Search

Expected end of text, found '.' (at char 20), (line:1, col:21)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (309164 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-42944 1 Sap 2 Netweaver, Sap Netweaver 2025-09-10 10 Critical
Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to an open port. The deserialization of such untrusted Java objects could lead to arbitrary OS command execution, posing a high impact to the application's confidentiality, integrity, and availability.
CVE-2025-55245 2025-09-10 7.8 High
Improper link resolution before file access ('link following') in Xbox allows an authorized attacker to elevate privileges locally.
CVE-2025-54898 2025-09-10 7.8 High
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-54902 2025-09-10 7.8 High
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-54896 2025-09-10 7.8 High
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-54900 2025-09-10 7.8 High
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-54908 2025-09-10 7.8 High
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
CVE-2025-54897 2025-09-10 8.8 High
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-54092 2025-09-10 7.8 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
CVE-2025-54098 2025-09-10 7.8 High
Improper access control in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
CVE-2025-54115 2025-09-10 7 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
CVE-2025-54904 2025-09-10 7.8 High
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-54899 2025-09-10 7.8 High
Free of memory not on the heap in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-54906 2025-09-10 7.8 High
Free of memory not on the heap in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-54910 2025-09-10 8.4 High
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-53800 2025-09-10 7.8 High
No cwe for this issue in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2025-53802 2025-09-10 7 High
Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
CVE-2025-54102 2025-09-10 7.8 High
Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.
CVE-2025-53808 2025-09-10 6.7 Medium
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.
CVE-2025-54109 2025-09-10 6.7 Medium
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.