privileges. The vulnerability requires moderate complexity to exploit and affects confidentiality, integrity, and availability of affected systems. No patch is currently available.

Microsoft Industrial Use After Free +12
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Windows RPC implementation leaks sensitive information to local attackers on Windows 10, Windows 11, and Windows Server 2022. An unauthenticated local attacker can exploit this information disclosure vulnerability without user interaction to access confidential data. No patch is currently available for this medium-severity vulnerability.

Windows Windows 11 25h2 Windows 10 1809 +13
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Heap buffer overflow in Windows Common Log File System Driver (affecting Windows 10 1607, Server 2016, and Server 2022 23h2) enables authenticated local users to achieve complete system compromise through privilege escalation. The vulnerability requires valid credentials but no user interaction, making it a direct path to administrative control for insiders or attackers with initial access. No patch is currently available, leaving affected systems at elevated risk pending remediation.

Windows Buffer Overflow Heap Overflow +15
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Improper pointer validation in Windows VBS Enclave allows authenticated local users to read sensitive information on Windows 11 systems across multiple versions. An attacker with local access and valid credentials can exploit this memory safety flaw to bypass enclave protections and disclose confidential data. No patch is currently available.

Windows Windows 11 25h2 Windows 11 23h2 +2
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Windows Kernel inadvertently logs sensitive information to accessible log files, enabling local attackers to read confidential data on affected Windows and Linux systems. This information disclosure vulnerability requires no privileges or user interaction to exploit and impacts Windows Server 2016, 2022, and 2025 along with standard Windows installations. No patch is currently available for this medium-severity issue.

Linux Windows Windows Server 2016 +5
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Windows Error Reporting on Windows 10, Windows 11, and Windows Server 2022 fails to properly validate user privileges, enabling local authenticated users to escalate to system-level access. An attacker with valid credentials can exploit this permission handling flaw to gain full control over the affected system. Currently no patch is available for this high-severity vulnerability (CVSS 7.8).

Microsoft Information Disclosure
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Windows Installer contains a time-of-check time-of-use race condition that allows authenticated local attackers to escalate privileges on Windows 10 1809, Windows 11 25h2, and Windows Server 2022 23h2. An attacker with local access can exploit the window between permission validation and file operation execution to gain elevated system access. No patch is currently available for this vulnerability.

Windows Race Condition Windows 11 25h2 +14
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Privilege escalation in Windows 11 and Windows Server 2025 Capability Access Management Service stems from improper synchronization of shared resources, enabling a local authenticated attacker to gain elevated privileges. The vulnerability exploits a race condition that can be triggered without user interaction, though successful exploitation requires specific timing and system conditions. No patch is currently available for this high-severity issue.

Race Condition Windows 11 25h2 Windows 11 24h2 +2
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Privilege escalation in the Graphics Kernel affects Linux, Windows Server 2016, and Windows 10 1607 through a race condition in shared resource synchronization. A local authenticated attacker can exploit this vulnerability to gain elevated privileges on the affected system. No patch is currently available for this vulnerability.

Linux Industrial Race Condition +13
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Windows LDAP input validation bypass in Windows 10 21H2, Windows 11 24H2, and Windows Server 2022 23H2 enables authenticated network attackers to modify data integrity without detection. The vulnerability requires valid credentials and network access but does not provide elevation of privilege or confidentiality breaches. No patch is currently available for this medium-severity issue.

Windows LDAP Windows 10 21h2 +12
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in Windows Win32K (ICOMP) via type confusion allows authenticated users to gain system-level access on Windows 11 and Windows Server 2025. The vulnerability affects multiple recent Windows versions with no available patch, requiring immediate mitigation strategies for at-risk environments. Exploitation requires local access but no user interaction, making it a significant risk for multi-user systems.

Windows Windows Server 2025 Windows 11 23h2 +5
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The Windows Ancillary Function Driver for WinSock contains an improper memory deallocation vulnerability (CWE-590) that allows authenticated local attackers to achieve privilege escalation on affected Windows 10 and Windows Server 2019 systems. An attacker with local user privileges can exploit this flaw to gain SYSTEM-level access without user interaction. No patch is currently available for this vulnerability.

