37700+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.
Stack-based buffer overflow in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally.
Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network.
Sensitive data storage in improperly locked memory in Windows TCP/IP allows an unauthorized attacker to execute code over a network.
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
Use after free in RPC Endpoint Mapper Service allows an authorized attacker to elevate privileges locally.
Improper access control in Windows Defender Application Control (WDAC) allows an unauthorized attacker to bypass a security feature locally.
Out-of-bounds read in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally.
Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.
Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network.
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally.
Sensitive data storage in improperly locked memory in Windows upnphost.dll allows an authorized attacker to elevate privileges locally.
Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network.
Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally.
Sensitive data storage in improperly locked memory in Windows Kernel allows an authorized attacker to elevate privileges locally.
Improper input validation in Windows Kerberos allows an authorized attacker to elevate privileges over a network.
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.
Uncontrolled resource consumption in Windows Cryptographic Services allows an unauthorized attacker to deny service over a network.
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.
Integer overflow or wraparound in Windows USB Print Driver allows an authorized attacker to elevate privileges locally.
Insufficiently protected credentials in Azure Local Cluster allows an authorized attacker to disclose information locally.
Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
Improper link resolution before file access ('link following') in Windows Update Stack allows an authorized attacker to elevate privileges locally.
Time-of-check time-of-use (toctou) race condition in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally.
Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Widgetize Pages Light widgetize-pages-light allows Reflected XSS.This issue affects Widgetize Pages Light: …
Authenticated command injection vulnerabilities exist in the AOS-10 GW and AOS-8 Controller/Mobility Conductor web-based management interface. Successful exploitation of these vulnerabilities allows an Authenticated attacker …
Arbitrary File Write vulnerabilities exist in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow …
Insufficient state checks lead to a vector that allows to bypass 2FA checks.
A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. The flaw is result of improper validation …
A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory …
A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. The flaw is result of improper validation …
A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory …
A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory …
Cursor is a code editor built for programming with AI. In versions 0.45.0 through 0.48.6, the Cursor app introduced a regression affecting the set of …
Umbraco is a free and open source .NET content management system. Authenticated users to the Umbraco backoffice are able to craft management API request that …
A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory …
A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory …
Free website and port scanning — find vulnerabilities before attackers do.