Skip to main content

Windows

1584 CVEs product

Monthly

CVE-2025-21245 HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-21244 HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Microsoft Integer Overflow RCE Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-21243 HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Microsoft Integer Overflow RCE Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-21242 MEDIUM PATCH This Month

Windows Kerberos Information Disclosure Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-21241 HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +13
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2025-21240 HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2025-21239 HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +13
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-21238 HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-21237 HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-21236 HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-21235 HIGH PATCH This Month

Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 21h2 Windows 10 22h2 Windows 11 22h2 +6
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-21234 HIGH PATCH This Month

Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 21h2 Windows 10 22h2 Windows 11 22h2 +6
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2025-21233 HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-21232 MEDIUM PATCH This Month

Windows Digital Media Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Microsoft Buffer Overflow Information Disclosure Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2025-21229 MEDIUM PATCH This Month

Windows Digital Media Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Microsoft Buffer Overflow Information Disclosure Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2025-21228 MEDIUM PATCH This Month

Windows Digital Media Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Microsoft Buffer Overflow Information Disclosure Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2025-21227 MEDIUM PATCH This Month

Windows Digital Media Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Microsoft Buffer Overflow Information Disclosure Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2025-21226 MEDIUM PATCH This Month

Windows Digital Media Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Microsoft Buffer Overflow Information Disclosure Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2025-21225 MEDIUM PATCH This Month

Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Microsoft Memory Corruption Denial Of Service Windows Server 2016 Windows Server 2019 +4
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2025-21224 HIGH PATCH This Month

Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Microsoft Memory Corruption Use After Free RCE Windows 10 21h2 +8
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-21223 HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-21218 HIGH PATCH This Month

Windows Kerberos Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Microsoft Denial Of Service Windows Server 2012 Windows Server 2016 Windows Server 2019 +4
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2025-21217 MEDIUM PATCH This Month

Windows NTLM Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2025-21214 MEDIUM PATCH Monitor

Windows BitLocker Information Disclosure Vulnerability. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
4.2
EPSS
0.2%
CVE-2025-21210 MEDIUM PATCH Monitor

Windows BitLocker Information Disclosure Vulnerability. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
4.2
EPSS
0.2%
CVE-2025-21207 HIGH PATCH This Month

Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Microsoft Denial Of Service Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +8
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2025-21202 MEDIUM PATCH This Month

Windows Recovery Environment Agent Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity.

Microsoft Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-0459 MEDIUM Monitor

A vulnerability, which was classified as problematic, has been found in libretro RetroArch up to 1.19.1 on Windows. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Suse
NVD VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2024-50564 LOW Monitor

A use of hard-coded cryptographic key in Fortinet FortiClientWindows version 7.4.0, 7.2.x all versions, 7.0.x all versions, and 6.4.x all versions may allow a low-privileged user to decrypt. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fortinet Forticlient Windows
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2025-0069 HIGH This Month

Due to DLL injection vulnerability in SAPSetup, an attacker with either local user privileges or with access to a compromised corporate user�s Windows account could gain higher privileges. Rated high severity (CVSS 7.8). No vendor patch available.

Microsoft Code Injection Windows
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-0055 MEDIUM This Month

SAP GUI for Windows stores user input on the client PC to improve usability. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Microsoft SAP Information Disclosure Windows
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2024-40679 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file under specific. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure Db2 Windows
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-56765 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/vas: Add close() callback in vas_vm_ops struct The mapping VMA address is saved in VAS window struct when the paste. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free IBM Information Disclosure Memory Corruption Linux +4
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-9950 HIGH This Month

A vulnerability in Forescout SecureConnector v11.3.07.0109 on Windows allows unauthenticated user to modify compliance scripts due to insecure temporary directory. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Secureconnector Windows
NVD
CVSS 4.0
8.5
EPSS
1.8%
CVE-2024-56414 MEDIUM This Month

Web installer integrity check used weak hash algorithm. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2024-56413 MEDIUM This Month

Missing session invalidation after user deletion. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2024-55543 HIGH This Month

Local privilege escalation due to DLL hijacking vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Cyber Protect Windows
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-55542 MEDIUM Monitor

Local privilege escalation due to excessive permissions assigned to Tray Monitor service. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Apple Windows macOS
NVD
CVSS 3.0
4.4
EPSS
0.1%
CVE-2024-55541 MEDIUM This Month

Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS Cyber Protect Windows
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-55540 HIGH This Month

Local privilege escalation due to DLL hijacking vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Cyber Protect Windows
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-30088 HIGH POC KEV PATCH THREAT Act Now

Windows Kernel contains a TOCTOU race condition vulnerability allowing local privilege escalation, exploited by the OilRig (APT34/Iranian) group for government network compromise.

