Search

Expected end of text, found '.' (at char 13), (line:1, col:14)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (314400 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-59226 2025-10-15 7.8 High
Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally.
CVE-2025-59238 2025-10-15 7.8 High
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
CVE-2025-59228 2025-10-15 8.8 High
Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-59237 2025-10-15 8.8 High
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-59222 2025-10-15 7.8 High
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-59221 2025-10-15 7 High
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-25004 2025-10-15 7.3 High
Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.
CVE-2025-58718 2025-10-15 8.8 High
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2025-58737 2025-10-15 7 High
Use after free in Windows Remote Desktop allows an unauthorized attacker to execute code locally.
CVE-2025-59206 2025-10-15 7.4 High
Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability
CVE-2025-59287 2025-10-15 9.8 Critical
Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
CVE-2025-59213 2025-10-15 8.4 High
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an unauthorized attacker to elevate privileges locally.
CVE-2025-59196 2025-10-15 7 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
CVE-2025-59285 2025-10-15 7 High
Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVE-2025-59494 2025-10-15 7.8 High
Improper access control in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVE-2025-58726 2025-10-15 7.5 High
Improper access control in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
CVE-2025-58724 2025-10-15 7.8 High
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
CVE-2025-59295 2025-10-15 8.8 High
Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker to execute code over a network.
CVE-2025-53717 2025-10-15 7 High
Reliance on untrusted inputs in a security decision in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
CVE-2025-54253 1 Adobe 2 Experience Manager, Experience Manager Forms 2025-10-15 10 Critical
Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.