CVE Database

37482+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-49762
7.0 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Aug 12, 2025
CVE-2025-49761
7.8 HIGH

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

Aug 12, 2025
CVE-2025-49759
8.8 HIGH

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

Aug 12, 2025
CVE-2025-49758
8.8 HIGH

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

Aug 12, 2025
CVE-2025-49757
8.8 HIGH

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Aug 12, 2025
CVE-2025-49712
8.8 HIGH

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Aug 12, 2025
CVE-2025-49707
7.9 HIGH

Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally.

Aug 12, 2025
CVE-2025-49557
8.7 HIGH

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be exploited by …

Aug 12, 2025
CVE-2025-49556
7.5 HIGH

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature …

Aug 12, 2025
CVE-2025-49555
8.1 HIGH

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in privilege …

Aug 12, 2025
CVE-2025-49554
7.5 HIGH

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. …

Aug 12, 2025
CVE-2025-47954
8.8 HIGH

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

Aug 12, 2025
CVE-2025-33051
7.5 HIGH

Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network.

Aug 12, 2025
CVE-2025-24999
8.8 HIGH

Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.

Aug 12, 2025
CVE-2025-49564
7.8 HIGH

Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of …

Aug 12, 2025
CVE-2025-49563
7.8 HIGH

Illustrator versions 28.7.8, 29.6.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the …

Aug 12, 2025
CVE-2025-32086
7.2 HIGH

Improperly implemented security check for standard in the DDRIO configuration for some Intel(R) Xeon(R) 6 Processors when using Intel(R) SGX or Intel(R) TDX may allow …

Aug 12, 2025
CVE-2025-26403
7.2 HIGH

Out-of-bounds write in the memory subsystem for some Intel(R) Xeon(R) 6 processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to …

Aug 12, 2025
CVE-2025-25273
7.8 HIGH

Insufficient control flow management in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially …

Aug 12, 2025
CVE-2025-24486
7.8 HIGH

Improper input validation in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable …

Aug 12, 2025
CVE-2025-24484
7.8 HIGH

Improper input validation in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable …

Aug 12, 2025
CVE-2025-24325
8.8 HIGH

Improper input validation in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable …

Aug 12, 2025
CVE-2025-24305
7.2 HIGH

Insufficient control flow management in the Alias Checking Trusted Module (ACTM) firmware for some Intel(R) Xeon(R) processors may allow a privileged user to potentially enable …

Aug 12, 2025
CVE-2025-24303
7.8 HIGH

Improper check for unusual or exceptional conditions in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated …

Aug 12, 2025
CVE-2025-23241
7.3 HIGH

Integer overflow or wraparound in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially …

Aug 12, 2025
CVE-2025-22893
7.8 HIGH

Insufficient control flow management in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially …

Aug 12, 2025
CVE-2025-22889
7.9 HIGH

Improper handling of overlap between protected memory ranges for some Intel(R) Xeon(R) 6 processor with Intel(R) TDX may allow a privileged user to potentially enable …

Aug 12, 2025
CVE-2025-22840
7.4 HIGH

Sequence of processor instructions leads to unexpected behavior for some Intel(R) Xeon(R) 6 Scalable processors may allow an authenticated user to potentially enable escalation of …

Aug 12, 2025
CVE-2025-22839
7.5 HIGH

Insufficient granularity of access control in the OOB-MSM for some Intel(R) Xeon(R) 6 Scalable processors may allow a privileged user to potentially enable escalation of …

Aug 12, 2025
CVE-2025-22836
7.8 HIGH

Integer overflow or wraparound in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially …

Aug 12, 2025
CVE-2025-21086
7.5 HIGH

Improper input validation in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable …

Aug 12, 2025
CVE-2025-20625
7.4 HIGH

Improper conditions check for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.110.0.5 may allow an unauthenticated user to potentially enable denial of service …

Aug 12, 2025
CVE-2025-20109
7.8 HIGH

Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via …

Aug 12, 2025
CVE-2025-20093
8.2 HIGH

Improper check for unusual or exceptional conditions in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated …

Aug 12, 2025
CVE-2025-20074
7.8 HIGH

Time-of-check Time-of-use race condition for some Intel(R) Connectivity Performance Suite software installers before version 40.24.11210 may allow an authenticated user to potentially enable escalation of …

Aug 12, 2025
CVE-2025-20053
7.2 HIGH

Improper buffer restrictions for some Intel(R) Xeon(R) Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local …

Aug 12, 2025
CVE-2025-20037
7.2 HIGH

Time-of-check time-of-use race condition in firmware for some Intel(R) Converged Security and Management Engine may allow a privileged user to potentially enable escalation of privilege …

Aug 12, 2025
CVE-2025-54864
7.5 HIGH

Hydra is a continuous integration service for Nix based projects. Prior to commit f7bda02, /api/push-github and /api/push-gitea are called by the corresponding forge without HTTP …

Aug 12, 2025
CVE-2025-38500
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: xfrm: interface: fix use-after-free after changing collect_md xfrm interface collect_md property on xfrm interfaces can …

Aug 12, 2025
CVE-2025-8297
7.2 HIGH

Incomplete restriction of configuration in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to achieve remote code execution

Aug 12, 2025
CVE-2025-8296
7.2 HIGH

SQL injection in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to execute arbitrary SQL queries. In certain conditions, this …

Aug 12, 2025
CVE-2025-5462
7.5 HIGH

A heap-based buffer overflow in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons …

Aug 12, 2025
CVE-2025-5456
7.5 HIGH

A buffer over-read vulnerability in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons …

Aug 12, 2025
CVE-2025-3831
8.1 HIGH

Log files uploaded during troubleshooting by the Harmony SASE agent may have been accessible to unauthorized parties.

Aug 12, 2025
CVE-2025-40770
7.4 HIGH

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions). The affected application uses a monitoring interface that is not operating in a …

Aug 12, 2025
CVE-2025-40769
7.4 HIGH

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). The affected application uses a Content Security Policy that allows unsafe …

Aug 12, 2025
CVE-2025-40768
7.3 HIGH

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). The affected application exposes an internal service port to be accessible …

Aug 12, 2025
CVE-2025-40767
7.8 HIGH

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). The affected application runs docker containers without adequate security controls to …

Aug 12, 2025
CVE-2025-40764
7.8 HIGH

A vulnerability has been identified in Simcenter Femap V2406 (All versions < V2406.0003), Simcenter Femap V2412 (All versions < V2412.0002). The affected applications contains an …

Aug 12, 2025
CVE-2025-40762
7.8 HIGH

A vulnerability has been identified in Simcenter Femap V2406 (All versions < V2406.0003), Simcenter Femap V2412 (All versions < V2412.0002). The affected applications contain an …

Aug 12, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.