CVE Database

37482+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-49661
7.8 HIGH

Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Jul 8, 2025
CVE-2025-49660
7.8 HIGH

Use after free in Windows Event Tracing allows an authorized attacker to elevate privileges locally.

Jul 8, 2025
CVE-2025-49659
7.8 HIGH

Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.

Jul 8, 2025
CVE-2025-49657
8.8 HIGH

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Jul 8, 2025
CVE-2025-48824
8.8 HIGH

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Jul 8, 2025
CVE-2025-48822
8.6 HIGH

Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.

Jul 8, 2025
CVE-2025-48821
7.1 HIGH

Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.

Jul 8, 2025
CVE-2025-48820
7.8 HIGH

Improper link resolution before file access ('link following') in Windows AppX Deployment Service allows an authorized attacker to elevate privileges locally.

Jul 8, 2025
CVE-2025-48819
7.1 HIGH

Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an …

Jul 8, 2025
CVE-2025-48817
8.8 HIGH

Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Jul 8, 2025
CVE-2025-48816
7.8 HIGH

Integer overflow or wraparound in HID class driver allows an authorized attacker to elevate privileges locally.

Jul 8, 2025
CVE-2025-48815
7.8 HIGH

Access of resource using incompatible type ('type confusion') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

Jul 8, 2025
CVE-2025-48814
7.5 HIGH

Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an unauthorized attacker to bypass a security feature over a network.

Jul 8, 2025
CVE-2025-48806
7.8 HIGH

Use after free in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally.

Jul 8, 2025
CVE-2025-48805
7.8 HIGH

Heap-based buffer overflow in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally.

Jul 8, 2025
CVE-2025-48799
7.8 HIGH

Improper link resolution before file access ('link following') in Windows Update Service allows an authorized attacker to elevate privileges locally.

Jul 8, 2025
CVE-2025-48000
7.8 HIGH

Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.

Jul 8, 2025
CVE-2025-47998
8.8 HIGH

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Jul 8, 2025
CVE-2025-47996
7.8 HIGH

Integer underflow (wrap or wraparound) in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.

Jul 8, 2025
CVE-2025-47994
7.8 HIGH

Deserialization of untrusted data in Microsoft Office allows an unauthorized attacker to elevate privileges locally.

Jul 8, 2025
CVE-2025-47993
7.8 HIGH

Improper access control in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.

Jul 8, 2025
CVE-2025-47991
7.8 HIGH

Use after free in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.

Jul 8, 2025
CVE-2025-47988
7.5 HIGH

Improper control of generation of code ('code injection') in Azure Monitor Agent allows an unauthorized attacker to execute code over an adjacent network.

Jul 8, 2025
CVE-2025-47987
7.8 HIGH

Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally.

Jul 8, 2025
CVE-2025-47986
8.8 HIGH

Use after free in Universal Print Management Service allows an authorized attacker to elevate privileges locally.

Jul 8, 2025
CVE-2025-47985
7.8 HIGH

Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate privileges locally.

Jul 8, 2025
CVE-2025-47984
7.5 HIGH

Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.

Jul 8, 2025
CVE-2025-47982
7.8 HIGH

Improper input validation in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.

Jul 8, 2025
CVE-2025-47976
7.8 HIGH

Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

Jul 8, 2025
CVE-2025-47975
7.0 HIGH

Double free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

Jul 8, 2025
CVE-2025-47973
7.8 HIGH

Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.

Jul 8, 2025
CVE-2025-47972
8.0 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges over a …

Jul 8, 2025
CVE-2025-47971
7.8 HIGH

Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.

Jul 8, 2025
CVE-2025-47178
8.0 HIGH

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to execute code over an …

Jul 8, 2025
CVE-2025-47159
7.8 HIGH

Protection mechanism failure in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.

Jul 8, 2025
CVE-2025-33054
8.1 HIGH

Insufficient UI warning of dangerous operations in Remote Desktop Client allows an unauthorized attacker to perform spoofing over a network.

Jul 8, 2025
CVE-2025-21166
7.8 HIGH

Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

Jul 8, 2025
CVE-2025-21165
7.8 HIGH

Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

Jul 8, 2025
CVE-2025-21164
7.8 HIGH

Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

Jul 8, 2025
CVE-2025-7185
7.3 HIGH

A vulnerability was found in code-projects Library System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /approve.php. The …

Jul 8, 2025
CVE-2025-7184
7.3 HIGH

A vulnerability was found in code-projects Library System 1.0. It has been classified as critical. This affects an unknown part of the file /user/teacher/books.php. The …

Jul 8, 2025
CVE-2025-6771
7.2 HIGH

OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2,12.4.0.3 and 12.3.0.3 allows a remote authenticated attacker with high privileges to achieve remote …

Jul 8, 2025
CVE-2025-43019
7.8 HIGH

A potential security vulnerability has been identified in the HP Support Assistant, which allows a local attacker to escalate privileges via an arbitrary file deletion.

Jul 8, 2025
CVE-2025-7326
7.0 HIGH

Weak authentication in EOL ASP.NET Core allows an unauthorized attacker to elevate privileges over a network. NOTE: This CVE affects only End Of Life (EOL) …

Jul 8, 2025
CVE-2025-7183
7.3 HIGH

A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the …

Jul 8, 2025
CVE-2025-7037
7.2 HIGH

SQL injection in Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a remote authenticated attacker with admin privileges to …

Jul 8, 2025
CVE-2025-6996
8.4 HIGH

Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated …

Jul 8, 2025
CVE-2025-6995
8.4 HIGH

Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated …

Jul 8, 2025
CVE-2025-6770
7.2 HIGH

OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2 allows a remote authenticated attacker with high privileges to achieve remote code execution

Jul 8, 2025
CVE-2025-53372
7.5 HIGH

node-code-sandbox-mcp is a Node.js–based Model Context Protocol server that spins up disposable Docker containers to execute arbitrary JavaScript. Prior to 1.3.0, a command injection vulnerability …

Jul 8, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.