Windows
NVD GitHub
CVSS 3.1
7.0
EPSS
84.1%
CVE-2023-49647 HIGH This Week

Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Meeting Software Development Kit Video Software Development Kit Zoom +2
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2023-31036 HIGH POC This Week

NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where, when it is launched with the non-default command line option --model-control explicit, an attacker may use the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Microsoft Information Disclosure Nvidia Path Traversal +3
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-0454 MEDIUM This Month

ELAN Match-on-Chip FPR solution has design fault about potential risk of valid SID leakage and enumeration with spoof sensor. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Dell Microsoft Elan Match On Chip Fpr Solution Firmware Windows
NVD GitHub
CVSS 3.1
6.0
EPSS
0.0%
CVE-2023-40250 HIGH This Week

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Hancom HCell on Windows allows Overflow Buffers.0.0.893. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Hcell Windows
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-51750 MEDIUM This Month

ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Scalefusion Windows
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2023-51749 HIGH POC This Week

ScaleFusion 10.5.2 does not properly limit users to the Edge application because a search can be made from a tooltip. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Scalefusion Windows
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-50159 HIGH POC This Week

In ScaleFusion (Windows Desktop App) agent 10.5.2, Kiosk mode application restrictions can be bypassed allowing arbitrary code to be executed. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Microsoft Scalefusion Windows
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2024-22190 PyPI HIGH POC PATCH This Month

GitPython is a python library used to interact with Git repositories. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Python Gitpython Windows
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-50916 HIGH POC This Week

Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authentication via a crafted change from a local path to a UNC path. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Path Traversal Device Manager Windows
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2024-21320 MEDIUM POC PATCH THREAT This Week

Windows Themes Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 25.6%.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
25.6%
CVE-2024-21316 MEDIUM PATCH This Month

Windows Server Key Distribution Service Security Feature Bypass. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Authentication Bypass Windows 10 1607 Windows 10 1809 Windows 10 21h2 +8
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-21313 MEDIUM PATCH This Month

Windows TCP/IP Information Disclosure Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-21311 MEDIUM PATCH This Month

Windows Cryptographic Services Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-21310 HIGH PATCH This Month

Critical vulnerability in NETGEAR ProSAFE NMS300 network management system.

Microsoft Information Disclosure Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +6
NVD
CVSS 3.1
7.8
EPSS
4.1%
CVE-2024-21309 HIGH PATCH This Month

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Integer Overflow Microsoft Information Disclosure Windows 11 21H2 Windows 11 22h2 +4
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-20700 HIGH PATCH This Month

Windows Hyper-V Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.

Microsoft Race Condition RCE Windows 10 1809 Windows 10 21h2 +8
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-20699 MEDIUM PATCH This Month

Windows Hyper-V Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Denial Of Service Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +7
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-20698 HIGH PATCH This Month

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Epss exploitation probability 21.7%.

Integer Overflow Microsoft Information Disclosure Windows 10 1809 Windows 10 21h2 +8
NVD
CVSS 3.1
7.8
EPSS
21.7%
CVE-2024-20697 HIGH PATCH This Month

Windows libarchive Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Epss exploitation probability 49.4%.

Buffer Overflow RCE Heap Overflow Microsoft Windows 11 22h2 +3
NVD GitHub
CVSS 3.1
7.3
EPSS
49.4%
CVE-2024-20696 HIGH PATCH This Month

Windows libarchive Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Buffer Overflow RCE Heap Overflow Microsoft Windows 10 1809 +9
NVD GitHub
CVSS 3.1
7.3
EPSS
7.2%
CVE-2024-20694 MEDIUM PATCH This Month

Windows CoreMessaging Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Microsoft Information Disclosure Windows 10 1607 Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2024-20691 MEDIUM PATCH Monitor

Windows Themes Information Disclosure Vulnerability. Rated medium severity (CVSS 4.7). This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +12
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2024-20690 MEDIUM PATCH This Month

Windows Nearby Sharing Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +4
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-20682 HIGH PATCH This Month

Windows Cryptographic Services Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft RCE Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-20681 HIGH PATCH This Month

Windows Subsystem for Linux Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Microsoft Windows 10 21h2 +7
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-20680 MEDIUM PATCH This Month

Windows Message Queuing Client (MSMQC) Information Disclosure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
6.5
EPSS
3.4%
CVE-2024-20677 HIGH PATCH This Month

A security vulnerability exists in FBX that could lead to remote code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Heap Overflow Microsoft 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-20674 HIGH PATCH This Month

Windows Kerberos Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 16.0%.