Windows Windows Server 2019 Windows 10 21h2 +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Privilege escalation in Windows Kernel Memory affects Windows 10 21h2 and Windows Server 2022 23h2, exploitable by local authenticated users through a race condition between permission checks and memory access. An attacker with local access can leverage this window to gain elevated system privileges. No patch is currently available.

Linux Windows Race Condition +14
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Privilege escalation in Windows Printer Association Object affects Windows 11 and Windows Server 2022/2025 through a race condition in shared resource access. An authenticated local attacker can exploit improper synchronization to gain elevated system privileges. No patch is currently available for this vulnerability.

Race Condition Windows Server 2025 Windows 11 25h2 +3
NVD
EPSS 5% CVSS 5.5
MEDIUM KEV PATCH THREAT Act Now

Desktop Windows Manager on Windows 10, Windows 11, and Windows Server 2022 leaks sensitive information to local authenticated users, enabling disclosure of confidential data without modifying or disrupting system functionality. This vulnerability is confirmed actively exploited and affects multiple Windows versions with no patch currently available. An authorized attacker can exploit this with minimal complexity to extract sensitive information from the system.

Windows Windows 11 23h2 Windows Server 2022 23h2 +12
NVD VulDB
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Windows Hello privilege elevation flaw in Windows 10 21h2, Windows Server 2019, 2022, and 2022 23h2 enables local attackers to modify system data without authorization. The vulnerability stems from improper privilege assignment that bypasses access controls, allowing an unauthenticated attacker with local access to tamper with protected resources. Currently no patch is available and exploitation requires only local access with no special conditions or user interaction.

Windows Windows Server 2022 23h2 Windows Server 2022 +11
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Windows Deployment Services contains improper access control that enables unauthenticated attackers on an adjacent network to execute arbitrary code with high privileges on affected Windows and Windows Server systems. The vulnerability affects multiple Windows versions including Server 2012, 2019, and 2022 variants, with no patch currently available. An adjacent network attacker requires only network proximity to exploit this vulnerability, making lateral movement within networked environments a significant risk.

Windows Windows Server 2019 Windows Server 2022 23h2 +6
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an authorized attacker to perform spoofing over a network. [CVSS 5.5 MEDIUM]

Microsoft Android Edge
NVD
EPSS 0% CVSS 7.2
HIGH POC PATCH This Week

Missing Origin/Host header validation in Microsoft's Playwright MCP Server (versions before 0.0.40) lets a remote web page reach a developer's locally bound MCP HTTP endpoint through a DNS rebinding attack, causing unauthorized invocation of MCP tool endpoints that drive an automated browser. Publicly available exploit code exists (a proof-of-concept gist and a VulnCheck advisory), though the flaw is not listed in CISA KEV and EPSS probability is low (0.25%, 48th percentile). Exploitation requires that a victim with the server running visit an attacker-controlled page, so this is opportunistic rather than mass-scannable.

Microsoft Authentication Bypass
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL POC Act Now

Protection-mechanism bypass in BlueMail 1.140.103 and earlier on Windows lets attackers deliver files that are saved via the attachment-interaction feature without a Mark-of-the-Web (MOTW) tag, defeating Windows SmartScreen, Office Protected View, and third-party security software that rely on the MOTW zone identifier. Publicly available exploit code exists; the flaw is not listed in CISA KEV and EPSS is low (0.48%, 38th percentile), indicating no confirmed widespread exploitation yet. The practical effect is that a malicious document or executable arriving by email loses the 'downloaded from the Internet' provenance that would normally trigger a warning or block.

Authentication Bypass Microsoft Bluemail
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL POC Act Now

Protection-mechanism bypass in Canary Mail 5.1.40 and earlier on Windows lets attacker-supplied email attachments be written to disk without the Mark-of-the-Web (MOTW) NTFS tag, so files that reach a victim through the mail client are treated as trusted local content rather than internet-originated. This defeats SmartScreen, Office Protected View, and other MOTW-aware defenses in Windows and third-party software, materially easing malware delivery. Publicly available exploit code exists; the issue is not listed in CISA KEV and EPSS is low (0.48%, 38th percentile), indicating no evidence of widespread active exploitation.

