Total
34738 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43451 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-10-28 | N/A | 6.5 MEDIUM |
| NTLM Hash Disclosure Spoofing Vulnerability | |||||
| CVE-2024-49039 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-10-28 | N/A | 8.8 HIGH |
| Windows Task Scheduler Elevation of Privilege Vulnerability | |||||
| CVE-2024-49138 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-10-28 | N/A | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||
| CVE-2018-8440 | 1 Microsoft | 10 Windows 10 1607, Windows 10 1703, Windows 10 1709 and 7 more | 2025-10-28 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | |||||
| CVE-2018-8453 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1703 and 12 more | 2025-10-28 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | |||||
| CVE-2018-8581 | 1 Microsoft | 1 Exchange Server | 2025-10-28 | 5.8 MEDIUM | 7.4 HIGH |
| An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server. | |||||
| CVE-2023-36563 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-10-28 | N/A | 6.5 MEDIUM |
| Microsoft WordPad Information Disclosure Vulnerability | |||||
| CVE-2023-36584 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1809, Windows 10 21h1 and 8 more | 2025-10-28 | N/A | 5.4 MEDIUM |
| Windows Mark of the Web Security Feature Bypass Vulnerability | |||||
| CVE-2023-36761 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-10-28 | N/A | 6.5 MEDIUM |
| Microsoft Word Information Disclosure Vulnerability | |||||
| CVE-2023-36874 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-10-28 | N/A | 7.8 HIGH |
| Windows Error Reporting Service Elevation of Privilege Vulnerability | |||||
| CVE-2023-38180 | 2 Fedoraproject, Microsoft | 4 Fedora, .net, Asp.net Core and 1 more | 2025-10-28 | N/A | 7.5 HIGH |
| .NET and Visual Studio Denial of Service Vulnerability | |||||
| CVE-2023-29357 | 1 Microsoft | 1 Sharepoint Server | 2025-10-28 | N/A | 9.8 CRITICAL |
| Microsoft SharePoint Server Elevation of Privilege Vulnerability | |||||
| CVE-2023-29360 | 1 Microsoft | 9 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 6 more | 2025-10-28 | N/A | 8.4 HIGH |
| Microsoft Streaming Service Elevation of Privilege Vulnerability | |||||
| CVE-2023-32046 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-10-28 | N/A | 7.8 HIGH |
| Windows MSHTML Platform Elevation of Privilege Vulnerability | |||||
| CVE-2023-32049 | 1 Microsoft | 9 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 6 more | 2025-10-28 | N/A | 8.8 HIGH |
| Windows SmartScreen Security Feature Bypass Vulnerability | |||||
| CVE-2023-36025 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-10-28 | N/A | 8.8 HIGH |
| Windows SmartScreen Security Feature Bypass Vulnerability | |||||
| CVE-2022-20821 | 1 Cisco | 28 8201, 8202, 8208 and 25 more | 2025-10-28 | 6.4 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attacker could exploit this vulnerability by connecting to the Redis instance on the open port. A successful exploit could allow the attacker to write to the Redis in-memory database, write arbitrary files to the container filesystem, and retrieve information about the Redis database. Given the configuration of the sandboxed container that the Redis instance runs in, a remote attacker would be unable to execute remote code or abuse the integrity of the Cisco IOS XR Software host system. | |||||
| CVE-2019-1653 | 1 Cisco | 4 Rv320, Rv320 Firmware, Rv325 and 1 more | 2025-10-28 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information. The vulnerability is due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information. Cisco has released firmware updates that address this vulnerability. | |||||
| CVE-2020-3259 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2025-10-28 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to a buffer tracking issue when the software parses invalid URLs that are requested from the web services interface. An attacker could exploit this vulnerability by sending a crafted GET request to the web services interface. A successful exploit could allow the attacker to retrieve memory contents, which could lead to the disclosure of confidential information. Note: This vulnerability affects only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section. | |||||
| CVE-2018-8589 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2025-10-28 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka "Windows Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. | |||||