CVE Database

37604+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-29979
7.8 HIGH

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

May 13, 2025
CVE-2025-29978
7.8 HIGH

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

May 13, 2025
CVE-2025-29977
7.8 HIGH

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

May 13, 2025
CVE-2025-29976
7.8 HIGH

Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally.

May 13, 2025
CVE-2025-29975
7.8 HIGH

Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.

May 13, 2025
CVE-2025-29973
7.0 HIGH

Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally.

May 13, 2025
CVE-2025-29971
7.5 HIGH

Out-of-bounds read in Web Threat Defense (WTD.sys) allows an unauthorized attacker to deny service over a network.

May 13, 2025
CVE-2025-29970
7.8 HIGH

Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.

May 13, 2025
CVE-2025-29969
7.5 HIGH

Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network.

May 13, 2025
CVE-2025-29967
8.8 HIGH

Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.

May 13, 2025
CVE-2025-29966
8.8 HIGH

Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network.

May 13, 2025
CVE-2025-29964
8.8 HIGH

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.

May 13, 2025
CVE-2025-29963
8.8 HIGH

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.

May 13, 2025
CVE-2025-29962
8.8 HIGH

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.

May 13, 2025
CVE-2025-29842
7.5 HIGH

Acceptance of extraneous untrusted data with trusted data in UrlMon allows an unauthorized attacker to bypass a security feature over a network.

May 13, 2025
CVE-2025-29841
7.0 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Universal Print Management Service allows an authorized attacker to elevate privileges locally.

May 13, 2025
CVE-2025-29840
8.8 HIGH

Stack-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.

May 13, 2025
CVE-2025-29838
7.4 HIGH

Null pointer dereference in Windows Drivers allows an unauthorized attacker to elevate privileges locally.

May 13, 2025
CVE-2025-29833
7.7 HIGH

Time-of-check time-of-use (toctou) race condition in Windows Virtual Machine Bus allows an unauthorized attacker to execute code locally.

May 13, 2025
CVE-2025-29831
7.5 HIGH

Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.

May 13, 2025
CVE-2025-29826
7.3 HIGH

Improper handling of insufficient permissions or privileges in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.

May 13, 2025
CVE-2025-27468
7.0 HIGH

Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally.

May 13, 2025
CVE-2025-26677
7.5 HIGH

Uncontrolled resource consumption in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network.

May 13, 2025
CVE-2025-24063
7.8 HIGH

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

May 13, 2025
CVE-2025-21264
7.1 HIGH

Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.

May 13, 2025
CVE-2025-0035
7.3 HIGH

Unquoted search path within AMD Cloud Manageability Service can allow a local attacker to escalate privileges, potentially resulting in arbitrary code execution.

May 13, 2025
CVE-2024-36339
7.3 HIGH

A DLL hijacking vulnerability in the AMD Optimizing CPU Libraries could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

May 13, 2025
CVE-2024-36321
7.3 HIGH

Unquoted search path within AIM-T Manageability Service can allow a local attacker to escalate privileges, potentially resulting in arbitrary code execution.

May 13, 2025
CVE-2024-21960
7.3 HIGH

Incorrect default permissions in the AMD Optimizing CPU Libraries (AOCL) installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code …

May 13, 2025
CVE-2025-4428
7.2 HIGH KEV

Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via …

May 13, 2025
CVE-2025-47276
7.5 HIGH

Actualizer is a single shell script solution to allow developers and embedded engineers to create Debian operating systems (OS). Prior to version 1.2.0, Actualizer uses …

May 13, 2025
CVE-2025-30207
7.5 HIGH

Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby setups that use PHP's built-in …

May 13, 2025
CVE-2025-28055
7.5 HIGH

upset-gal-web v7.1.0 /api/music/v1/cover.ts contains an arbitrary file read vulnerabilit

May 13, 2025
CVE-2024-48766
8.6 HIGH

NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and because of factors related to strpos and directory …

May 13, 2025
CVE-2025-28057
7.2 HIGH

owl-admin v3.2.2~ to v4.10.2 is vulnerable to SQL Injection in /admin-api/system/admin_menus/save_order.

May 13, 2025
CVE-2025-22460
7.8 HIGH

Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges.

May 13, 2025
CVE-2024-42446
7.5 HIGH

APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means. Successful exploitation of this vulnerability …

May 13, 2025
CVE-2025-32917
8.8 HIGH

Privilege escalation in jar_signature agent plugin in Checkmk versions <2.4.0b7 (beta), <2.3.0p32, <2.2.0p42, and 2.1.0p49 (EOL) allow user with write access to JAVA_HOME/bin directory to …

May 13, 2025
CVE-2025-4648
8.4 HIGH

The content of a SVG file, received as input in Centreon web, was not properly checked. Allows Reflected XSS. A user with elevated privileges can …

May 13, 2025
CVE-2025-4647
8.4 HIGH

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon web allows Reflected XSS. A user with elevated privileges can …

May 13, 2025
CVE-2025-4646
7.2 HIGH

Incorrect Authorization vulnerability in Centreon web (API Token creation form modules) allows Privilege Escalation.This issue affects web: from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4.

May 13, 2025
CVE-2025-40582
7.8 HIGH

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices do not properly sanitize configuration …

May 13, 2025
CVE-2025-40581
7.1 HIGH

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices are vulnerable to an authentication …

May 13, 2025
CVE-2025-40574
7.8 HIGH

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices do not properly assign permissions to critical ressources. This …

May 13, 2025
CVE-2025-40566
8.8 HIGH

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update …

May 13, 2025
CVE-2025-32454
7.8 HIGH

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.14), Teamcenter Visualization V2312 (All versions < V2312.0010), Teamcenter Visualization V2406 (All versions …

May 13, 2025
CVE-2025-31930
8.8 HIGH

A vulnerability has been identified in IEC 1Ph 7.4kW Child socket (8EM1310-2EH04-0GA0) (All versions < V2.135), IEC 1Ph 7.4kW Child socket/ shutter (8EM1310-2EN04-0GA0) (All versions …

May 13, 2025
CVE-2025-30176
7.5 HIGH

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA …

May 13, 2025
CVE-2025-30175
7.5 HIGH

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA …

May 13, 2025
CVE-2025-30174
7.5 HIGH

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA …

May 13, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.