Authentication Bypass Microsoft Canary Mail
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM This Month

Spoofing via UI misrepresentation in Microsoft Exchange Server 2016 and Exchange Server Subscription Edition allows unauthenticated network attackers to falsify critical sender or authentication information as rendered by the Exchange interface. Rooted in CWE-451 (UI Misrepresentation of Critical Information), the flaw enables an attacker to craft messages or interactions that Exchange presents deceptively, undermining trust signals recipients rely upon to distinguish legitimate from malicious communications. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog; however, the PR:N/AC:L vector means exploitation requires no credentials and minimal attacker sophistication.

Microsoft Authentication Bypass Exchange Server +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Privilege escalation in Microsoft Exchange Server 2016 (and Subscription Edition per vendor tagging) allows an authenticated attacker on the network to elevate privileges through improper input validation (CWE-20). The flaw carries a CVSS 7.5 score with high impact to confidentiality, integrity, and availability, though attack complexity is rated High. No public exploit identified at time of analysis.

Microsoft Information Disclosure Exchange Server +1
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Local code execution in Microsoft Office (365 Apps, Office 2016/2019, and Office LTSC 2021 across Windows, macOS, and Android) stems from a use-after-free memory corruption flaw tracked as CVE-2025-62557. An attacker who entices a user to open a crafted document can achieve arbitrary code execution with the privileges of the current user, with no public exploit identified at time of analysis. The CVSS 8.4 rating reflects high impact across confidentiality, integrity, and availability despite the local attack vector.

Memory Corruption Microsoft Denial Of Service +4
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Local code execution in Microsoft Office (365 Apps, Office 2016/2019, Office LTSC 2021, and Office for Android/macOS) stems from a type confusion flaw (CWE-843) that lets an attacker run arbitrary code in the context of the current user. Despite PR:N/UI:N in the CVSS vector, the AV:L attack vector means the attacker must deliver a malicious document to be opened on the target host. No public exploit has been identified at time of analysis and the CVE is not on the CISA KEV list.

Memory Corruption Microsoft Authentication Bypass +3
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A remote code execution vulnerability (CVSS 6.7). Remediation should follow standard vulnerability management procedures.

Microsoft RCE Windows
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.

Microsoft Denial Of Service
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.

Microsoft Denial Of Service
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.

Microsoft Denial Of Service
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.

Microsoft Denial Of Service
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A security flaw has been discovered in code-projects Currency Exchange System 1.0. The affected element is an unknown function of the file /editotheraccount.php. Performing manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited.

Microsoft PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was identified in code-projects Currency Exchange System 1.0. Impacted is an unknown function of the file /edittrns.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.

Microsoft PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was determined in code-projects Currency Exchange System 1.0. This issue affects some unknown processing of the file /viewserial.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.

Microsoft PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in code-projects Currency Exchange System 1.0. This vulnerability affects unknown code of the file /edit.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.

Microsoft PHP SQLi
NVD GitHub VulDB
EPSS 0%
POC PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in proc_readdir_de() Pde is erased from subdir rbtree through rb_erase(), but not set the node to EMPTY, which may result in uaf access. We should use RB_CLEAR_NODE() set the erased node to EMPTY, then pde_subdir_next() will return NULL to avoid uaf access. We found an uaf issue while using stress-ng testing, need to run testcase getdent and tun in the same time. The steps of the issue is as follows: 1) use getdent to traverse dir /proc/pid/net/dev_snmp6/, and current pde is tun3; 2) in the [time windows] unregister netdevice tun3 and tun2, and erase them from rbtree. erase tun3 first, and then erase tun2. the pde(tun2) will be released to slab; 3) continue to getdent process, then pde_subdir_next() will return pde(tun2) which is released, it will case uaf access. CPU 0 | CPU 1 ------------------------------------------------------------------------- traverse dir /proc/pid/net/dev_snmp6/ | unregister_netdevice(tun->dev) //tun3 tun2 sys_getdents64() | iterate_dir() | proc_readdir() | proc_readdir_de() | snmp6_unregister_dev() pde_get(de); | proc_remove() read_unlock(&proc_subdir_lock); | remove_proc_subtree() | write_lock(&proc_subdir_lock); [time window] | rb_erase(&root->subdir_node, &parent->subdir); | write_unlock(&proc_subdir_lock); read_lock(&proc_subdir_lock); | next = pde_subdir_next(de); | pde_put(de); | de = next; //UAF | rbtree of dev_snmp6 | pde(tun3) / \ NULL pde(tun2)

Microsoft Information Disclosure Linux +4
NVD Exploit-DB VulDB
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Server-Side Request Forgery (SSRF) vulnerability  in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off  allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes the issue.

