CVE Database

37700+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-26688
7.8 HIGH

Stack-based buffer overflow in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally.

Apr 8, 2025
CVE-2025-26687
7.5 HIGH

Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network.

Apr 8, 2025
CVE-2025-26686
7.5 HIGH

Sensitive data storage in improperly locked memory in Windows TCP/IP allows an unauthorized attacker to execute code over a network.

Apr 8, 2025
CVE-2025-26682
7.5 HIGH

Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.

Apr 8, 2025
CVE-2025-26680
7.5 HIGH

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.

Apr 8, 2025
CVE-2025-26679
7.8 HIGH

Use after free in RPC Endpoint Mapper Service allows an authorized attacker to elevate privileges locally.

Apr 8, 2025
CVE-2025-26678
8.4 HIGH

Improper access control in Windows Defender Application Control (WDAC) allows an unauthorized attacker to bypass a security feature locally.

Apr 8, 2025
CVE-2025-26675
7.8 HIGH

Out-of-bounds read in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.

Apr 8, 2025
CVE-2025-26674
7.8 HIGH

Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally.

Apr 8, 2025
CVE-2025-26673
7.5 HIGH

Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.

Apr 8, 2025
CVE-2025-26671
8.1 HIGH

Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.

Apr 8, 2025
CVE-2025-26670
8.1 HIGH

Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network.

Apr 8, 2025
CVE-2025-26669
8.8 HIGH

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Apr 8, 2025
CVE-2025-26668
7.5 HIGH

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Apr 8, 2025
CVE-2025-26666
7.8 HIGH

Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally.

Apr 8, 2025
CVE-2025-26665
7.0 HIGH

Sensitive data storage in improperly locked memory in Windows upnphost.dll allows an authorized attacker to elevate privileges locally.

Apr 8, 2025
CVE-2025-26663
8.1 HIGH

Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network.

Apr 8, 2025
CVE-2025-26652
7.5 HIGH

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.

Apr 8, 2025
CVE-2025-26649
7.0 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally.

Apr 8, 2025
CVE-2025-26648
7.8 HIGH

Sensitive data storage in improperly locked memory in Windows Kernel allows an authorized attacker to elevate privileges locally.

Apr 8, 2025
CVE-2025-26647
8.8 HIGH

Improper input validation in Windows Kerberos allows an authorized attacker to elevate privileges over a network.

Apr 8, 2025
CVE-2025-26642
7.8 HIGH

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.

Apr 8, 2025
CVE-2025-26641
7.5 HIGH

Uncontrolled resource consumption in Windows Cryptographic Services allows an unauthorized attacker to deny service over a network.

Apr 8, 2025
CVE-2025-26640
7.0 HIGH

Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.

Apr 8, 2025
CVE-2025-26639
7.8 HIGH

Integer overflow or wraparound in Windows USB Print Driver allows an authorized attacker to elevate privileges locally.

Apr 8, 2025
CVE-2025-26628
7.3 HIGH

Insufficiently protected credentials in Azure Local Cluster allows an authorized attacker to disclose information locally.

Apr 8, 2025
CVE-2025-24074
7.8 HIGH

Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Apr 8, 2025
CVE-2025-24073
7.8 HIGH

Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Apr 8, 2025
CVE-2025-24062
7.8 HIGH

Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Apr 8, 2025
CVE-2025-24060
7.8 HIGH

Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Apr 8, 2025
CVE-2025-24058
7.8 HIGH

Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Apr 8, 2025
CVE-2025-21222
8.8 HIGH

Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.

Apr 8, 2025
CVE-2025-21221
8.8 HIGH

Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.

Apr 8, 2025
CVE-2025-21205
8.8 HIGH

Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.

Apr 8, 2025
CVE-2025-21204
7.8 HIGH

Improper link resolution before file access ('link following') in Windows Update Stack allows an authorized attacker to elevate privileges locally.

Apr 8, 2025
CVE-2025-21191
7.0 HIGH

Time-of-check time-of-use (toctou) race condition in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally.

Apr 8, 2025
CVE-2025-21174
7.5 HIGH

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.

Apr 8, 2025
CVE-2025-32117
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Widgetize Pages Light widgetize-pages-light allows Reflected XSS.This issue affects Widgetize Pages Light: …

Apr 8, 2025
CVE-2025-27083
7.2 HIGH

Authenticated command injection vulnerabilities exist in the AOS-10 GW and AOS-8 Controller/Mobility Conductor web-based management interface. Successful exploitation of these vulnerabilities allows an Authenticated attacker …

Apr 8, 2025
CVE-2025-27082
7.2 HIGH

Arbitrary File Write vulnerabilities exist in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow …

Apr 8, 2025
CVE-2025-25227
7.5 HIGH

Insufficient state checks lead to a vector that allows to bypass 2FA checks.

Apr 8, 2025
CVE-2025-3289
7.8 HIGH

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. The flaw is result of improper validation …

Apr 8, 2025
CVE-2025-3288
7.8 HIGH

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory …

Apr 8, 2025
CVE-2025-3287
7.8 HIGH

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. The flaw is result of improper validation …

Apr 8, 2025
CVE-2025-3286
7.8 HIGH

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory …

Apr 8, 2025
CVE-2025-3285
7.8 HIGH

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory …

Apr 8, 2025
CVE-2025-32018
8.0 HIGH

Cursor is a code editor built for programming with AI. In versions 0.45.0 through 0.48.6, the Cursor app introduced a regression affecting the set of …

Apr 8, 2025
CVE-2025-32017
8.8 HIGH

Umbraco is a free and open source .NET content management system. Authenticated users to the Umbraco backoffice are able to craft management API request that …

Apr 8, 2025
CVE-2025-2829
7.8 HIGH

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory …

Apr 8, 2025
CVE-2025-2293
7.8 HIGH

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory …

Apr 8, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.