Microsoft Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
8.8
EPSS
16.0%
CVE-2024-20663 MEDIUM PATCH This Month

Windows Message Queuing Client (MSMQC) Information Disclosure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
6.5
EPSS
3.7%
CVE-2024-20662 MEDIUM PATCH Monitor

Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption Information Disclosure Microsoft Windows Server 2008 Windows Server 2012 +5
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2024-20657 HIGH PATCH This Month

Windows Group Policy Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2024-20652 HIGH PATCH This Month

Windows HTML Platforms Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Microsoft Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
8.1
EPSS
3.1%
CVE-2023-51438 CRITICAL Act Now

A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions with maxView Storage Manager <. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Maxview Storage Manager Windows
NVD
CVSS 3.1
10.0
EPSS
0.4%
CVE-2023-47145 HIGH This Week

IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft IBM Privilege Escalation Db2 Windows
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2023-47039 HIGH PATCH This Week

A vulnerability was found in Perl. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow RCE Heap Overflow Microsoft Perl +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-38028 HIGH KEV PATCH THREAT Act Now

Windows Print Spooler allows local privilege escalation that was exploited by the Russian GRU's 'Forest Blizzard' (APT28) group using a custom tool called 'GooseEgg' for credential theft and lateral movement in government networks.

Windows
NVD VulDB
CVSS 3.1
7.8
EPSS
5.0%
CVE-2022-0280 HIGH This Week

A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary. Rated high severity (CVSS 7.0). No vendor patch available.

Denial Of Service Microsoft Windows
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2021-40444 HIGH POC KEV PATCH THREAT Act Now

Windows MSHTML component contains a remote code execution vulnerability that allows attackers to craft malicious ActiveX controls in Office documents, exploited as a zero-day in targeted attacks before the September 2021 patch.

Windows
NVD
CVSS 3.1
8.8
EPSS
94.3%
Threat
9.6
CVE-2021-36958 HIGH PATCH This Week

<p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows
NVD
CVSS 3.1
7.8
EPSS
31.7%
CVE-2021-1732 HIGH POC KEV PATCH THREAT Act Now

Windows Win32k contains an out-of-bounds write vulnerability enabling local privilege escalation to SYSTEM, exploited by the Bitter APT group in February 2021 for targeted espionage operations.

Windows
NVD
CVSS 3.1
7.8
EPSS
90.1%
Threat
9.3
CVE-2020-1472 MEDIUM POC KEV EUVD KEV PATCH THREAT Act Now

A privilege escalation vulnerability (CVSS 5.5). Risk factors: actively exploited (KEV-listed), EPSS 94% exploitation probability, public PoC available. Vendor patch is available.

Windows
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
94.4%
Threat
8.9
CVE-2019-0859 HIGH KEV PATCH THREAT Act Now

Windows Win32k contains a use-after-free vulnerability enabling local privilege escalation to SYSTEM, exploited in the wild in April 2019 alongside CVE-2019-0803 in targeted campaigns.

Windows
NVD
CVSS 3.1
7.8
EPSS
9.9%
CVE-2019-0803 HIGH POC KEV PATCH THREAT Act Now

Windows Win32k fails to properly handle objects in memory, allowing local privilege escalation exploited in the wild in April 2019 as part of targeted APT exploit chains.

Windows
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
89.8%
CVE-2018-0599 HIGH PATCH This Week

Untrusted search path vulnerability in the installer of Visual C++ Redistributable allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Windows
NVD
CVSS 3.0
7.8
EPSS
4.6%
CVE-2018-0598 HIGH This Week

Untrusted search path vulnerability in Self-extracting archive files created by IExpress bundled with Microsoft Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows
NVD
CVSS 3.1
7.8
EPSS
9.0%
CVE-2018-8174 HIGH POC KEV PATCH THREAT Act Now

The Windows VBScript engine contains a remote code execution vulnerability in object handling that allows full system compromise through crafted web pages, exploited in the wild as a zero-day before the May 2018 patch.

