Skip to main content

Windows

1584 CVEs product

Monthly

CVE-2025-62482 MEDIUM Monitor

Cross-site scripting in Zoom Workplace for Windows before version 6.5.10 may allow an unauthenticated user to impact integrity via network access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS Meeting Software Development Kit Workplace Desktop Windows
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-12763 PyPI MEDIUM PATCH This Month

pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Microsoft Pgadmin 4 Windows Suse
NVD GitHub
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-64711 PHP LOW POC PATCH Monitor

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity. Public exploit code available.

File Upload Apple Microsoft XSS Privatebin +2
NVD GitHub
CVSS 3.1
3.9
EPSS
0.0%
CVE-2025-61667 HIGH This Month

The Datadog Agent collects events and metrics from hosts and sends them to Datadog. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

Python Microsoft Kubernetes Privilege Escalation Windows +1
NVD GitHub
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-54983 MEDIUM This Month

A health check port on Zscaler Client Connector on Windows, versions 4.6 < 4.6.0.216 and 4.7 < 4.7.0.47, which under specific circumstances was not released after use, allowed traffic to potentially. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows
NVD
CVSS 3.1
5.2
EPSS
0.0%
CVE-2025-62452 HIGH This Month

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Heap Overflow Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-62220 HIGH This Month

Heap-based buffer overflow in Windows Subsystem for Linux GUI allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Heap Overflow Windows Subsystem For Linux Windows
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-62217 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Microsoft Information Disclosure Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-62215 HIGH POC KEV THREAT Act Now

Windows Kernel contains a race condition vulnerability enabling local privilege escalation through concurrent resource access with improper synchronization.

Race Condition Microsoft Information Disclosure Windows 10 1809 Windows 10 21h2 +9
NVD Exploit-DB VulDB
CVSS 3.1
7.0
EPSS
0.5%
CVE-2025-62213 HIGH This Month

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Microsoft Use After Free Windows 10 1607 +14
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-62209 MEDIUM This Month

Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-62208 MEDIUM This Month

Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-60723 MEDIUM This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to deny service over a network. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Microsoft Information Disclosure Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-60721 HIGH This Month

Privilege context switching error in Windows Administrator Protection allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 11 24h2 Windows 11 25h2 Windows
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-60720 HIGH This Month

Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +12
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-60719 HIGH This Month

Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +12
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-60718 HIGH This Month

Untrusted search path in Windows Administrator Protection allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 11 24h2 Windows 11 25h2 Windows
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-60717 HIGH This Month

Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Microsoft Use After Free Windows 10 1809 +9
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-60716 HIGH This Month

Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Microsoft Use After Free Windows 10 1809 +10
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-60715 HIGH This Month

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Heap Overflow Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-60714 HIGH This Month

Heap-based buffer overflow in Windows OLE allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Heap Overflow Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-60713 HIGH This Month

Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows Server 2016 Windows Server 2019 Windows Server 2022 +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-60709 HIGH This Month

Out-of-bounds read in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-60706 MEDIUM This Month

Out-of-bounds read in Windows Hyper-V allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-60705 HIGH This Month

Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows 10 1607 Windows 10 1809 Windows 10 21h2 +12
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-60704 HIGH This Month

Missing cryptographic step in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Authentication Bypass Windows 10 1607 Windows 10 1809 Windows 10 21h2 +12
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-60703 HIGH This Month

Untrusted pointer dereference in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +12
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-59515 HIGH This Month

Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Microsoft Use After Free Windows 10 1809 +9
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-59513 MEDIUM This Month

Out-of-bounds read in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-59511 HIGH This Month

External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +8
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-59510 MEDIUM This Month

Improper link resolution before file access ('link following') in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to deny service locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +11
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-59509 MEDIUM This Month

Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +8
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-59508 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Microsoft Information Disclosure Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-59507 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Microsoft Information Disclosure Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-59506 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Microsoft Information Disclosure Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-59505 HIGH This Month

Double free in Windows Smart Card allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +11
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-35971 HIGH This Month

Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Intel Microsoft Memory Corruption Denial Of Service +1
NVD
CVSS 4.0
8.3
EPSS
0.1%
CVE-2025-35967 HIGH This Month

Out-of-bounds read for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Intel Microsoft Denial Of Service +1
NVD
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-35963 HIGH This Month

Insufficient control flow management for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Denial Of Service Microsoft Windows
NVD
CVSS 4.0
8.3
EPSS
0.0%
CVE-2025-33202 MEDIUM This Month

NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where an attacker could cause a stack overflow by sending extra-large payloads. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Microsoft Nvidia Denial Of Service +2
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-33029 HIGH This Month

Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Intel Microsoft Memory Corruption Denial Of Service +1
NVD
CVSS 4.0
8.3
EPSS
0.0%
CVE-2025-32732 MEDIUM This Month

Buffer overflow for some Intel(R) QAT Windows software before version 2.6.0. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Buffer Overflow Microsoft Quickassist Technology +1
NVD
CVSS 4.0
5.8
EPSS
0.0%
CVE-2025-32088 MEDIUM Monitor

Improper conditions check for some Intel(R) QAT Windows software before version 2.6.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Microsoft Quickassist Technology Windows
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-31937 MEDIUM This Month

Out-of-bounds read for some Intel(R) QAT Windows software before version 2.6.0. Rated medium severity (CVSS 5.7). No vendor patch available.

Buffer Overflow Information Disclosure Intel Microsoft Denial Of Service +2
NVD
CVSS 4.0
5.7
EPSS
0.0%
CVE-2025-30255 HIGH This Month

Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Intel Microsoft Memory Corruption Denial Of Service +1
NVD
CVSS 4.0
8.3
EPSS
0.1%
CVE-2025-27713 HIGH This Month

Out-of-bounds write for some Intel(R) QAT Windows software before version 2.6.0. Rated high severity (CVSS 7.3). No vendor patch available.

Buffer Overflow Intel Microsoft Memory Corruption Privilege Escalation +2
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-27710 MEDIUM This Month

Untrusted pointer dereference for some Intel(R) QAT Windows software before version 2.6.0. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Microsoft Quickassist Technology Windows
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2025-26694 MEDIUM This Month

Null pointer dereference for some Intel(R) QAT Windows software before version 2.6.0. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Microsoft Intel Quickassist Technology +1
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2025-24519 MEDIUM This Month

Buffer overflow for some Intel(R) QAT Windows software before version 2.6.0. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Buffer Overflow Microsoft Privilege Escalation Quickassist Technology +1
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2025-24512 MEDIUM This Month

Improper input validation for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Rated medium severity (CVSS 5.7). No vendor patch available.

Intel Denial Of Service Microsoft Windows
NVD
CVSS 4.0
5.7
EPSS
0.0%
CVE-2025-20622 LOW Monitor

Sensitive information uncleared in resource before release for reuse for some Intel(R) NPU Drivers for Windows before version 32.0.100.4023 within Ring 3: User Applications may allow an information. Rated low severity (CVSS 2.0), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Microsoft Windows
NVD
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-20065 MEDIUM This Month

Uncontrolled search path for some Display Virtualization for Windows OS software before version 1797 within Ring 2: Device Drivers may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-13032 CRITICAL This Week

Double fetch in sandbox kernel driver in Avast/AVG Antivirus <25.3 on windows allows local attacker to escalate privelages via pool overflow. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Antivirus Windows
NVD
CVSS 3.1
9.9
EPSS
0.0%
CVE-2025-10905 MEDIUM Monitor

Collision in MiniFilter driver in Avast Software Avast Free Antivirus before 25.9 on Windows allows a local attacker with administrative privileges to disable real-time protection and self-defense. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-11697 HIGH This Month

A local code execution security issue exists within Studio 5000® Simulation Interface™ via the API. Rated high severity (CVSS 8.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal RCE Information Disclosure Microsoft Windows
NVD
CVSS 4.0
8.9
EPSS
0.0%
CVE-2025-11696 HIGH This Month

A local server-side request forgery (SSRF) security issue exists within Studio 5000® Simulation Interface™ via the API. Rated high severity (CVSS 8.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SSRF Path Traversal Microsoft Windows
NVD
CVSS 4.0
8.9
EPSS
0.0%
CVE-2025-10714 HIGH This Month

AXIS Optimizer was vulnerable to an unquoted search path vulnerability, which could potentially lead to privilege escalation within Microsoft Windows operating system. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-42888 MEDIUM This Month

SAP GUI for Windows may allow a highly privileged user on the affected client PC to locally access sensitive information stored in process memory during runtime.This vulnerability has a high impact. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

SAP Information Disclosure Microsoft Windows
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-12726 HIGH PATCH This Month

Inappropriate implementation in Views in Google Chrome on Windows prior to 142.0.7444.137 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Microsoft Privilege Escalation Chrome Windows +1
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-12439 MEDIUM POC PATCH This Month

Inappropriate implementation in App-Bound Encryption in Google Chrome on Windows prior to 142.0.7444.59 allowed a local attacker to obtain potentially sensitive information from process memory via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Microsoft Chrome Windows +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-12434 MEDIUM PATCH Monitor

Race in Storage in Google Chrome on Windows prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Race Condition Microsoft Information Disclosure Chrome +2
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-12905 MEDIUM This Month

Inappropriate implementation in Downloads in Google Chrome on Windows prior to 140.0.7339.80 allowed a remote attacker to bypass Mark of the Web via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Authentication Bypass Chrome Windows
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-36186 HIGH This Month

IBM Db2 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) under specific configurations could allow a local user to execute malicious code that escalate their privileges. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Microsoft Privilege Escalation IBM Db2 Windows
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-36185 MEDIUM This Month

IBM Db2 12.1.0 through 12.1.2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a local user to cause a denial of service due to improper neutralization of special elements in. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Nosql Injection IBM Db2 +1
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2025-36136 MEDIUM This Month

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow a local user to cause a denial of service due to the database monitor. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Microsoft IBM Db2 Windows
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-36131 MEDIUM Monitor

IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) clpplus command exposes user credentials to the terminal. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft IBM Db2 Windows
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-36008 MEDIUM This Month

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Microsoft IBM Db2 Windows
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-36006 MEDIUM This Month

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft IBM Db2 Windows
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-2534 MEDIUM This Month

IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Microsoft IBM Db2 Windows
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-47118 MEDIUM This Month

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow IBM Microsoft Denial Of Service +2
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-7719 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in GE Vernova Smallworld on Windows, Linux allows File Manipulation.3.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Microsoft Windows
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-3222 CRITICAL This Week

Improper Authentication vulnerability in GE Vernova Smallworld on Windows, Linux allows Authentication Abuse.3.3 and prior versions for Linux, and 5.3.4. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-11212 MEDIUM PATCH This Month

Inappropriate implementation in Media in Google Chrome on Windows prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Microsoft Chrome Windows +1
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-27918 CRITICAL POC Act Now

An issue was discovered in AnyDesk for Windows before 9.0.5, AnyDesk for macOS before 9.0.1, AnyDesk for Linux before 7.0.0, AnyDesk for iOS before 7.1.2, and AnyDesk for Android before 8.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Apple Integer Overflow Microsoft +5
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-27917 HIGH POC This Month

An issue was discovered in AnyDesk for Windows before 9.0.5, AnyDesk for macOS before 9.0.1, AnyDesk for Linux before 7.0.0, AnyDesk for iOS before 7.1.2, and AnyDesk for Android before 8.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Google Apple Null Pointer Dereference Microsoft +6
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-27916 HIGH POC This Month

An issue was discovered in AnyDesk for Windows before 9.0.6 and AnyDesk for Android before 8.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Microsoft Authentication Bypass Anydesk Android +1
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-37735 HIGH This Month

Improper preservation of permissions in Elastic Defend on Windows hosts can lead to arbitrary files on the system being deleted by the Defend service running as SYSTEM. Rated high severity (CVSS 7.0). No vendor patch available.

