37482+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.
Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Use after free in Windows Event Tracing allows an authorized attacker to elevate privileges locally.
Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.
Improper link resolution before file access ('link following') in Windows AppX Deployment Service allows an authorized attacker to elevate privileges locally.
Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an …
Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Integer overflow or wraparound in HID class driver allows an authorized attacker to elevate privileges locally.
Access of resource using incompatible type ('type confusion') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an unauthorized attacker to bypass a security feature over a network.
Use after free in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally.
Heap-based buffer overflow in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally.
Improper link resolution before file access ('link following') in Windows Update Service allows an authorized attacker to elevate privileges locally.
Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Integer underflow (wrap or wraparound) in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.
Deserialization of untrusted data in Microsoft Office allows an unauthorized attacker to elevate privileges locally.
Improper access control in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
Use after free in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.
Improper control of generation of code ('code injection') in Azure Monitor Agent allows an unauthorized attacker to execute code over an adjacent network.
Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally.
Use after free in Universal Print Management Service allows an authorized attacker to elevate privileges locally.
Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate privileges locally.
Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.
Improper input validation in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.
Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
Double free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges over a …
Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to execute code over an …
Protection mechanism failure in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
Insufficient UI warning of dangerous operations in Remote Desktop Client allows an unauthorized attacker to perform spoofing over a network.
Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …
Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …
Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …
A vulnerability was found in code-projects Library System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /approve.php. The …
A vulnerability was found in code-projects Library System 1.0. It has been classified as critical. This affects an unknown part of the file /user/teacher/books.php. The …
OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2,12.4.0.3 and 12.3.0.3 allows a remote authenticated attacker with high privileges to achieve remote …
A potential security vulnerability has been identified in the HP Support Assistant, which allows a local attacker to escalate privileges via an arbitrary file deletion.
Weak authentication in EOL ASP.NET Core allows an unauthorized attacker to elevate privileges over a network. NOTE: This CVE affects only End Of Life (EOL) …
A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the …
SQL injection in Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a remote authenticated attacker with admin privileges to …
Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated …
Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated …
OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2 allows a remote authenticated attacker with high privileges to achieve remote code execution
node-code-sandbox-mcp is a Node.js–based Model Context Protocol server that spins up disposable Docker containers to execute arbitrary JavaScript. Prior to 1.3.0, a command injection vulnerability …
Free website and port scanning — find vulnerabilities before attackers do.