Windows
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
94.3%
Threat
5.0
CVE-2016-4158 HIGH This Week

Unquoted Windows search path vulnerability in Adobe Creative Cloud Desktop Application before 3.7.0.272 on Windows allows local users to gain privileges via a Trojan horse executable file in the. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Adobe Privilege Escalation Microsoft Windows Creative Cloud
NVD
CVSS 3.0
7.3
EPSS
1.6%
CVE-2016-4534 LOW POC PATCH Monitor

The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan Enterprise 8.8.0 before Hotfix 1123565 (8.8.0.1546) on Windows allows local administrators to bypass intended self-protection rules and. Rated low severity (CVSS 3.0). Public exploit code available.

Privilege Escalation Microsoft Virusscan Enterprise Windows
NVD Exploit-DB
CVSS 3.0
3.0
EPSS
2.4%
CVE-2016-1715 MEDIUM PATCH This Month

The swin.sys kernel driver in McAfee Application Control (MAC) 6.1.0 before build 706, 6.1.1 before build 404, 6.1.2 before build 449, 6.1.3 before build 441, and 6.2.0 before build 505 on 32-bit. Rated medium severity (CVSS 6.6).

Denial Of Service Buffer Overflow Microsoft Windows Application Control
NVD
CVSS 3.0
6.6
EPSS
0.4%
EPSS 1% CVSS 8.8
HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE +17
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Microsoft Integer Overflow RCE +16
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Microsoft Integer Overflow RCE +16
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Windows Kerberos Information Disclosure Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 1507 +15
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE +15
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE +17
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE +15
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE +17
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE +17
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE +17
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 21h2 +8
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 21h2 +8
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE +17
NVD
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

Windows Digital Media Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Microsoft Buffer Overflow Information Disclosure +16
NVD
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

Windows Digital Media Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Microsoft Buffer Overflow Information Disclosure +15
NVD
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

Windows Digital Media Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Microsoft Buffer Overflow Information Disclosure +16
NVD
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

Windows Digital Media Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Microsoft Buffer Overflow Information Disclosure +16
NVD
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

Windows Digital Media Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Microsoft Buffer Overflow Information Disclosure +16
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Microsoft Memory Corruption Denial Of Service +6
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Month

Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Microsoft Memory Corruption Use After Free +10
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE +17
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Month

Windows Kerberos Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Microsoft Denial Of Service Windows Server 2012 +6
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Windows NTLM Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 1507 +15
NVD
EPSS 0% CVSS 4.2
MEDIUM PATCH Monitor

Windows BitLocker Information Disclosure Vulnerability. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 1507 +15
NVD
EPSS 0% CVSS 4.2
MEDIUM PATCH Monitor

Windows BitLocker Information Disclosure Vulnerability. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required.

Microsoft Information Disclosure Windows 10 1507 +15
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Month

Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Microsoft Denial Of Service Windows 10 1809 +10
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Windows Recovery Environment Agent Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity.

Microsoft Authentication Bypass Windows 10 1507 +13
NVD
EPSS 0% CVSS 4.8
MEDIUM Monitor

A vulnerability, which was classified as problematic, has been found in libretro RetroArch up to 1.19.1 on Windows. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows +1
NVD VulDB
EPSS 0% CVSS 3.3
LOW Monitor

A use of hard-coded cryptographic key in Fortinet FortiClientWindows version 7.4.0, 7.2.x all versions, 7.0.x all versions, and 6.4.x all versions may allow a low-privileged user to decrypt. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fortinet Forticlient +1
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Due to DLL injection vulnerability in SAPSetup, an attacker with either local user privileges or with access to a compromised corporate user�s Windows account could gain higher privileges. Rated high severity (CVSS 7.8). No vendor patch available.

