CVE Database

36709+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-62563
7.8 HIGH

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Dec 9, 2025
CVE-2025-62562
7.8 HIGH

Use after free in Microsoft Office Outlook allows an unauthorized attacker to execute code locally.

Dec 9, 2025
CVE-2025-62561
7.8 HIGH

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Dec 9, 2025
CVE-2025-62560
7.8 HIGH

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Dec 9, 2025
CVE-2025-62559
7.8 HIGH

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Dec 9, 2025
CVE-2025-62558
7.8 HIGH

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Dec 9, 2025
CVE-2025-62557
8.4 HIGH

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Dec 9, 2025
CVE-2025-62556
7.8 HIGH

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Dec 9, 2025
CVE-2025-62555
7.0 HIGH

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Dec 9, 2025
CVE-2025-62554
8.4 HIGH

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

Dec 9, 2025
CVE-2025-62553
7.8 HIGH

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Dec 9, 2025
CVE-2025-62552
7.8 HIGH

Relative path traversal in Microsoft Office Access allows an unauthorized attacker to execute code locally.

Dec 9, 2025
CVE-2025-62550
8.8 HIGH

Out-of-bounds write in Azure Monitor Agent allows an authorized attacker to execute code over a network.

Dec 9, 2025
CVE-2025-62549
8.8 HIGH

Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Dec 9, 2025
CVE-2025-62474
7.8 HIGH

Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-62472
7.8 HIGH

Use of uninitialized resource in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-62470
7.8 HIGH

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-62469
7.0 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-62467
7.8 HIGH

Integer overflow or wraparound in Windows Projected File System allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-62466
7.8 HIGH

Null pointer dereference in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-62464
7.8 HIGH

Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-62462
7.8 HIGH

Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-62461
7.8 HIGH

Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-62458
7.8 HIGH

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-62457
7.8 HIGH

Out-of-bounds read in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-62456
8.8 HIGH

Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an authorized attacker to execute code over a network.

Dec 9, 2025
CVE-2025-62455
7.8 HIGH

Improper input validation in Windows Message Queuing allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-62454
7.8 HIGH

Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-62221
7.8 HIGH KEV

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-61258
7.5 HIGH

Outsystems Platform Server 11.18.1.37828 allows attackers to cause a denial of service via a crafted content-length value mismatching the body length. NOTE: the Supplier indicates …

Dec 9, 2025
CVE-2025-60024
8.8 HIGH

Multiple Improper Limitations of a Pathname to a Restricted Directory ('Path Traversal') vulnerabilities [CWE-22] vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 …

Dec 9, 2025
CVE-2025-59517
7.8 HIGH

Improper access control in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-59516
7.8 HIGH

Missing authentication for critical function in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-55233
7.8 HIGH

Out-of-bounds read in Windows Projected File System allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-54100
7.8 HIGH

Improper neutralization of special elements used in a command ('command injection') in Windows PowerShell allows an unauthorized attacker to execute code locally.

Dec 9, 2025
CVE-2025-53949
7.2 HIGH

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 …

Dec 9, 2025
CVE-2025-53679
7.2 HIGH

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 …

Dec 9, 2025
CVE-2025-46637
7.3 HIGH

Dell Encryption, versions prior to 11.12.1, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A local malicious user could potentially exploit this …

Dec 9, 2025
CVE-2025-34396
7.3 HIGH

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to …

Dec 9, 2025
CVE-2025-33214
8.8 HIGH

NVIDIA NVTabular for Linux contains a vulnerability in the Workflow component, where a user could cause a deserialization issue. A successful exploit of this vulnerability …

Dec 9, 2025
CVE-2025-33213
8.8 HIGH

NVIDIA Merlin Transformers4Rec for Linux contains a vulnerability in the Trainer component, where a user could cause a deserialization issue. A successful exploit of this …

Dec 9, 2025
CVE-2025-56704
8.8 HIGH

LeptonCMS version 7.3.0 contains an arbitrary file upload vulnerability, which is caused by the lack of proper validation for uploaded files. An authenticated attacker can …

Dec 9, 2025
CVE-2025-12946
7.5 HIGH

A vulnerability in the speedtest feature of affected NETGEAR Nighthawk routers, caused by improper input validation, can allow attackers on the router's WAN side, using …

Dec 9, 2025
CVE-2025-12945
7.2 HIGH

A vulnerability in NETGEAR Nighthawk R7000P routers lets an authenticated admin execute OS command injections due to improper input validation. This issue affects R7000P: through …

Dec 9, 2025
CVE-2025-67534
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Jacques Malgrange Rencontre rencontre allows Stored XSS.This issue affects Rencontre: from n/a through <= 3.13.7.

Dec 9, 2025
CVE-2025-67533
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Portfolio Post themify-portfolio-post allows Stored XSS.This issue affects Themify Portfolio Post: …

Dec 9, 2025
CVE-2025-67532
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Hara hara allows PHP Local File Inclusion.This issue …

Dec 9, 2025
CVE-2025-67531
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in trippleS Turitor turitor allows PHP Local File Inclusion.This issue …

Dec 9, 2025
CVE-2025-67530
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Besa besa allows PHP Local File Inclusion.This issue …

Dec 9, 2025
CVE-2025-67529
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Opal_WP Fashion fashion2 allows PHP Local File Inclusion.This issue …

Dec 9, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.