Critical
CVE-2025-2747
Kentico · Xperience CMS
Added Oct 20, 2025
Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability
Kentico Xperience CMS contains an authentication bypass using an alternate path or channel vulnerability that could allow an attacker to control administrative objects.
Critical
CVE-2025-33073
Microsoft · Windows
Added Oct 20, 2025
Microsoft Windows SMB Client Improper Access Control Vulnerability
Microsoft Windows SMB Client contains an improper access control vulnerability that could allow for privilege escalation. An attacker could execute a specially crafted malicious script to coerce the victim machine to connect back to the attack system using SMB and authenticate.
Critical
CVE-2025-61884
Oracle · E-Business Suite
Added Oct 20, 2025
Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability
Oracle E-Business Suite contains a server-side request forgery (SSRF) vulnerability in the Runtime component of Oracle Configurator. This vulnerability is remotely exploitable without authentication.
Critical
CVE-2025-54253
Adobe · Experience Manager (AEM) Forms
Added Oct 15, 2025
Adobe Experience Manager Forms Code Execution Vulnerability
Adobe Experience Manager Forms in JEE contains an unspecified vulnerability that allows for arbitrary code execution.
Critical
CVE-2025-47827
IGEL · IGEL OS
Added Oct 14, 2025
IGEL OS Use of a Key Past its Expiration Date Vulnerability
IGEL OS contains a use of a key past its expiration date vulnerability that allows for Secure Boot bypass. The igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.
Critical
CVE-2025-24990
Microsoft · Windows
Added Oct 14, 2025
Microsoft Windows Untrusted Pointer Dereference Vulnerability
Microsoft Windows Agere Modem Driver contains an untrusted pointer dereference vulnerability that allows for privilege escalation. An attacker who successfully exploited this vulnerability could gain administrator privileges.
Critical
CVE-2025-59230
Microsoft · Windows
Added Oct 14, 2025
Microsoft Windows Improper Access Control Vulnerability
Microsoft Windows contains an improper access control vulnerability in Windows Remote Access Connection Manager which could allow an authorized attacker to elevate privileges locally.
Critical
CVE-2016-7836
SKYSEA · Client View
Added Oct 14, 2025
SKYSEA Client View Improper Authentication Vulnerability
SKYSEA Client View contains an improper authentication vulnerability that allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program.
Critical
CVE-2021-43798
Grafana Labs · Grafana
Added Oct 9, 2025
Grafana Path Traversal Vulnerability
Grafana contains a path traversal vulnerability that could allow access to local files.
Critical
CVE-2025-27915
Synacor · Zimbra Collaboration Suite (ZCS)
Added Oct 7, 2025
Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability
Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail message containing a malicious ICS entry, its embedded JavaScript executes via an ontoggle event inside a tag. This allows an attacker to run arbitrary JavaScript within the victim's session, potentially leading to unauthorized actions such as setting e-mail filters to redirect messages to an attacker-controlled address. As a result, an attacker can perform unauthorized actions on the victim's account, including e-mail redirection and data exfiltration.
Critical
CVE-2021-22555
Linux · Kernel
Added Oct 6, 2025
Linux Kernel Heap Out-of-Bounds Write Vulnerability
Linux Kernel contains a heap out-of-bounds write vulnerability that could allow an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space.
Critical
CVE-2010-3962
Microsoft · Internet Explorer
Added Oct 6, 2025
Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability
Microsoft Internet Explorer contains an uninitialized memory corruption vulnerability that could allow for remote code execution. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Critical
CVE-2021-43226
Microsoft · Windows
Added Oct 6, 2025
Microsoft Windows Privilege Escalation Vulnerability
Microsoft Windows Common Log File System Driver contains a privilege escalation vulnerability that could allow a local, privileged attacker to bypass certain security mechanisms.
Critical
CVE-2013-3918
Microsoft · Windows
Added Oct 6, 2025
Microsoft Windows Out-of-Bounds Write Vulnerability
Microsoft Windows contains an out-of-bounds write vulnerability in the InformationCardSigninHelper Class ActiveX control, icardie.dll. An attacker could exploit the vulnerability by constructing a specially crafted webpage. When a user views the webpage, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Critical
CVE-2011-3402
Microsoft · Windows
Added Oct 6, 2025
Microsoft Windows Remote Code Execution Vulnerability
Microsoft Windows Kernel contains an unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers that allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page.
Critical
CVE-2010-3765
Mozilla · Multiple Products
Added Oct 6, 2025
Mozilla Multiple Products Remote Code Execution Vulnerability
Mozilla Firefox, SeaMonkey, and Thunderbird contain an unspecified vulnerability when JavaScript is enabled. This allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption.
Critical
CVE-2025-61882
Oracle · E-Business Suite
Added Oct 6, 2025
Oracle E-Business Suite Unspecified Vulnerability
Oracle E-Business Suite contains an unspecified vulnerability in the BI Publisher Integration component. The vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks can result in takeover of Oracle Concurrent Processing.
Critical
CVE-2025-4008
Smartbedded · Meteobridge
Added Oct 2, 2025
Smartbedded Meteobridge Command Injection Vulnerability
Smartbedded Meteobridge contains a command injection vulnerability that could allow remote unauthenticated attackers to gain arbitrary command execution with elevated privileges (root) on affected devices.
Critical
CVE-2025-21043
Samsung · Mobile Devices
Added Oct 2, 2025
Samsung Mobile Devices Out-of-Bounds Write Vulnerability
Samsung mobile devices contain an out-of-bounds write vulnerability in libimagecodec.quram.so which allows remote attackers to execute arbitrary code.
Critical
CVE-2017-1000353
Jenkins · Jenkins
Added Oct 2, 2025
Jenkins Remote Code Execution Vulnerability
Jenkins contains a remote code execution vulnerability. This vulnerability that could allowed attackers to transfer a serialized Java SignedObject object to the remoting-based Jenkins CLI, that would be deserialized using a new ObjectInputStream, bypassing the existing blocklist-based protection mechanism.
Critical
CVE-2015-7755
Juniper · ScreenOS
Added Oct 2, 2025
Juniper ScreenOS Improper Authentication Vulnerability
Juniper ScreenOS contains an improper authentication vulnerability that could allow unauthorized remote administrative access to the device.
Critical
CVE-2014-6278
GNU · GNU Bash
Added Oct 2, 2025
GNU Bash OS Command Injection Vulnerability
GNU Bash contains an OS command injection vulnerability which allows remote attackers to execute arbitrary commands via a crafted environment.
Critical
CVE-2021-21311
Adminer · Adminer
Added Sep 29, 2025
Adminer Server-Side Request Forgery Vulnerability
Adminer contains a server-side request forgery vulnerability that, when exploited, allows a remote attacker to obtain potentially sensitive information.
Critical
CVE-2025-20352
Cisco · IOS and IOS XE
Added Sep 29, 2025
Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability
Cisco IOS and IOS XE contains a stack-based buffer overflow vulnerability in the Simple Network Management Protocol (SNMP) subsystem that could allow for denial of service or remote code execution. A successful exploit could allow a low-privileged attacker to cause the affected system to reload, resulting in a DoS condition, or allow a high-privileged attacker to execute arbitrary code as the root user and obtain full control of the affected system.
Critical
CVE-2025-59689
Libraesva · Email Security Gateway
Added Sep 29, 2025
Libraesva Email Security Gateway Command Injection Vulnerability
Libraesva Email Security Gateway (ESG) contains a command injection vulnerability which allows command injection via a compressed e-mail attachment.
