CVE Database

36731+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-54283
7.8 HIGH

Illustrator versions 29.7, 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the …

Oct 14, 2025
CVE-2025-54282
7.8 HIGH

Adobe Framemaker versions 2020.9, 2022.7 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context …

Oct 14, 2025
CVE-2025-54281
7.8 HIGH

Adobe Framemaker versions 2020.9, 2022.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context …

Oct 14, 2025
CVE-2025-54276
7.8 HIGH

Substance3D - Modeler versions 1.22.3 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read …

Oct 14, 2025
CVE-2025-54280
7.8 HIGH

Substance3D - Viewer versions 0.25.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

Oct 14, 2025
CVE-2025-54274
7.8 HIGH

Substance3D - Viewer versions 0.25.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context …

Oct 14, 2025
CVE-2025-54273
7.8 HIGH

Substance3D - Viewer versions 0.25.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

Oct 14, 2025
CVE-2025-33182
7.6 HIGH

NVIDIA Jetson Linux contains a vulnerability in UEFI, where improper authentication may allow a privileged user to cause corruption of the Linux Device Tree. A …

Oct 14, 2025
CVE-2025-8459
7.7 HIGH

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Monitoring recurrent downtime scheduler modules) allows Stored XSS.This …

Oct 14, 2025
CVE-2025-60536
7.5 HIGH

An issue in the Configure New Cluster interface of kafka-ui v0.6.0 to v0.7.2 allows attackers to cause a Denial of Service (DoS) via uploading a …

Oct 14, 2025
CVE-2025-57618
7.3 HIGH

A path traversal vulnerability in FastX3 thru 3.3.67 allows an unauthenticated attacker to read arbitrary files on the server. By leveraging this vulnerability, it is …

Oct 14, 2025
CVE-2025-23356
8.4 HIGH

NVIDIA Isaac Lab contains a vulnerability in SB3 configuration parsing. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation …

Oct 14, 2025
CVE-2025-11736
7.3 HIGH

A flaw has been found in itsourcecode Online Examination System 1.0. Affected by this issue is some unknown functionality of the file /index.php. This manipulation …

Oct 14, 2025
CVE-2025-60535
7.3 HIGH

A Cross-Site Request Forgery (CSRF) in the component /endpoints/currency/currency of Wallos v4.1.1 allows attackers to execute arbitrary operations via a crafted GET request.

Oct 14, 2025
CVE-2025-59502
7.5 HIGH

Uncontrolled resource consumption in Windows Remote Procedure Call allows an unauthorized attacker to deny service over a network.

Oct 14, 2025
CVE-2025-59497
7.0 HIGH

Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Linux allows an authorized attacker to deny service locally.

Oct 14, 2025
CVE-2025-59494
7.8 HIGH

Improper access control in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.

Oct 14, 2025
CVE-2025-59295
8.8 HIGH

Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker to execute code over a network.

Oct 14, 2025
CVE-2025-59292
8.2 HIGH

External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally.

Oct 14, 2025
CVE-2025-59291
8.2 HIGH

External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally.

Oct 14, 2025
CVE-2025-59290
7.8 HIGH

Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.

Oct 14, 2025
CVE-2025-59289
7.0 HIGH

Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.

Oct 14, 2025
CVE-2025-59285
7.0 HIGH

Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.

Oct 14, 2025
CVE-2025-59282
7.0 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Inbox COM Objects allows an unauthorized attacker to execute code locally.

Oct 14, 2025
CVE-2025-59281
7.8 HIGH

Improper link resolution before file access ('link following') in XBox Gaming Services allows an authorized attacker to elevate privileges locally.

Oct 14, 2025
CVE-2025-59278
7.8 HIGH

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.

Oct 14, 2025
CVE-2025-59277
7.8 HIGH

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.

Oct 14, 2025
CVE-2025-59275
7.8 HIGH

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.

Oct 14, 2025
CVE-2025-59261
7.0 HIGH

Time-of-check time-of-use (toctou) race condition in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Oct 14, 2025
CVE-2025-59255
7.8 HIGH

Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Oct 14, 2025
CVE-2025-59254
7.8 HIGH

Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Oct 14, 2025
CVE-2025-59250
8.1 HIGH

Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network.

Oct 14, 2025
CVE-2025-59249
8.8 HIGH

Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.

Oct 14, 2025
CVE-2025-59248
7.5 HIGH

Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

Oct 14, 2025
CVE-2025-59243
7.8 HIGH

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Oct 14, 2025
CVE-2025-59242
7.8 HIGH

Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Oct 14, 2025
CVE-2025-59241
7.8 HIGH

Improper link resolution before file access ('link following') in Windows Health and Optimized Experiences Service allows an authorized attacker to elevate privileges locally.

Oct 14, 2025
CVE-2025-59238
7.8 HIGH

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

Oct 14, 2025
CVE-2025-59237
8.8 HIGH

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Oct 14, 2025
CVE-2025-59236
8.4 HIGH

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Oct 14, 2025
CVE-2025-59235
7.1 HIGH

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Oct 14, 2025
CVE-2025-59234
7.8 HIGH

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Oct 14, 2025
CVE-2025-59233
7.8 HIGH

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Oct 14, 2025
CVE-2025-59232
7.1 HIGH

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Oct 14, 2025
CVE-2025-59231
7.8 HIGH

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Oct 14, 2025
CVE-2025-59230
7.8 HIGH KEV

Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.

Oct 14, 2025
CVE-2025-59228
8.8 HIGH

Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Oct 14, 2025
CVE-2025-59227
7.8 HIGH

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Oct 14, 2025
CVE-2025-59226
7.8 HIGH

Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally.

Oct 14, 2025
CVE-2025-59225
7.8 HIGH

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Oct 14, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.