Microsoft Code Injection Windows
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

SAP GUI for Windows stores user input on the client PC to improve usability. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Microsoft SAP Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file under specific. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/vas: Add close() callback in vas_vm_ops struct The mapping VMA address is saved in VAS window struct when the paste. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free IBM Information Disclosure +6
NVD
EPSS 2% CVSS 8.5
HIGH This Month

A vulnerability in Forescout SecureConnector v11.3.07.0109 on Windows allows unauthenticated user to modify compliance scripts due to insecure temporary directory. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Secureconnector +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Web installer integrity check used weak hash algorithm. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Missing session invalidation after user deletion. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Local privilege escalation due to DLL hijacking vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Cyber Protect +1
NVD
EPSS 0% CVSS 4.4
MEDIUM Monitor

Local privilege escalation due to excessive permissions assigned to Tray Monitor service. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Apple +2
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS Cyber Protect +1
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Local privilege escalation due to DLL hijacking vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Cyber Protect +1
NVD
EPSS 84% CVSS 7.0
HIGH POC KEV PATCH THREAT Act Now

Windows Kernel contains a TOCTOU race condition vulnerability allowing local privilege escalation, exploited by the OilRig (APT34/Iranian) group for government network compromise.

Windows
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Meeting Software Development Kit +4
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where, when it is launched with the non-default command line option --model-control explicit, an attacker may use the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Microsoft Information Disclosure +5
NVD GitHub
EPSS 0% CVSS 6.0
MEDIUM This Month

ELAN Match-on-Chip FPR solution has design fault about potential risk of valid SID leakage and enumeration with spoof sensor. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Dell Microsoft +2
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Hancom HCell on Windows allows Overflow Buffers.0.0.893. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Hcell +1
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Scalefusion +1
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

ScaleFusion 10.5.2 does not properly limit users to the Edge application because a search can be made from a tooltip. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Scalefusion +1
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

In ScaleFusion (Windows Desktop App) agent 10.5.2, Kiosk mode application restrictions can be bypassed allowing arbitrary code to be executed. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Microsoft +2
NVD
EPSS 0% CVSS 7.8
HIGH POC PATCH This Month

GitPython is a python library used to interact with Git repositories. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Python +2
NVD GitHub
EPSS 0% CVSS 7.2
HIGH POC This Week

Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authentication via a crafted change from a local path to a UNC path. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Path Traversal Device Manager +1
NVD
EPSS 26% CVSS 6.5
MEDIUM POC PATCH THREAT This Week

Windows Themes Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 25.6%.

Microsoft Information Disclosure Windows 10 1507 +12
NVD Exploit-DB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Windows Server Key Distribution Service Security Feature Bypass. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Authentication Bypass Windows 10 1607 +10
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Windows TCP/IP Information Disclosure Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Microsoft Information Disclosure Windows 10 1507 +14
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Windows Cryptographic Services Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft +15
NVD
EPSS 4% CVSS 7.8
HIGH PATCH This Month

Critical vulnerability in NETGEAR ProSAFE NMS300 network management system.

Microsoft Information Disclosure Windows 10 1809 +8
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Integer Overflow Microsoft Information Disclosure +6
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Month

Windows Hyper-V Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.

Microsoft Race Condition RCE +10
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Windows Hyper-V Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Denial Of Service Windows 10 1809 +9
NVD
EPSS 22% CVSS 7.8
HIGH PATCH This Month

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Epss exploitation probability 21.7%.

Integer Overflow Microsoft Information Disclosure +10
NVD
EPSS 49% CVSS 7.3
HIGH PATCH This Month

Windows libarchive Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Epss exploitation probability 49.4%.

Buffer Overflow RCE Heap Overflow +5
NVD GitHub
EPSS 7% CVSS 7.3
HIGH PATCH This Month

Windows libarchive Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Buffer Overflow RCE Heap Overflow +11
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Windows CoreMessaging Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Microsoft Information Disclosure Windows 10 1607 +11
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH Monitor

Windows Themes Information Disclosure Vulnerability. Rated medium severity (CVSS 4.7). This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft +14
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Windows Nearby Sharing Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 1809 +6
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

Windows Cryptographic Services Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft RCE Windows 10 1507 +12
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

Windows Subsystem for Linux Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure +9
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

Windows Message Queuing Client (MSMQC) Information Disclosure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Windows 10 1507 +13
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

A security vulnerability exists in FBX that could lead to remote code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Heap Overflow +5
NVD
EPSS 16% CVSS 8.8
HIGH PATCH This Month

Windows Kerberos Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 16.0%.

