Search

Expected end of text, found '.' (at char 14), (line:1, col:15)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (314238 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-37144 2025-10-14 4.9 Medium
Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits.
CVE-2025-37145 2025-10-14 4.9 Medium
Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits.
CVE-2025-50174 2025-10-14 7 High
Use after free in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally.
CVE-2025-53782 2025-10-14 8.4 High
Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally.
CVE-2025-55320 2025-10-14 6.7 Medium
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally.
CVE-2025-55328 2025-10-14 7.8 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
CVE-2025-55330 2025-10-14 6.1 Medium
Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2025-55331 2025-10-14 7 High
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
CVE-2025-55332 2025-10-14 6.1 Medium
Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2025-55679 2025-10-14 5.1 Medium
Improper input validation in Windows Kernel allows an unauthorized attacker to disclose information locally.
CVE-2025-55685 2025-10-14 7 High
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
CVE-2025-55686 2025-10-14 7 High
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
CVE-2025-55688 2025-10-14 7 High
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
CVE-2025-55691 2025-10-14 7 High
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
CVE-2025-58714 2025-10-14 7.8 High
Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2025-58718 2025-10-14 8.8 High
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2025-58720 2025-10-14 7.8 High
Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.
CVE-2025-58724 2025-10-14 7.8 High
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
CVE-2025-58725 2025-10-14 7 High
Heap-based buffer overflow in Windows COM allows an authorized attacker to elevate privileges locally.
CVE-2025-58726 2025-10-14 7.5 High
Improper access control in Windows SMB Server allows an authorized attacker to elevate privileges over a network.