| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-54253 | 0.14 | — | 0.90 | KEV | Aug 5, 2025 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not… | ||
| CVE-2025-54948 | 0.13 | — | 0.20 | KEV | Aug 5, 2025 | A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. | ||
| CVE-2025-6205 | 0.19 | — | 0.69 | KEV | Aug 4, 2025 | A missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to gain privileged access to the application. | ||
| CVE-2025-6204 | 0.13 | — | 0.75 | KEV | Aug 4, 2025 | An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code. | ||
| CVE-2025-31277 | Hig | 0.69 | 8.8 | 0.01 | KEV | Jul 30, 2025 | The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption. | |
| CVE-2025-38352 | 0.12 | — | 0.01 | KEV | Jul 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can… | ||
| CVE-2025-53770 | 0.28 | — | 1.00 | KEV | Jul 20, 2025 | Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update… | ||
| CVE-2025-54313 | — | 0.05 | — | 0.04 | KEV | Jul 19, 2025 | eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows. | |
| CVE-2025-54309 | 0.18 | — | 0.92 | KEV | Jul 18, 2025 | CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025. | ||
| CVE-2025-54068 | 0.13 | — | 0.95 | KEV | Jul 17, 2025 | Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This… | ||
| CVE-2025-25257 | 0.17 | — | 0.97 | KEV | Jul 17, 2025 | An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.7, FortiWeb 7.2.0 through 7.2.10, FortiWeb 7.0.0 through 7.0.10 allows an… | ||
| CVE-2025-20337 | 0.12 | — | 0.65 | KEV | Jul 16, 2025 | A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This… | ||
| CVE-2025-6558 | 0.12 | — | 0.09 | KEV | Jul 15, 2025 | Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-47813 | 0.14 | — | 0.56 | KEV | Jul 10, 2025 | loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie. | ||
| CVE-2025-47812 | 0.22 | — | 0.95 | KEV | Jul 10, 2025 | In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by… | ||
| CVE-2025-48384 | 0.12 | — | 0.03 | KEV | Jul 8, 2025 | Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config… | ||
| CVE-2025-49706 | 0.27 | — | 1.00 | KEV | Jul 8, 2025 | Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2025-49704 | 0.26 | — | 1.00 | KEV | Jul 8, 2025 | Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||
| CVE-2025-6554 | 0.12 | — | 0.07 | KEV | Jun 30, 2025 | Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-32463 | 0.20 | — | 0.47 | KEV | Jun 30, 2025 | Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option. | ||
| CVE-2025-20281 | 0.15 | — | 0.97 | KEV | Jun 25, 2025 | A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This… | ||
| CVE-2025-6543 | 0.12 | — | 0.10 | KEV | Jun 25, 2025 | Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server | ||
| CVE-2025-32975 | Cri | 0.80 | 10.0 | 0.02 | KEV | Jun 24, 2025 | Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains an authentication bypass vulnerability that allows attackers to impersonate… | |
| CVE-2025-48700 | Med | 0.46 | 6.1 | 0.02 | KEV | Jun 23, 2025 | An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting (XSS) vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to… | |
| CVE-2025-6218 | 0.12 | — | 0.86 | KEV | Jun 21, 2025 | RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a… | ||
| CVE-2025-5777 | 0.26 | — | 1.00 | KEV | Jun 17, 2025 | Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server | ||
| CVE-2025-43200 | Med | 0.39 | 4.2 | 0.01 | KEV | Jun 16, 2025 | This issue was addressed with improved checks. This issue is fixed in iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.1 and iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura 13.7.4, visionOS 2.3.1, watchOS 11.3.1. A… | |
| CVE-2025-33073 | 0.19 | — | 0.64 | KEV | Jun 10, 2025 | Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2025-33053 | 0.19 | — | 0.82 | KEV | Jun 10, 2025 | External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-47827 | 0.12 | — | 0.04 | KEV | Jun 5, 2025 | In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image. | ||
| CVE-2025-21479 | — | 0.12 | — | 0.01 | KEV | Jun 3, 2025 | Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands. | |
| CVE-2025-27038 | — | 0.12 | — | 0.01 | KEV | Jun 3, 2025 | Memory corruption while rendering graphics using Adreno GPU drivers in Chrome. | |
| CVE-2025-21480 | — | 0.12 | — | 0.00 | KEV | Jun 3, 2025 | Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands. | |
| CVE-2025-5419 | 0.12 | — | 0.06 | KEV | Jun 2, 2025 | Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-5086 | 0.15 | — | 0.89 | KEV | Jun 2, 2025 | A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution. | ||
| CVE-2025-49113 | 0.15 | — | 0.89 | KEV | Jun 2, 2025 | Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization. | ||
| CVE-2025-48927 | 0.13 | — | 0.08 | KEV | May 28, 2025 | The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025. | ||
| CVE-2025-48928 | 0.13 | — | 0.00 | KEV | May 28, 2025 | The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025. | ||
| CVE-2025-34026 | 0.18 | — | 0.83 | KEV | May 21, 2025 | The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace… | ||
| CVE-2025-4008 | 0.16 | — | 0.95 | KEV | May 21, 2025 | The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an endpoint that is vulnerable to command… | ||
| CVE-2025-30397 | 0.17 | — | 0.22 | KEV | May 13, 2025 | Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-32709 | 0.12 | — | 0.02 | KEV | May 13, 2025 | Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-32706 | 0.12 | — | 0.02 | KEV | May 13, 2025 | Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-32701 | 0.12 | — | 0.01 | KEV | May 13, 2025 | Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-30400 | 0.12 | — | 0.02 | KEV | May 13, 2025 | Use after free in Windows DWM allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-4428 | 0.18 | — | 0.88 | KEV | May 13, 2025 | Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests. | ||