Elastic Microsoft Privilege Escalation Windows
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-64458 PyPI HIGH PATCH GHSA This Month

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Python Django Windows +2
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-64151 HIGH This Month

Multiple Roboticsware products provided by Roboticsware PTE. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Windows
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2025-62225 HIGH This Month

Optical Disc Archive Software provided by Sony Corporation registers a Windows service with an unquoted file path. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Windows
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2025-64107 HIGH This Month

Cursor is a code editor built for programming with AI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Microsoft Cursor Windows
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-59596 MEDIUM This Month

CVE-2025-59596 is a denial-of-service vulnerability in Secure Access Windows client versions 12.0 to 14.10 that is addressed in version 14.12. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Secure Access Windows
NVD
CVSS 4.0
6.0
EPSS
0.0%
CVE-2025-23358 HIGH This Month

NVIDIA NVApp for Windows contains a vulnerability in the installer, where a local attacker can cause a search path element issue. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Nvidia Windows
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-11953 npm CRITICAL POC KEV PATCH THREAT Act Now

React Native Metro Development Server binds to external interfaces by default and contains an OS command injection endpoint, allowing unauthenticated network attackers to execute arbitrary code.

Command Injection Microsoft React Native Community Cli Windows Red Hat
NVD GitHub
CVSS 3.1
9.8
EPSS
3.4%
CVE-2025-60892 MEDIUM This Month

An issue in Raspberry Pi Imager version 1.9.6 for Windows, affecting its OS customization feature. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-59214 MEDIUM This Month

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +14
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-59489 HIGH POC PATCH This Week

CVE-2025-59489 is a security vulnerability (CVSS 7.4) that allows argument injection that can result. Risk factors: public PoC available.

Code Injection Editor Android Windows macOS
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-27237 HIGH PATCH This Week

In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL.

Privilege Escalation OpenSSL Ubuntu Debian Windows
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-61666 HIGH POC PATCH This Week

Traccar is an open source GPS tracking system. Default installs of Traccar on Windows between versions 6.1- 6.8.1 and non default installs between versions 5.8 - 6.0 are vulnerable to unauthenticated local file inclusion attacks which can lead to leakage of passwords or any file on the file system including the Traccar configuration file. Versions 5.8 - 6.0 are only vulnerable if <entry key='web.override'>./override</entry> is set in the configuration file. Versions 6.1 - 6.8.1 are vulnerable by default as the web override is enabled by default. The vulnerable code is removed in version 6.9.0.

Path Traversal Windows
NVD GitHub
CVSS 4.0
8.7
EPSS
1.0%
CVE-2025-11020 HIGH This Week

An attacker can obtain server information using Path Traversal vulnerability to conduct SQL Injection, which possibly exploits Unrestricted Upload of File with Dangerous Type vulnerability in MarkAny SafePC Enterprise on Windows, Linux.This issue affects SafePC Enterprise: V7.0.* (V7.0.YYYY.MM.DD) before V7.0.1, and V5.*.*.

SQLi Path Traversal File Upload Windows
NVD
CVSS 3.1
8.8
EPSS
0.0%
EPSS 0% CVSS 4.3
MEDIUM Monitor

Cross-site scripting in Zoom Workplace for Windows before version 6.5.10 may allow an unauthenticated user to impact integrity via network access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS Meeting Software Development Kit +2
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Microsoft Pgadmin 4 +2
NVD GitHub
EPSS 0% CVSS 3.9
LOW POC PATCH Monitor

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity. Public exploit code available.