Microsoft Apache SSRF +7
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

A security vulnerability in the KDE Connect information-exchange protocol (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Microsoft Information Disclosure Google +4
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network.

Microsoft Authentication Bypass Apple +2
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

The WatchGuard Mobile VPN with SSL Client on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM on the Windows machine where the VPN Client is installed.This issue affects the Mobile VPN with SSL Client 12.0 up to and including 12.11.2.

Microsoft Command Injection Windows
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A memory corruption vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker to trigger a Denial of Service (DoS) condition in the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer. This vulnerability affects Fireware OS 12.6.1 up to and including 12.11.4 and 2025.1 up to and including 2025.1.2.

Microsoft Buffer Overflow Denial Of Service +1
NVD
EPSS 0% CVSS 8.5
HIGH POC PATCH This Week

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a Server-Side Request Forgery (SSRF) vulnerability in Open WebUI allows any authenticated user to force the server to make HTTP requests to arbitrary URLs. This can be exploited to access cloud metadata endpoints (AWS/GCP/Azure), scan internal networks, access internal services behind firewalls, and exfiltrate sensitive information. No special permissions beyond basic authentication are required. This vulnerability is fixed in 0.6.37.

Microsoft SSRF Open Webui
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the <img> tag could cause an application to become unresponsive. This issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0.

Microsoft Apple Google +6
NVD
EPSS 0% CVSS 8.0
HIGH PATCH This Week

In Splunk Universal Forwarder for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory. This lets non-administrator users on the machine access the directory and all its contents.

Microsoft Information Disclosure Splunk +1
NVD
EPSS 0% CVSS 8.0
HIGH PATCH This Week

In Splunk Enterprise for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Splunk Enterprise for Windows Installation directory. This lets non-administrator users on the machine access the directory and all its contents.

Microsoft Information Disclosure Splunk +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Interactive service agent in OpenVPN version 2.5.0 through 2.6.16 and 2.7_alpha1 through 2.7_rc2 on Windows allows a local authenticated user to connect to the service and trigger an error causing a local denial of service.

Microsoft Denial Of Service Debian +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The GC-AGENTS-SERVICE running as part of Akamai´s Guardicore Platform Agent for Windows versions prior to v49.20.1, v50.15.0, v51.12.0, v52.2.0 is affected by a local privilege escalation vulnerability. The service will attempt to read an OpenSSL configuration file from a non-existent location that standard Windows users have default write access to. This allows an unprivileged local user to create a crafted "openssl.cnf" file in that location and, by specifying the path to a custom DLL file in a custom OpenSSL engine definition, execute arbitrary commands with the privileges of the Guardicore Agent process. Since Guardicore Agent runs with SYSTEM privileges, this permits an unprivileged user to fully elevate privileges to SYSTEM level in this manner.

Microsoft Privilege Escalation OpenSSL +1
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

A security vulnerability in ESTsoft ALZip on Windows allows SmartScreen bypass (CVSS 6.2). Remediation should follow standard vulnerability management procedures.

Microsoft Authentication Bypass Windows
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious executables placed in the current working directory for the current edited file. On Windows, when using cmd.exe as a shell, Vim resolves external commands by searching the current working directory before system paths. When Vim invokes tools such as findstr for :grep, external commands or filters via :!, or compiler/:make commands, it may inadvertently run a malicious executable present in the same directory as the file being edited. The issue affects Vim for Windows prior to version 9.1.1947.