| CVE-2025-4427 | 0.22 | — | 1.00 | KEV | May 13, 2025 | An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API. | ||
| CVE-2025-32756 | 0.14 | — | 0.31 | KEV | May 13, 2025 | A stack-based buffer overflow vulnerability [CWE-121] vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions, FortiCamera 1.1 all versions, FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail… | ||
| CVE-2025-4632 | 0.15 | — | 0.24 | KEV | May 13, 2025 | Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority. | ||
| CVE-2025-42999 | 0.15 | — | 0.11 | KEV | May 13, 2025 | SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system. |
- risk 0.14cvss —epss 0.90
Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not…
- risk 0.13cvss —epss 0.20
A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.
- risk 0.19cvss —epss 0.69
A missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to gain privileged access to the application.
- risk 0.13cvss —epss 0.75
An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code.
- risk 0.69cvss 8.8epss 0.01
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption.
- risk 0.12cvss —epss 0.01
In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can…
- risk 0.28cvss —epss 1.00
Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update…
- risk 0.05cvss —epss 0.04
eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows.
- risk 0.18cvss —epss 0.92
CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025.
- risk 0.13cvss —epss 0.95
Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This…
- risk 0.17cvss —epss 0.97
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.7, FortiWeb 7.2.0 through 7.2.10, FortiWeb 7.0.0 through 7.0.10 allows an…
- risk 0.12cvss —epss 0.65
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This…
- risk 0.12cvss —epss 0.09
Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
- risk 0.14cvss —epss 0.56
loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie.
- risk 0.22cvss —epss 0.95
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by…
- risk 0.12cvss —epss 0.03
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config…
- risk 0.27cvss —epss 1.00
Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
- risk 0.26cvss —epss 1.00
Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- risk 0.12cvss —epss 0.07
Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
- risk 0.20cvss —epss 0.47
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
- risk 0.15cvss —epss 0.97
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This…
- risk 0.12cvss —epss 0.10
Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
- risk 0.80cvss 10.0epss 0.02
Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains an authentication bypass vulnerability that allows attackers to impersonate…
- risk 0.46cvss 6.1epss 0.02
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting (XSS) vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to…
- risk 0.12cvss —epss 0.86
RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a…
- risk 0.26cvss —epss 1.00
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
- risk 0.39cvss 4.2epss 0.01
This issue was addressed with improved checks. This issue is fixed in iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.1 and iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura 13.7.4, visionOS 2.3.1, watchOS 11.3.1. A…
- risk 0.19cvss —epss 0.64
Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.
- risk 0.19cvss —epss 0.82
External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network.
- risk 0.12cvss —epss 0.04
In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.
- risk 0.12cvss —epss 0.01
Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
- risk 0.12cvss —epss 0.01
Memory corruption while rendering graphics using Adreno GPU drivers in Chrome.
- risk 0.12cvss —epss 0.00
Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
- risk 0.12cvss —epss 0.06
Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- risk 0.15cvss —epss 0.89
A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution.
- risk 0.15cvss —epss 0.89
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
- risk 0.13cvss —epss 0.08
The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025.
- risk 0.13cvss —epss 0.00
The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025.
- risk 0.18cvss —epss 0.83
The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace…
- risk 0.16cvss —epss 0.95
The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an endpoint that is vulnerable to command…
- risk 0.17cvss —epss 0.22
Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.
- risk 0.12cvss —epss 0.02
Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.12cvss —epss 0.02
Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
- risk 0.12cvss —epss 0.01
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
- risk 0.12cvss —epss 0.02
Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.
- risk 0.18cvss —epss 0.88
Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.
- risk 0.22cvss —epss 1.00
An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.
- risk 0.14cvss —epss 0.31
A stack-based buffer overflow vulnerability [CWE-121] vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions, FortiCamera 1.1 all versions, FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail…
- risk 0.15cvss —epss 0.24
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority.
- risk 0.15cvss —epss 0.11
SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.