File Upload Apple Microsoft +4
NVD GitHub
EPSS 0% CVSS 7.0
HIGH This Month

The Datadog Agent collects events and metrics from hosts and sends them to Datadog. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

Python Microsoft Kubernetes +3
NVD GitHub
EPSS 0% CVSS 5.2
MEDIUM This Month

A health check port on Zscaler Client Connector on Windows, versions 4.6 < 4.6.0.216 and 4.7 < 4.7.0.47, which under specific circumstances was not released after use, allowed traffic to potentially. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows
NVD
EPSS 0% CVSS 8.0
HIGH This Month

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Heap Overflow +15
NVD
EPSS 0% CVSS 8.8
HIGH This Month

Heap-based buffer overflow in Windows Subsystem for Linux GUI allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Heap Overflow +2
NVD
EPSS 0% CVSS 7.0
HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Microsoft Information Disclosure +15
NVD
EPSS 1% CVSS 7.0
HIGH POC KEV THREAT Act Now

Windows Kernel contains a race condition vulnerability enabling local privilege escalation through concurrent resource access with improper synchronization.

Race Condition Microsoft Information Disclosure +11
NVD Exploit-DB VulDB
EPSS 0% CVSS 7.0
HIGH This Month

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Microsoft +16
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1507 +14
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1507 +14
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to deny service over a network. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Microsoft Information Disclosure +11
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Privilege context switching error in Windows Administrator Protection allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 11 24h2 +2
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Windows 10 1607 +14
NVD
EPSS 0% CVSS 7.0
HIGH This Month

Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Microsoft Windows 10 1607 +14
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Untrusted search path in Windows Administrator Protection allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 11 24h2 +2
NVD
EPSS 0% CVSS 7.0
HIGH This Month

Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Microsoft +11
NVD
EPSS 0% CVSS 7.0
HIGH This Month

Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Microsoft +12
NVD
EPSS 0% CVSS 8.0
HIGH This Month

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Heap Overflow +15
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Heap-based buffer overflow in Windows OLE allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Heap Overflow +12
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows Server 2016 +5
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Out-of-bounds read in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure +15
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Out-of-bounds read in Windows Hyper-V allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure +13
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows 10 1607 +14
NVD
EPSS 0% CVSS 7.5
HIGH This Month

Missing cryptographic step in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Authentication Bypass Windows 10 1607 +14
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Untrusted pointer dereference in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1607 +14
NVD
EPSS 0% CVSS 7.0
HIGH This Month

Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Microsoft +11
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Out-of-bounds read in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure +14
NVD
EPSS 0% CVSS 7.8
HIGH This Month

External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1809 +10
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper link resolution before file access ('link following') in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to deny service locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1607 +13
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1809 +10
NVD
EPSS 0% CVSS 7.0
HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Microsoft Information Disclosure +13
NVD
EPSS 0% CVSS 7.0
HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Microsoft Information Disclosure +13
NVD
EPSS 0% CVSS 7.0
HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Microsoft Information Disclosure +14
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Double free in Windows Smart Card allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1607 +13
NVD
EPSS 0% CVSS 8.3
HIGH This Month

Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Intel Microsoft +3
NVD
EPSS 0% CVSS 7.0
HIGH This Month

Out-of-bounds read for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Intel +3
NVD
EPSS 0% CVSS 8.3
HIGH This Month

Insufficient control flow management for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Denial Of Service Microsoft +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where an attacker could cause a stack overflow by sending extra-large payloads. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Microsoft +4
NVD
EPSS 0% CVSS 8.3
HIGH This Month

Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Intel Microsoft +3
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

Buffer overflow for some Intel(R) QAT Windows software before version 2.6.0. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Buffer Overflow +3
NVD
EPSS 0% CVSS 4.8
MEDIUM Monitor

Improper conditions check for some Intel(R) QAT Windows software before version 2.6.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Microsoft +2
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

Out-of-bounds read for some Intel(R) QAT Windows software before version 2.6.0. Rated medium severity (CVSS 5.7). No vendor patch available.

Buffer Overflow Information Disclosure Intel +4
NVD
EPSS 0% CVSS 8.3
HIGH This Month

Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Intel Microsoft +3
NVD
EPSS 0% CVSS 7.3
HIGH This Month

Out-of-bounds write for some Intel(R) QAT Windows software before version 2.6.0. Rated high severity (CVSS 7.3). No vendor patch available.

