Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (1486 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-1642 1 Microsoft 1 Office 2025-10-22 7.8 High
Microsoft Office 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
CVE-2015-1641 1 Microsoft 6 Office, Office Compatibility Pack, Office Web Apps and 3 more 2025-10-22 7.8 High
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability."
CVE-2015-1187 2 Dlink, Trendnet 30 Dir-626l, Dir-626l Firmware, Dir-636l and 27 more 2025-10-22 9.8 Critical
The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp.
CVE-2014-8361 3 Aterm, Dlink, Realtek 51 W1200ex, W1200ex-ms, W1200ex-ms Firmware and 48 more 2025-10-22 9.8 Critical
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.
CVE-2014-3931 1 Multi-router Looking Glass Project 1 Multi-router Looking Glass 2025-10-22 9.8 Critical
fastping.c in MRLG (aka Multi-Router Looking Glass) before 5.5.0 allows remote attackers to cause an arbitrary memory write and memory corruption.
CVE-2010-5326 1 Sap 1 Netweaver Application Server Java 2025-10-22 10 Critical
The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 through 2016, aka a "Detour" attack.