Microsoft Authentication Bypass Windows 10 1507 +13
NVD
EPSS 4% CVSS 6.5
MEDIUM PATCH This Month

Windows Message Queuing Client (MSMQC) Information Disclosure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Windows 10 1507 +13
NVD
EPSS 1% CVSS 4.9
MEDIUM PATCH Monitor

Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption Information Disclosure Microsoft +7
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Month

Windows Group Policy Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Authentication Bypass Microsoft Windows 10 1507 +13
NVD
EPSS 3% CVSS 8.1
HIGH PATCH This Month

Windows HTML Platforms Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Microsoft Authentication Bypass Windows 10 1507 +13
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions with maxView Storage Manager <. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Maxview Storage Manager +1
NVD
EPSS 0% CVSS 8.4
HIGH This Week

IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft IBM Privilege Escalation +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A vulnerability was found in Perl. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow RCE Heap Overflow +3
NVD
EPSS 5% CVSS 7.8
HIGH KEV PATCH THREAT Act Now

Windows Print Spooler allows local privilege escalation that was exploited by the Russian GRU's 'Forest Blizzard' (APT28) group using a custom tool called 'GooseEgg' for credential theft and lateral movement in government networks.

Windows
NVD VulDB
EPSS 0% CVSS 7.0
HIGH This Week

A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary. Rated high severity (CVSS 7.0). No vendor patch available.

Denial Of Service Microsoft Windows
NVD
EPSS 94% 9.6 CVSS 8.8
HIGH POC KEV PATCH THREAT Act Now

Windows MSHTML component contains a remote code execution vulnerability that allows attackers to craft malicious ActiveX controls in Office documents, exploited as a zero-day in targeted attacks before the September 2021 patch.

Windows
NVD
EPSS 32% CVSS 7.8
HIGH PATCH This Week

<p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows
NVD
EPSS 90% 9.3 CVSS 7.8
HIGH POC KEV PATCH THREAT Act Now

Windows Win32k contains an out-of-bounds write vulnerability enabling local privilege escalation to SYSTEM, exploited by the Bitter APT group in February 2021 for targeted espionage operations.

Windows
NVD
EPSS 94% 8.9 CVSS 5.5
MEDIUM POC KEV EUVD KEV PATCH THREAT Act Now

A privilege escalation vulnerability (CVSS 5.5). Risk factors: actively exploited (KEV-listed), EPSS 94% exploitation probability, public PoC available. Vendor patch is available.

Windows
NVD Exploit-DB
EPSS 10% CVSS 7.8
HIGH KEV PATCH THREAT Act Now

Windows Win32k contains a use-after-free vulnerability enabling local privilege escalation to SYSTEM, exploited in the wild in April 2019 alongside CVE-2019-0803 in targeted campaigns.

Windows
NVD
EPSS 90% CVSS 7.8
HIGH POC KEV PATCH THREAT Act Now

Windows Win32k fails to properly handle objects in memory, allowing local privilege escalation exploited in the wild in April 2019 as part of targeted APT exploit chains.

Windows
NVD Exploit-DB
EPSS 5% CVSS 7.8
HIGH PATCH This Week

Untrusted search path vulnerability in the installer of Visual C++ Redistributable allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Windows
NVD
EPSS 9% CVSS 7.8
HIGH This Week

Untrusted search path vulnerability in Self-extracting archive files created by IExpress bundled with Microsoft Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows
NVD
EPSS 94% 5.0 CVSS 7.5
HIGH POC KEV PATCH THREAT Act Now

The Windows VBScript engine contains a remote code execution vulnerability in object handling that allows full system compromise through crafted web pages, exploited in the wild as a zero-day before the May 2018 patch.

Windows
NVD Exploit-DB
EPSS 2% CVSS 7.3
HIGH This Week

Unquoted Windows search path vulnerability in Adobe Creative Cloud Desktop Application before 3.7.0.272 on Windows allows local users to gain privileges via a Trojan horse executable file in the. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Adobe Privilege Escalation Microsoft +2
NVD
EPSS 2% CVSS 3.0
LOW POC PATCH Monitor

The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan Enterprise 8.8.0 before Hotfix 1123565 (8.8.0.1546) on Windows allows local administrators to bypass intended self-protection rules and. Rated low severity (CVSS 3.0). Public exploit code available.

Privilege Escalation Microsoft Virusscan Enterprise +1
NVD Exploit-DB
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

The swin.sys kernel driver in McAfee Application Control (MAC) 6.1.0 before build 706, 6.1.1 before build 404, 6.1.2 before build 449, 6.1.3 before build 441, and 6.2.0 before build 505 on 32-bit. Rated medium severity (CVSS 6.6).

Denial Of Service Buffer Overflow Microsoft +2
NVD
Prev Page 17 of 18 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy