CVE Database

37788+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-21373
7.8 HIGH

Windows Installer Elevation of Privilege Vulnerability

Feb 11, 2025
CVE-2025-21371
8.8 HIGH

Windows Telephony Service Remote Code Execution Vulnerability

Feb 11, 2025
CVE-2025-21369
8.8 HIGH

Microsoft Digest Authentication Remote Code Execution Vulnerability

Feb 11, 2025
CVE-2025-21368
8.8 HIGH

Microsoft Digest Authentication Remote Code Execution Vulnerability

Feb 11, 2025
CVE-2025-21367
7.8 HIGH

Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

Feb 11, 2025
CVE-2025-21359
7.8 HIGH

Windows Kernel Security Feature Bypass Vulnerability

Feb 11, 2025
CVE-2025-21358
7.8 HIGH

Windows Core Messaging Elevation of Privileges Vulnerability

Feb 11, 2025
CVE-2025-21351
7.5 HIGH

Windows Active Directory Domain Services API Denial of Service Vulnerability

Feb 11, 2025
CVE-2025-21322
7.8 HIGH

Microsoft PC Manager Elevation of Privilege Vulnerability

Feb 11, 2025
CVE-2025-21208
8.8 HIGH

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Feb 11, 2025
CVE-2025-21206
7.3 HIGH

Visual Studio Installer Elevation of Privilege Vulnerability

Feb 11, 2025
CVE-2025-21201
8.8 HIGH

Windows Telephony Server Remote Code Execution Vulnerability

Feb 11, 2025
CVE-2025-21200
8.8 HIGH

Windows Telephony Service Remote Code Execution Vulnerability

Feb 11, 2025
CVE-2025-21194
7.1 HIGH

Microsoft Surface Security Feature Bypass Vulnerability

Feb 11, 2025
CVE-2025-21190
8.8 HIGH

Windows Telephony Service Remote Code Execution Vulnerability

Feb 11, 2025
CVE-2025-21184
7.0 HIGH

Windows Core Messaging Elevation of Privileges Vulnerability

Feb 11, 2025
CVE-2025-21183
7.4 HIGH

Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability

Feb 11, 2025
CVE-2025-21182
7.4 HIGH

Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability

Feb 11, 2025
CVE-2025-21181
7.5 HIGH

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Feb 11, 2025
CVE-2025-21163
7.8 HIGH

Illustrator versions 29.1, 28.7.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of …

Feb 11, 2025
CVE-2025-21161
7.8 HIGH

Substance3D - Designer versions 14.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

Feb 11, 2025
CVE-2025-21160
7.8 HIGH

Illustrator versions 29.1, 28.7.3 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the …

Feb 11, 2025
CVE-2025-21159
7.8 HIGH

Illustrator versions 29.1, 28.7.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of …

Feb 11, 2025
CVE-2025-21156
7.8 HIGH

InCopy versions 20.0, 19.5.1 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the …

Feb 11, 2025
CVE-2025-24472
8.1 HIGH KEV

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may …

Feb 11, 2025
CVE-2025-24470
8.6 HIGH

An Improper Resolution of Path Equivalence vulnerability [CWE-41] in FortiPortal 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker …

Feb 11, 2025
CVE-2025-22399
7.9 HIGH

Dell UCC Edge, version 2.3.0, contains a Blind SSRF on Add Customer SFTP Server vulnerability. An unauthenticated attacker with local access could potentially exploit this …

Feb 11, 2025
CVE-2025-21158
7.8 HIGH

InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in …

Feb 11, 2025
CVE-2025-21157
7.8 HIGH

InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

Feb 11, 2025
CVE-2025-21123
7.8 HIGH

InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context …

Feb 11, 2025
CVE-2025-21121
7.8 HIGH

InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

Feb 11, 2025
CVE-2024-50567
7.2 HIGH

An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb 7.4.0 through 7.6.0 allows attacker to execute unauthorized …

Feb 11, 2025
CVE-2024-40591
8.8 HIGH

An incorrect privilege assignment vulnerability [CWE-266] in Fortinet FortiOS version 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.9 and before 7.0.15 allows an authenticated admin whose …

Feb 11, 2025
CVE-2024-40584
7.2 HIGH

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiAnalyzer version 7.4.0 through 7.4.3, 7.2.0 through …

Feb 11, 2025
CVE-2024-35279
8.1 HIGH

A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 7.2.4 through 7.2.8 and version 7.4.0 through 7.4.4 allows a remote unauthenticated attacker to execute …

Feb 11, 2025
CVE-2024-27781
7.1 HIGH

An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through …

Feb 11, 2025
CVE-2024-12756
7.3 HIGH

An HTML Injection vulnerability in Avaya Spaces may have allowed disclosure of sensitive information or modification of the page content seen by the user.

Feb 11, 2025
CVE-2024-12755
7.9 HIGH

A Cross-Site Scripting (XSS) vulnerability in Avaya Spaces may have allowed unauthorized code execution and potential disclose of sensitive information.

Feb 11, 2025
CVE-2025-24900
8.6 HIGH

Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Due to a lack of CSRF countermeasures and improper settings of …

Feb 11, 2025
CVE-2025-24897
8.2 HIGH

Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, due to a lack of CSRF protection …

Feb 11, 2025
CVE-2025-24896
8.1 HIGH

Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, a login token named `token` is stored …

Feb 11, 2025
CVE-2025-24807
7.1 HIGH

eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.6.10, 2.10.7, …

Feb 11, 2025
CVE-2024-13813
7.1 HIGH

Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files.

Feb 11, 2025
CVE-2024-33659
8.8 HIGH

AMI APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation by a local attacker. Successful exploitation of these vulnerabilities …

Feb 11, 2025
CVE-2025-26492
7.7 HIGH

In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources

Feb 11, 2025
CVE-2025-24811
7.5 HIGH

A vulnerability has been identified in SIMATIC S7-1200 CPU 1211C AC/DC/Rly (6ES7211-1BE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/DC (6ES7211-1AE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/Rly (6ES7211-1HE40-0XB0), SIMATIC …

Feb 11, 2025
CVE-2025-24499
7.2 HIGH

A vulnerability has been identified in SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V3.0.0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All …

Feb 11, 2025
CVE-2025-23403
7.0 HIGH

A vulnerability has been identified in SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions). The affected device do not properly restrict the user …

Feb 11, 2025
CVE-2025-23363
7.4 HIGH

A vulnerability has been identified in Teamcenter V14.1 (All versions), Teamcenter V14.2 (All versions), Teamcenter V14.3 (All versions < V14.3.0.14), Teamcenter V2312 (All versions < …

Feb 11, 2025
CVE-2024-54089
7.5 HIGH

A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions), APOGEE PXC Series (P2 Ethernet) (All versions), TALON TC Series (BACnet) (All versions). …

Feb 11, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.