Total
2675 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-23006 | 1 Sonicwall | 15 Sma6200, Sma6200 Firmware, Sma6210 and 12 more | 2025-10-31 | N/A | 9.8 CRITICAL |
| Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands. | |||||
| CVE-2022-35405 | 1 Zohocorp | 3 Manageengine Access Manager Plus, Manageengine Pam360, Manageengine Password Manager Pro | 2025-10-31 | N/A | 9.8 CRITICAL |
| Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with authentication.) | |||||
| CVE-2023-43208 | 1 Nextgen | 1 Mirth Connect | 2025-10-31 | N/A | 9.8 CRITICAL |
| NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679. | |||||
| CVE-2024-40711 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-10-30 | N/A | 9.8 CRITICAL |
| A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE). | |||||
| CVE-2025-53690 | 1 Sitecore | 4 Experience Commerce, Experience Manager, Experience Platform and 1 more | 2025-10-30 | N/A | 9.0 CRITICAL |
| Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Code Injection.This issue affects Experience Manager (XM): through 9.0; Experience Platform (XP): through 9.0. | |||||
| CVE-2021-26857 | 1 Microsoft | 1 Exchange Server | 2025-10-30 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2022-41082 | 1 Microsoft | 1 Exchange Server | 2025-10-30 | N/A | 8.0 HIGH |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2025-0994 | 1 Trimble | 1 Cityworks | 2025-10-30 | N/A | 8.8 HIGH |
| Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services (IIS) web server. | |||||
| CVE-2020-17144 | 1 Microsoft | 1 Exchange Server | 2025-10-29 | 6.0 MEDIUM | 8.4 HIGH |
| Microsoft Exchange Remote Code Execution Vulnerability | |||||
| CVE-2025-5086 | 1 3ds | 1 Delmia Apriso | 2025-10-29 | N/A | 9.0 CRITICAL |
| A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution. | |||||
| CVE-2025-59237 | 1 Microsoft | 1 Sharepoint Server | 2025-10-28 | N/A | 8.8 HIGH |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||||
| CVE-2024-38094 | 1 Microsoft | 1 Sharepoint Server | 2025-10-28 | N/A | 7.2 HIGH |
| Microsoft SharePoint Remote Code Execution Vulnerability | |||||
| CVE-2018-0824 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1703 and 10 more | 2025-10-28 | 5.1 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | |||||
| CVE-2019-15271 | 1 Cisco | 8 Rv016 Multi-wan Vpn, Rv016 Multi-wan Vpn Firmware, Rv042 Dual Wan Vpn and 5 more | 2025-10-28 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The attacker must have either a valid credential or an active session token. The vulnerability is due to lack of input validation of the HTTP payload. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web-based management interface of the targeted device. A successful exploit could allow the attacker to execute commands with root privileges. | |||||
| CVE-2025-59285 | 1 Microsoft | 1 Azure Monitor Agent | 2025-10-27 | N/A | 7.0 HIGH |
| Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-53770 | 1 Microsoft | 1 Sharepoint Server | 2025-10-27 | N/A | 9.8 CRITICAL |
| Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation. | |||||
| CVE-2022-21445 | 1 Oracle | 1 Application Development Framework | 2025-10-27 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Development Framework (ADF). Successful attacks of this vulnerability can result in takeover of Oracle Application Development Framework (ADF). Note: Oracle Application Development Framework (ADF) is downloaded via Oracle JDeveloper Product. Please refer to Fusion Middleware Patch Advisor for more details. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2020-2555 | 1 Oracle | 9 Access Manager, Coherence, Commerce Platform and 6 more | 2025-10-27 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2018-2628 | 1 Oracle | 1 Weblogic Server | 2025-10-27 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2024-20953 | 1 Oracle | 1 Agile Product Lifecycle Management | 2025-10-27 | N/A | 8.8 HIGH |
| Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Export). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). | |||||