Information Disclosure Microsoft Ubuntu +4
NVD GitHub
EPSS 0% CVSS 8.4
HIGH PATCH This Week

NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are exposed in the Windows share accessed by clients in networked installs. By default, this directory has insecure directory paths that allow access to the SQL Server database and configuration files, which can contain sensitive data.

Information Disclosure Microsoft Windows
NVD
EPSS 0% CVSS 8.3
HIGH PATCH This Week

NMIS/BioDose V22.02 and previous versions rely on a Microsoft SQL Server database. The SQL user account 'nmdbuser' and other created accounts by default have the sysadmin role. This can lead to remote code execution through the use of certain built-in stored procedures.

RCE Microsoft
NVD
EPSS 0% CVSS 8.3
HIGH PATCH This Week

CVE-2025-61940 is a security vulnerability (CVSS 8.3). High severity vulnerability requiring prompt remediation.

Information Disclosure Microsoft Windows
NVD
EPSS 0% CVSS 8.5
HIGH PATCH This Week

JumpCloud Remote Assist for Windows versions prior to 0.317.0 include an uninstaller that is invoked by the JumpCloud Windows Agent as NT AUTHORITY\SYSTEM during agent uninstall or update operations. The Remote Assist uninstaller performs privileged create, write, execute, and delete actions on predictable files inside a user-writable %TEMP% subdirectory without validating that the directory is trusted or resetting its ACLs when it already exists. A local, low-privileged attacker can pre-create the directory with weak permissions and leverage mount-point or symbolic-link redirection to (a) coerce arbitrary file writes to protected locations, leading to denial of service (e.g., by overwriting sensitive system files), or (b) win a race to redirect DeleteFileW() to attacker-chosen targets, enabling arbitrary file or folder deletion and local privilege escalation to SYSTEM. This issue is fixed in JumpCloud Remote Assist 0.317.0 and affects Windows systems where Remote Assist is installed and managed through the Agent lifecycle.

Privilege Escalation Denial Of Service Microsoft +1
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

Inappropriate implementation in Downloads in Google Chrome on Windows prior to 143.0.7499.41 allowed a local attacker to bypass mark of the web via a crafted HTML page. (Chromium security severity: Medium)

Google Authentication Bypass Microsoft +5
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

NULL Pointer Dereference vulnerability in Avast Antivirus on MacOS, Avast Anitvirus on Linux when scanning a malformed Windows PE file causes the antivirus process to crash.This issue affects Antivirus: 16.0.0; Anitvirus: 3.0.3.

Microsoft Denial Of Service Null Pointer Dereference +3
NVD GitHub
EPSS 0% CVSS 9.0
CRITICAL PATCH Act Now

Integer Overflow or Wraparound vulnerability in Avast Antivirus (25.1.981.6) on Windows allows Privilege Escalation.This issue affects Antivirus: from 25.1.981.6 before 25.3.

Privilege Escalation Integer Overflow Microsoft +2
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Werkzeug is a comprehensive WSGI web application library. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Microsoft Werkzeug +3
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Exposure of credentials in unintended requests in Devolutions Server, Remote Desktop Manager on Windows.3.8.0; Remote Desktop Manager: through 2025.3.23.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Devolutions Server +2
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Netskope was notified about a potential gap in its agent (NS Client) on Windows systems. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Microsoft +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Denial of service (DoS) vulnerability in the office service. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Race Condition Microsoft +1
NVD
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to to verify that the token used during the code exchange originates from the same authentication. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Mattermost Server +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Malicious content at office documents can be used to inject script code when editing a document. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

NCP Secure Enterprise Client 13.18 and NCP Secure Entry Windows Client 13.19 have an Untrusted Search Path vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Ncp Secure Entry Client +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Stack-based buffer overflow in Azure Application Gateway allows an unauthorized attacker to elevate privileges over a network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Microsoft +1
NVD
EPSS 0% CVSS 8.7
HIGH This Week

UnForm Server versions < 10.1.15 contain an unauthenticated arbitrary file read and SMB coercion vulnerability in the Doc Flow feature’s 'arc' endpoint. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Microsoft +1
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Security Point (Windows) of MaLion and MaLionCloud contains a heap-based buffer overflow vulnerability in processing Content-Length. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Microsoft +2
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Security Point (Windows) of MaLion and MaLionCloud contains a stack-based buffer overflow vulnerability in processing HTTP headers. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow RCE Buffer Overflow +2
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Incorrect default permissions issue exists in Security Point (Windows) of MaLion prior to Ver.5.3.4. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Privilege Escalation +1
NVD
EPSS 0% CVSS 2.3
LOW Monitor

Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usage (EKU) requirements. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Microsoft Information Disclosure +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In RSA Authentication Agent before 7.4.7, service paths and shortcut paths may be vulnerable to path interception if the path has one or more spaces and is not surrounded by quotation marks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Authentication Agent For Windows +1
NVD
EPSS 0% CVSS 8.7
HIGH PATCH This Month

thread-amount is a tool that gets the amount of threads in the current process. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Microsoft +1
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM This Month

Improper resource release in the call termination process in AWS Wickr before version 6.62.13 on Windows, macOS and Linux may allow a call participant to continue receiving audio input from another. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Microsoft Information Disclosure +2
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

The Return Refund and Exchange For WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.5.5 via the wps_rma_fetch_order_msgs(). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Microsoft Authentication Bypass +1
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

The Return Refund and Exchange For WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.5.5 via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Microsoft Authentication Bypass +1
NVD
EPSS 0% CVSS 8.4
HIGH This Month

Uncontrolled search path element issue exists in the installer of LogStare Collector (for Windows). Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Logstare Collector +1
NVD
EPSS 0% CVSS 8.3
HIGH This Month

Microsoft Defender Portal Spoofing Vulnerability. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS 365 Defender Portal
NVD
EPSS 0% CVSS 8.6
HIGH This Month

Azure Monitor Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft SSRF Azure Monitor
NVD
EPSS 1% CVSS 9.8
CRITICAL This Week

Microsoft SharePoint Online Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Microsoft Sharepoint Online
NVD
EPSS 0% CVSS 10.0
CRITICAL This Week

Azure Bastion Elevation of Privilege Vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Azure Bastion Developer
NVD
EPSS 0% CVSS 7.3
HIGH This Month

A security flaw has been discovered in Muse Group MuseHub 2.1.0.1567. Rated high severity (CVSS 7.3). No vendor patch available.

Information Disclosure Microsoft Windows
NVD GitHub VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian Microsoft Authentication Bypass +1
NVD GitHub
EPSS 73% 5.3 CVSS 8.2
HIGH POC THREAT Act Now

Twonky Server 8.5.2 uses hard-coded cryptographic keys for encrypting the administrator password. Combined with the credential exposure vulnerability (CVE-2025-13315), this allows attackers to decrypt the admin password from the leaked log file and gain full administrative control of the media server.

Information Disclosure Microsoft Twonky Server +1
NVD
EPSS 82% 5.8 CVSS 9.3
CRITICAL POC THREAT Emergency

Twonky Server 8.5.2 on Linux and Windows allows unauthenticated access to the admin log file through a web service API bypass. The exposed log contains the administrator's username and encrypted password, which can be decrypted using hard-coded keys (CVE-2025-13316) to gain full administrative control.

Information Disclosure Microsoft Twonky Server +1
NVD
EPSS 0% CVSS 8.5
HIGH POC This Week

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component that controls back-end Windows services using helper batch scripts. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP Microsoft Privilege Escalation +4
NVD
EPSS 3% CVSS 9.3
CRITICAL POC Act Now

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 expose an unauthenticated backup upload endpoint at AudioCodes_files/ajaxBackupUploadFile.php in the. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Microsoft +4
NVD
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component (F2MAdmin) that exposes an unauthenticated script-management. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Microsoft +4
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

A weakness has been identified in code-projects Courier Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Microsoft
NVD GitHub VulDB
EPSS 0% CVSS 8.6
HIGH This Month

Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Oracle Apache +7
NVD
EPSS 0% CVSS 8.6
HIGH This Month

Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Oracle Apache +6
NVD
EPSS 0% CVSS 7.8
HIGH This Month

An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.9 may allow an. Rated high severity (CVSS 7.8). No vendor patch available.

Fortinet Microsoft Authentication Bypass +2
NVD
Prev Page 25 of 193 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy