Total
33063 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-0034 | 1 Microsoft | 1 Silverlight | 2025-10-22 | 9.3 HIGH | 8.8 HIGH |
| Microsoft Silverlight 5 before 5.1.41212.0 mishandles negative offsets during decoding, which allows remote attackers to execute arbitrary code or cause a denial of service (object-header corruption) via a crafted web site, aka "Silverlight Runtime Remote Code Execution Vulnerability." | |||||
| CVE-2015-7645 | 7 Adobe, Apple, Linux and 4 more | 13 Flash Player, Mac Os X, Linux Kernel and 10 more | 2025-10-22 | 9.3 HIGH | 7.8 HIGH |
| Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015. | |||||
| CVE-2015-6175 | 1 Microsoft | 1 Windows 10 1507 | 2025-10-22 | 7.2 HIGH | 7.8 HIGH |
| The kernel in Microsoft Windows 10 Gold allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of Privilege Vulnerability." | |||||
| CVE-2015-4902 | 4 Opensuse, Oracle, Redhat and 1 more | 21 Leap, Opensuse, Jdk and 18 more | 2025-10-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors related to Deployment. | |||||
| CVE-2015-4495 | 6 Canonical, Mozilla, Opensuse and 3 more | 15 Ubuntu Linux, Firefox, Firefox Os and 12 more | 2025-10-22 | 4.3 MEDIUM | 8.8 HIGH |
| The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015. | |||||
| CVE-2015-2590 | 6 Canonical, Debian, Opensuse and 3 more | 21 Ubuntu Linux, Debian Linux, Opensuse and 18 more | 2025-10-22 | 10.0 HIGH | 9.8 CRITICAL |
| Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732. | |||||
| CVE-2015-2545 | 1 Microsoft | 1 Office | 2025-10-22 | 9.3 HIGH | 7.8 HIGH |
| Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted EPS image, aka "Microsoft Office Malformed EPS File Vulnerability." | |||||
| CVE-2015-1701 | 1 Microsoft | 4 Windows 2003 Server, Windows 7, Windows Server 2008 and 1 more | 2025-10-22 | 7.2 HIGH | 7.8 HIGH |
| Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka "Win32k Elevation of Privilege Vulnerability." | |||||
| CVE-2015-1671 | 1 Microsoft | 11 .net Framework, Live Meeting, Lync and 8 more | 2025-10-22 | 9.3 HIGH | 7.8 HIGH |
| The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5 Developer Runtime before 5.1.40416.00, allows remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability." | |||||
| CVE-2014-8361 | 3 Aterm, Dlink, Realtek | 51 W1200ex, W1200ex-ms, W1200ex-ms Firmware and 48 more | 2025-10-22 | 10.0 HIGH | 9.8 CRITICAL |
| The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023. | |||||
| CVE-2010-5326 | 1 Sap | 1 Netweaver Application Server Java | 2025-10-22 | 10.0 HIGH | 10.0 CRITICAL |
| The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 through 2016, aka a "Detour" attack. | |||||
| CVE-2025-3928 | 3 Commvault, Linux, Microsoft | 3 Commvault, Linux Kernel, Windows | 2025-10-21 | N/A | 8.8 HIGH |
| Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms. This vulnerability was added to the CISA Known Exploited Vulnerabilities (KEV) Catalog on 2025-04-28. | |||||
| CVE-2025-32706 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-10-21 | N/A | 7.8 HIGH |
| Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-26633 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-10-21 | N/A | 7.0 HIGH |
| Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally. | |||||
| CVE-2025-24989 | 1 Microsoft | 1 Power Pages | 2025-10-21 | N/A | 8.2 HIGH |
| An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected customers have been notified. This update addressed the registration control bypass. Affected customers have been given instructions on reviewing their sites for potential exploitation and clean up methods. If you've not been notified this vulnerability does not affect you. | |||||
| CVE-2025-21418 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2025-10-21 | N/A | 7.8 HIGH |
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | |||||
| CVE-2025-21391 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-10-21 | N/A | 7.1 HIGH |
| Windows Storage Elevation of Privilege Vulnerability | |||||
| CVE-2025-21333 | 1 Microsoft | 7 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 4 more | 2025-10-21 | N/A | 7.8 HIGH |
| Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability | |||||
| CVE-2025-0411 | 1 7-zip | 1 7-zip | 2025-10-21 | N/A | 7.0 HIGH |
| 7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456. | |||||
| CVE-2024-9537 | 1 Sciencelogic | 1 Sl1 | 2025-10-21 | N/A | 9.8 CRITICAL |
| ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1. The vulnerability is addressed in SL1 versions 12.1.3+, 12.2.3+, and 12.3+. Remediations have been made available for all SL1 versions back to version lines 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x. | |||||