Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (23201 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-49668 1 Microsoft 11 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 8 more 2026-02-26 8.8 High
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-49669 1 Microsoft 11 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 8 more 2026-02-26 8.8 High
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-49673 1 Microsoft 11 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 8 more 2026-02-26 8.8 High
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-49675 1 Microsoft 27 Windows, Windows 10, Windows 10 1507 and 24 more 2026-02-26 7.8 High
Use after free in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-49678 1 Microsoft 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more 2026-02-26 7 High
Null pointer dereference in Windows NTFS allows an authorized attacker to elevate privileges locally.
CVE-2025-49682 1 Microsoft 14 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 11 more 2026-02-26 7.3 High
Use after free in Windows Media allows an authorized attacker to elevate privileges locally.
CVE-2025-49685 1 Microsoft 13 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 10 more 2026-02-26 7 High
Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally.
CVE-2025-49697 1 Microsoft 10 365 Apps, Office, Office 2016 and 7 more 2026-02-26 8.4 High
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-49699 1 Microsoft 14 365 Apps, Office, Office 2019 and 11 more 2026-02-26 7 High
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-49700 1 Microsoft 8 365 Apps, Office, Office 2019 and 5 more 2026-02-26 7.8 High
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-49703 1 Microsoft 13 365 Apps, Office, Office 2019 and 10 more 2026-02-26 7.8 High
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-49706 1 Microsoft 4 Sharepoint Enterprise Server, Sharepoint Server, Sharepoint Server 2016 and 1 more 2026-02-26 6.5 Medium
Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-49714 1 Microsoft 2 Python, Visual Studio Code 2026-02-26 7.8 High
Trust boundary violation in Visual Studio Code - Python extension allows an unauthorized attacker to execute code locally.
CVE-2025-47827 2 Igel, Microsoft 16 Igel Os, Windows 10 1507, Windows 10 1607 and 13 more 2026-02-26 4.6 Medium
In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.
CVE-2025-49727 1 Microsoft 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more 2026-02-26 7 High
Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2025-49729 1 Microsoft 11 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 8 more 2026-02-26 8.8 High
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-47966 1 Microsoft 2 Power Automate, Power Automate For Desktop 2026-02-26 9.8 Critical
Exposure of sensitive information to an unauthorized actor in Power Automate allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-49733 1 Microsoft 19 Windows, Windows 10, Windows 10 1809 and 16 more 2026-02-26 7.8 High
Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
CVE-2025-49737 1 Microsoft 2 Teams, Teams For Mac 2026-02-26 7 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Teams allows an authorized attacker to elevate privileges locally.
CVE-2025-49738 1 Microsoft 1 Pc Manager 2026-02-26 7.8 High
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.