Buffer Overflow Intel Microsoft +4
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Untrusted pointer dereference for some Intel(R) QAT Windows software before version 2.6.0. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Microsoft +2
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Null pointer dereference for some Intel(R) QAT Windows software before version 2.6.0. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Microsoft +3
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Buffer overflow for some Intel(R) QAT Windows software before version 2.6.0. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Buffer Overflow Microsoft +3
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

Improper input validation for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Rated medium severity (CVSS 5.7). No vendor patch available.

Intel Denial Of Service Microsoft +1
NVD
EPSS 0% CVSS 2.0
LOW Monitor

Sensitive information uncleared in resource before release for reuse for some Intel(R) NPU Drivers for Windows before version 32.0.100.4023 within Ring 3: User Applications may allow an information. Rated low severity (CVSS 2.0), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Microsoft +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Uncontrolled search path for some Display Virtualization for Windows OS software before version 1797 within Ring 2: Device Drivers may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
EPSS 0% CVSS 9.9
CRITICAL This Week

Double fetch in sandbox kernel driver in Avast/AVG Antivirus <25.3 on windows allows local attacker to escalate privelages via pool overflow. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Antivirus +1
NVD
EPSS 0% CVSS 4.4
MEDIUM Monitor

Collision in MiniFilter driver in Avast Software Avast Free Antivirus before 25.9 on Windows allows a local attacker with administrative privileges to disable real-time protection and self-defense. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows
NVD
EPSS 0% CVSS 8.9
HIGH This Month

A local code execution security issue exists within Studio 5000® Simulation Interface™ via the API. Rated high severity (CVSS 8.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal RCE Information Disclosure +2
NVD
EPSS 0% CVSS 8.9
HIGH This Month

A local server-side request forgery (SSRF) security issue exists within Studio 5000® Simulation Interface™ via the API. Rated high severity (CVSS 8.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SSRF Path Traversal Microsoft +1
NVD
EPSS 0% CVSS 8.4
HIGH This Month

AXIS Optimizer was vulnerable to an unquoted search path vulnerability, which could potentially lead to privilege escalation within Microsoft Windows operating system. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

SAP GUI for Windows may allow a highly privileged user on the affected client PC to locally access sensitive information stored in process memory during runtime.This vulnerability has a high impact. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

SAP Information Disclosure Microsoft +1
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Month

Inappropriate implementation in Views in Google Chrome on Windows prior to 142.0.7444.137 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Microsoft Privilege Escalation +3
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Inappropriate implementation in App-Bound Encryption in Google Chrome on Windows prior to 142.0.7444.59 allowed a local attacker to obtain potentially sensitive information from process memory via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Microsoft +4
NVD
EPSS 0% CVSS 4.2
MEDIUM PATCH Monitor

Race in Storage in Google Chrome on Windows prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Race Condition Microsoft +4
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Inappropriate implementation in Downloads in Google Chrome on Windows prior to 140.0.7339.80 allowed a remote attacker to bypass Mark of the Web via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Authentication Bypass +2
NVD
EPSS 0% CVSS 7.4
HIGH This Month

IBM Db2 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) under specific configurations could allow a local user to execute malicious code that escalate their privileges. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Microsoft Privilege Escalation IBM +2
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

IBM Db2 12.1.0 through 12.1.2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a local user to cause a denial of service due to improper neutralization of special elements in. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Nosql Injection +3
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow a local user to cause a denial of service due to the database monitor. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Microsoft IBM +2
NVD
EPSS 0% CVSS 4.6
MEDIUM Monitor

IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) clpplus command exposes user credentials to the terminal. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft IBM +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Microsoft IBM +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft IBM +2
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Microsoft IBM +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow IBM +4
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in GE Vernova Smallworld on Windows, Linux allows File Manipulation.3.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Microsoft Windows
NVD
EPSS 0% CVSS 9.3
CRITICAL This Week

