Search

Expected end of text, found '.' (at char 11), (line:1, col:12)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (309322 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-54907 2025-09-11 7.8 High
Heap-based buffer overflow in Microsoft Office Visio allows an unauthorized attacker to execute code locally.
CVE-2025-54917 2025-09-11 4.3 Medium
Protection mechanism failure in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
CVE-2025-54918 2025-09-11 8.8 High
Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.
CVE-2025-54919 2025-09-11 7.5 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
CVE-2025-55236 2025-09-11 7.3 High
Time-of-check time-of-use (toctou) race condition in Graphics Kernel allows an authorized attacker to execute code locally.
CVE-2025-43781 1 Liferay 2 Dxp, Portal 2025-09-11 N/A
Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.3.110 through 7.4.3.128, and Liferay DXP 2024.Q3.1 through 2024.Q3.8, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.12 allows remote attackers to inject arbitrary web script or HTML via the URL in search bar portlet
CVE-2025-58975 1 Wordpress 1 Wordpress 2025-09-11 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Helmut Wandl Advanced Settings allows Cross Site Request Forgery. This issue affects Advanced Settings: from n/a through 3.1.1.
CVE-2025-58978 2 Wordpress, Wpswings 2 Wordpress, Pdf Generator For Wordpress 2025-09-11 5.3 Medium
Missing Authorization vulnerability in WP Swings PDF Generator for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Generator for WordPress: from n/a through 1.5.4.
CVE-2025-55049 1 Baicells 1 Neutrino 430 2025-09-11 9.1 Critical
Use of Default Cryptographic Key (CWE-1394)
CVE-2025-58984 2 Welcart, Wordpress 2 E-commerce, Wordpress 2025-09-11 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nanbu Welcart e-Commerce allows Stored XSS. This issue affects Welcart e-Commerce: from n/a through 2.11.20.
CVE-2025-55050 2025-09-11 9.8 Critical
CWE-1242: Inclusion of Undocumented Features
CVE-2025-55052 2025-09-11 4.3 Medium
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-54107 2025-09-11 4.3 Medium
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
CVE-2025-54112 2025-09-11 7 High
Use after free in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally.
CVE-2025-54113 2025-09-11 8.8 High
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-54256 2025-09-11 8.6 High
Dreamweaver Desktop versions 21.5 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must click on a malicious link, and scope is changed.
CVE-2025-54901 2025-09-11 5.5 Medium
Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2025-54912 2025-09-11 7.8 High
Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally.
CVE-2025-55051 2025-09-11 10 Critical
CWE-1392: Use of Default Credentials
CVE-2025-55048 2025-09-11 9.8 Critical
Multiple CWE-78