CVE Database

36759+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-54910
8.4 HIGH

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Sep 9, 2025
CVE-2025-54908
7.8 HIGH

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

Sep 9, 2025
CVE-2025-54907
7.8 HIGH

Heap-based buffer overflow in Microsoft Office Visio allows an unauthorized attacker to execute code locally.

Sep 9, 2025
CVE-2025-54906
7.8 HIGH

Free of memory not on the heap in Microsoft Office allows an unauthorized attacker to execute code locally.

Sep 9, 2025
CVE-2025-54905
7.1 HIGH

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

Sep 9, 2025
CVE-2025-54904
7.8 HIGH

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Sep 9, 2025
CVE-2025-54903
7.8 HIGH

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Sep 9, 2025
CVE-2025-54902
7.8 HIGH

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Sep 9, 2025
CVE-2025-54900
7.8 HIGH

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Sep 9, 2025
CVE-2025-54899
7.8 HIGH

Free of memory not on the heap in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Sep 9, 2025
CVE-2025-54898
7.8 HIGH

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Sep 9, 2025
CVE-2025-54897
8.8 HIGH

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Sep 9, 2025
CVE-2025-54896
7.8 HIGH

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Sep 9, 2025
CVE-2025-54895
7.8 HIGH

Integer overflow or wraparound in Windows SPNEGO Extended Negotiation allows an authorized attacker to elevate privileges locally.

Sep 9, 2025
CVE-2025-54894
7.8 HIGH

Local Security Authority Subsystem Service Elevation of Privilege Vulnerability

Sep 9, 2025
CVE-2025-54709
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Sala. This issue affects Sala: from n/a through …

Sep 9, 2025
CVE-2025-54248
7.7 HIGH

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged …

Sep 9, 2025
CVE-2025-54116
7.3 HIGH

Improper access control in Windows MultiPoint Services allows an authorized attacker to elevate privileges locally.

Sep 9, 2025
CVE-2025-54115
7.0 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.

Sep 9, 2025
CVE-2025-54114
7.0 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.

Sep 9, 2025
CVE-2025-54113
8.8 HIGH

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Sep 9, 2025
CVE-2025-54112
7.0 HIGH

Use after free in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally.

Sep 9, 2025
CVE-2025-54111
7.8 HIGH

Use after free in Windows UI XAML Phone DatePickerFlyout allows an authorized attacker to elevate privileges locally.

Sep 9, 2025
CVE-2025-54110
8.8 HIGH

Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges locally.

Sep 9, 2025
CVE-2025-54108
7.0 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally.

Sep 9, 2025
CVE-2025-54106
8.8 HIGH

Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Sep 9, 2025
CVE-2025-54105
7.0 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.

Sep 9, 2025
CVE-2025-54103
7.4 HIGH

Use after free in Windows Management Services allows an unauthorized attacker to elevate privileges locally.

Sep 9, 2025
CVE-2025-54102
7.8 HIGH

Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.

Sep 9, 2025
CVE-2025-54099
7.0 HIGH

Stack-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Sep 9, 2025
CVE-2025-54098
7.8 HIGH

Improper access control in Windows Hyper-V allows an authorized attacker to elevate privileges locally.

Sep 9, 2025
CVE-2025-54093
7.0 HIGH

Time-of-check time-of-use (toctou) race condition in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

Sep 9, 2025
CVE-2025-54092
7.8 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.

Sep 9, 2025
CVE-2025-54091
7.8 HIGH

Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to elevate privileges locally.

Sep 9, 2025
CVE-2025-53807
7.0 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Sep 9, 2025
CVE-2025-53805
7.5 HIGH

Out-of-bounds read in Windows Internet Information Services allows an unauthorized attacker to deny service over a network.

Sep 9, 2025
CVE-2025-53802
7.0 HIGH

Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.

Sep 9, 2025
CVE-2025-53801
7.8 HIGH

Untrusted pointer dereference in Windows DWM allows an authorized attacker to elevate privileges locally.

Sep 9, 2025
CVE-2025-53800
7.8 HIGH

No cwe for this issue in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Sep 9, 2025
CVE-2025-53303
8.8 HIGH

Deserialization of Untrusted Data vulnerability in ThemeMove ThemeMove Core thememove-core allows Object Injection.This issue affects ThemeMove Core: from n/a through <= 1.4.2.

Sep 9, 2025
CVE-2025-49734
7.0 HIGH

Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an authorized attacker to elevate privileges locally.

Sep 9, 2025
CVE-2025-49692
7.8 HIGH

Improper access control in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.

Sep 9, 2025
CVE-2025-49430
7.2 HIGH

Server-Side Request Forgery (SSRF) vulnerability in FWDesign Ultimate Video Player fwduvp allows Server Side Request Forgery.This issue affects Ultimate Video Player: from n/a through <= …

Sep 9, 2025
CVE-2025-48101
8.8 HIGH

Deserialization of Untrusted Data vulnerability in webdevstudios Constant Contact for WordPress allows Object Injection. This issue affects Constant Contact for WordPress: from n/a through 4.1.1.

Sep 9, 2025
CVE-2025-47695
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in solwin Blog Designer PRO blog-designer-pro.This issue affects Blog Designer …

Sep 9, 2025
CVE-2025-47694
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in solwin Blog Designer PRO blog-designer-pro.This issue affects Blog Designer PRO: from n/a through …

Sep 9, 2025
CVE-2025-47571
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in highwarden Super Store Finder superstorefinder-wp allows PHP Local File …

Sep 9, 2025
CVE-2025-47570
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in villatheme WooCommerce Photo Reviews woocommerce-photo-reviews.This issue affects WooCommerce Photo Reviews: from n/a through …

Sep 9, 2025
CVE-2025-32689
7.5 HIGH

Improper Validation of Specified Quantity in Input vulnerability in Convers Lab WP SmartPay smartpay.This issue affects WP SmartPay: from n/a through <= 2.8.2.

Sep 9, 2025
CVE-2025-9872
8.8 HIGH

Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker to achieve remote code execution. …

Sep 9, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.