Improper Authentication vulnerability in GE Vernova Smallworld on Windows, Linux allows Authentication Abuse.3.3 and prior versions for Linux, and 5.3.4. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Inappropriate implementation in Media in Google Chrome on Windows prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Microsoft +3
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in AnyDesk for Windows before 9.0.5, AnyDesk for macOS before 9.0.1, AnyDesk for Linux before 7.0.0, AnyDesk for iOS before 7.1.2, and AnyDesk for Android before 8.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Apple +7
NVD
EPSS 1% CVSS 7.5
HIGH POC This Month

An issue was discovered in AnyDesk for Windows before 9.0.5, AnyDesk for macOS before 9.0.1, AnyDesk for Linux before 7.0.0, AnyDesk for iOS before 7.1.2, and AnyDesk for Android before 8.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Google Apple +8
NVD
EPSS 0% CVSS 7.5
HIGH POC This Month

An issue was discovered in AnyDesk for Windows before 9.0.6 and AnyDesk for Android before 8.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Microsoft Authentication Bypass +3
NVD
EPSS 0% CVSS 7.0
HIGH This Month

Improper preservation of permissions in Elastic Defend on Windows hosts can lead to arbitrary files on the system being deleted by the Defend service running as SYSTEM. Rated high severity (CVSS 7.0). No vendor patch available.

Elastic Microsoft Privilege Escalation +1
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Month

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Python +4
NVD
EPSS 0% CVSS 8.4
HIGH This Month

Multiple Roboticsware products provided by Roboticsware PTE. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Windows
NVD
EPSS 0% CVSS 8.4
HIGH This Month

Optical Disc Archive Software provided by Sony Corporation registers a Windows service with an unquoted file path. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Windows
NVD
EPSS 0% CVSS 8.8
HIGH This Month

Cursor is a code editor built for programming with AI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Microsoft Cursor +1
NVD GitHub
EPSS 0% CVSS 6.0
MEDIUM This Month

CVE-2025-59596 is a denial-of-service vulnerability in Secure Access Windows client versions 12.0 to 14.10 that is addressed in version 14.12. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Secure Access +1
NVD
EPSS 0% CVSS 8.2
HIGH This Month

NVIDIA NVApp for Windows contains a vulnerability in the installer, where a local attacker can cause a search path element issue. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Nvidia +1
NVD
EPSS 3% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

React Native Metro Development Server binds to external interfaces by default and contains an OS command injection endpoint, allowing unauthenticated network attackers to execute arbitrary code.

Command Injection Microsoft React Native Community Cli +2
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM This Month

An issue in Raspberry Pi Imager version 1.9.6 for Windows, affecting its OS customization feature. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 +16
NVD GitHub
EPSS 0% CVSS 7.4
HIGH POC PATCH This Week

CVE-2025-59489 is a security vulnerability (CVSS 7.4) that allows argument injection that can result. Risk factors: public PoC available.

Code Injection Editor Android +2
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL.

Privilege Escalation OpenSSL Ubuntu +2
NVD
EPSS 1% CVSS 8.7
HIGH POC PATCH This Week

Traccar is an open source GPS tracking system. Default installs of Traccar on Windows between versions 6.1- 6.8.1 and non default installs between versions 5.8 - 6.0 are vulnerable to unauthenticated local file inclusion attacks which can lead to leakage of passwords or any file on the file system including the Traccar configuration file. Versions 5.8 - 6.0 are only vulnerable if <entry key='web.override'>./override</entry> is set in the configuration file. Versions 6.1 - 6.8.1 are vulnerable by default as the web override is enabled by default. The vulnerable code is removed in version 6.9.0.

Path Traversal Windows
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

An attacker can obtain server information using Path Traversal vulnerability to conduct SQL Injection, which possibly exploits Unrestricted Upload of File with Dangerous Type vulnerability in MarkAny SafePC Enterprise on Windows, Linux.This issue affects SafePC Enterprise: V7.0.* (V7.0.YYYY.MM.DD) before V7.0.1, and V5.*.*.

SQLi Path Traversal File Upload +1
NVD
Prev Page 6 of 18 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy