Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-41089

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-12 May, 2026 | 16:58
Updated At-15 May, 2026 | 17:12
Rejected At-
Credits

Windows Netlogon Remote Code Execution Vulnerability

Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:12 May, 2026 | 16:58
Updated At:15 May, 2026 | 17:12
Rejected At:
â–¼CVE Numbering Authority (CNA)
Windows Netlogon Remote Code Execution Vulnerability

Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2012
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.2.9200.0 before 6.2.9200.26079 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2012 (Server Core installation)
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.2.9200.0 before 6.2.9200.26079 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2012 R2
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.3.9600.0 before 6.3.9600.23181 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2012 R2 (Server Core installation)
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.3.9600.0 before 6.3.9600.23181 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2016
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.14393.0 before 10.0.14393.9140 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2016 (Server Core installation)
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.14393.0 before 10.0.14393.9140 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2019
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.17763.0 before 10.0.17763.8755 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2019 (Server Core installation)
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.17763.0 before 10.0.17763.8755 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2022
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.20348.0 before 10.0.20348.5139 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2022, 23H2 Edition (Server Core installation)
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.25398.0 before 10.0.25398.2330 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2025
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.26100.0 before 10.0.26100.32860 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2025 (Server Core installation)
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.26100.0 before 10.0.26100.32860 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-121CWE-121: Stack-based Buffer Overflow
Type: CWE
CWE ID: CWE-121
Description: CWE-121: Stack-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41089
vendor-advisory
patch
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41089
Resource:
vendor-advisory
patch
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:12 May, 2026 | 18:17
Updated At:15 May, 2026 | 15:42

Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Microsoft Corporation
microsoft
>>windows_server_2012>>-
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2012>>r2
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2016>>Versions before 10.0.14393.9140(exclusive)
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2019>>Versions before 10.0.17763.8755(exclusive)
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2022>>Versions before 10.0.20348.5074(exclusive)
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2022_23h2>>Versions before 10.0.25398.2330(exclusive)
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2025>>Versions before 10.0.26100.32772(exclusive)
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-121Primarysecure@microsoft.com
CWE ID: CWE-121
Type: Primary
Source: secure@microsoft.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41089secure@microsoft.com
Vendor Advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41089
Source: secure@microsoft.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1358Records found
CVE-2025-23311
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.12% / 78.44%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 12:33
Updated-12 Aug, 2025 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a stack overflow through specially crafted HTTP requests. A successful exploit of this vulnerability might lead to remote code execution, denial of service, information disclosure, or data tampering.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-triton_inference_serverwindowslinux_kernelTriton Inference Server
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-4601
Matching Score-10
Assigner-National Instruments
ShareView Details
Matching Score-10
Assigner-National Instruments
CVSS Score-8.1||HIGH
EPSS-0.21% / 43.05%
||
7 Day CHG~0.00%
Published-18 Oct, 2023 | 19:15
Updated-13 Sep, 2024 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack-based Buffer Overflow in NI System Configuration Software

A stack-based buffer overflow vulnerability exists in NI System Configuration that could result in information disclosure and/or arbitrary code execution. Successful exploitation requires that an attacker can provide a specially crafted response. This affects NI System Configuration 2023 Q3 and all previous versions.

Action-Not Available
Vendor-niNIniMicrosoft Corporation
Product-windowssystem_configurationSystem Configurationsystem_configuration
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-46223
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-9.8||CRITICAL
EPSS-3.25% / 87.27%
||
7 Day CHG~0.00%
Published-19 Dec, 2023 | 15:43
Updated-02 Aug, 2024 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

Action-Not Available
Vendor-Ivanti SoftwareMicrosoft Corporation
Product-windowsavalancheAvalancheavalanche
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-23310
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.84% / 74.96%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 12:18
Updated-12 Aug, 2025 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause stack buffer overflow by specially crafted inputs. A successful exploit of this vulnerability might lead to remote code execution, denial of service, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-triton_inference_serverwindowslinux_kernelTriton Inference Server
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2019-8248
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-1.86% / 83.26%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 15:37
Updated-04 Aug, 2024 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Illustrator CC versions 23.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsmacosillustrator_ccAdobe Illustrator CC
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-28331
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-0.28% / 51.89%
||
7 Day CHG~0.00%
Published-31 Jan, 2023 | 15:55
Updated-27 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Portable Runtime (APR): Windows out-of-bounds write in apr_socket_sendv function

On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow.

Action-Not Available
Vendor-The Apache Software FoundationMicrosoft Corporation
Product-portable_runtimewindowsApache Portable Runtime (APR)
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-8211
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-5.27% / 90.09%
||
7 Day CHG~0.00%
Published-17 Oct, 2019 | 20:25
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2019-7965
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-16.16% / 94.88%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 19:31
Updated-04 Aug, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8236
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-0.80% / 74.16%
||
7 Day CHG~0.00%
Published-23 Oct, 2019 | 20:46
Updated-04 Aug, 2024 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Creative Cloud Desktop Application version 4.6.1 and earlier versions have Security Bypass vulnerability. Successful exploitation could lead to Privilege Escalation in the context of the current user.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-windowscreative_cloudmacosAdobe Creative Cloud Desktop application
CVE-2019-8215
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-5.27% / 90.09%
||
7 Day CHG~0.00%
Published-17 Oct, 2019 | 20:25
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2019-8100
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-16.16% / 94.88%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 20:26
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8024
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-35.34% / 97.10%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 19:47
Updated-04 Aug, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2019-8257
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-17.81% / 95.20%
||
7 Day CHG~0.00%
Published-27 Jan, 2020 | 23:12
Updated-04 Aug, 2024 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2019-8049
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-41.50% / 97.45%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 20:00
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8246
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-1.71% / 82.52%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 15:34
Updated-05 May, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-media_encodermacoswindowsAdobe Media Encoder
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8221
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-5.27% / 90.09%
||
7 Day CHG~0.00%
Published-17 Oct, 2019 | 20:26
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2019-8041
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-39.72% / 97.36%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 19:56
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8161
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-3.18% / 87.10%
||
7 Day CHG~0.00%
Published-17 Oct, 2019 | 20:11
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2019-8029
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-30.10% / 96.72%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 19:49
Updated-04 Aug, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcmacoswindowsacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2019-7107
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-6.39% / 91.12%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 15:40
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe InDesign versions 14.0.1 and below have an unsafe hyperlink processing vulnerability. Successful exploitation could lead to arbitrary code execution. Fixed in versions 13.1.1 and 14.0.2.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsindesignmac_os_xInDesign
CVE-2019-7131
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-3.91% / 88.41%
||
7 Day CHG~0.00%
Published-27 Jan, 2020 | 23:12
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010.20064 and earlier, 2017.011.30110 and earlier version, and 2015.006.30461 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2019-7088
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-1.86% / 83.24%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 16:59
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2015-3113
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-92.50% / 99.74%
||
7 Day CHG~0.00%
Published-23 Jun, 2015 | 21:00
Updated-21 Apr, 2026 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-04||The impacted product is end-of-life and should be disconnected if still in use.

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015.

Action-Not Available
Vendor-n/aApple Inc.openSUSELinux Kernel Organization, IncSUSERed Hat, Inc.HP Inc.Microsoft CorporationAdobe Inc.
Product-evergreenlinux_enterprise_desktopmac_os_xsystem_management_homepagesystems_insight_managerenterprise_linux_desktopinsight_orchestrationversion_control_repository_managerlinux_kernellinux_enterprise_workstation_extensionvirtual_connect_enterprise_managerversion_control_agententerprise_linux_serverenterprise_linux_workstationwindowsflash_playerenterprise_linux_eusopensusen/aFlash Player
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-4640
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.12% / 29.97%
||
7 Day CHG~0.00%
Published-19 Feb, 2020 | 15:15
Updated-17 Sep, 2024 | 02:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Secret Server 10.7 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code which could result in an attacker executing malicious code. IBM X-Force ID: 170046.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-windowssecurity_secret_serverSecurity Secret Server
CWE ID-CWE-346
Origin Validation Error
CVE-2019-5620
Matching Score-8
Assigner-Rapid7, Inc.
ShareView Details
Matching Score-8
Assigner-Rapid7, Inc.
CVSS Score-9.8||CRITICAL
EPSS-79.33% / 99.09%
||
7 Day CHG~0.00%
Published-29 Apr, 2020 | 22:15
Updated-17 Sep, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ABB MicroSCADA Pro SYS600 Missing Authentication for Critical Function

ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function.

Action-Not Available
Vendor-Hitachi Energy Ltd.Microsoft CorporationABB
Product-microscada_pro_sys600windows_7windows_xpMicroSCADA Pro SYS600
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-24989
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.2||HIGH
EPSS-31.62% / 96.85%
||
7 Day CHG~0.00%
Published-19 Feb, 2025 | 22:18
Updated-13 Feb, 2026 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-03-14||Apply mitigations per vendor instructions, follow BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Microsoft Power Pages Elevation of Privilege Vulnerability

An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected customers have been notified. This update addressed the registration control bypass. Affected customers have been given instructions on reviewing their sites for potential exploitation and clean up methods. If you've not been notified this vulnerability does not affect you.

Action-Not Available
Vendor-Microsoft Corporation
Product-power_pagesMicrosoft Power PagesPower Pages
CWE ID-CWE-284
Improper Access Control
CVE-2025-23303
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-2.17% / 84.50%
||
7 Day CHG~0.00%
Published-13 Aug, 2025 | 17:15
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA NeMo Framework for all platforms contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering.

Action-Not Available
Vendor-Apple Inc.NVIDIA CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-nemolinux_kernelmacoswindowsNVIDIA NeMo Framework
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-17086
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-23.47% / 96.03%
||
7 Day CHG~0.00%
Published-11 Nov, 2020 | 06:48
Updated-10 Sep, 2024 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Raw Image Extension Remote Code Execution Vulnerability

Raw Image Extension Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-raw_image_extensionRaw Image Extension
CVE-2020-17078
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-7.50% / 91.86%
||
7 Day CHG~0.00%
Published-11 Nov, 2020 | 06:48
Updated-01 Oct, 2024 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Raw Image Extension Remote Code Execution Vulnerability

Raw Image Extension Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-raw_image_extensionRaw Image Extension
CVE-2025-23317
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-9.1||CRITICAL
EPSS-3.33% / 87.42%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 12:35
Updated-12 Aug, 2025 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Triton Inference Server contains a vulnerability in the HTTP server, where an attacker could start a reverse shell by sending a specially crafted HTTP request. A successful exploit of this vulnerability might lead to remote code execution, denial of service, data tampering, or information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-triton_inference_serverwindowslinux_kernelTriton Inference Server
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2022-29130
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-12.24% / 93.92%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 20:34
Updated-02 Jan, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2008-4835
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-66.73% / 98.56%
||
7 Day CHG~0.00%
Published-14 Jan, 2009 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2008windows_vistawindows_xpwindows_2000windows_server_2003n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2015-0313
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-92.54% / 99.75%
||
7 Day CHG~0.00%
Published-02 Feb, 2015 | 19:00
Updated-21 Apr, 2026 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-04||The impacted product is end-of-life and should be disconnected if still in use.

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322.

Action-Not Available
Vendor-n/aApple Inc.openSUSEMicrosoft CorporationAdobe Inc.Linux Kernel Organization, IncSUSE
Product-evergreenlinux_enterprise_desktopmac_os_xwindows_8.1edgelinux_kernellinux_enterprise_workstation_extensionwindows_server_2012internet_explorerwindows_rtwindowsflash_playerwindows_8windows_10_1507windows_rt_8.1opensusen/aFlash Player
CWE ID-CWE-416
Use After Free
CVE-2020-12651
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-8.49% / 92.44%
||
7 Day CHG~0.00%
Published-15 May, 2020 | 17:31
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SecureCRT before 8.7.2 allows remote attackers to execute arbitrary code via an Integer Overflow and a Buffer Overflow because a banner can trigger a line number to CSI functions that exceeds INT_MAX.

Action-Not Available
Vendor-vandyken/aLinux Kernel Organization, IncApple Inc.Microsoft Corporation
Product-iphone_oslinux_kernelwindowsmacossecurecrtn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-21307
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-10.77% / 93.42%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-13 Feb, 2026 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability

Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_10_1809windows_server_2008windows_11_24h2windows_11_22h2windows_server_2012windows_server_2016windows_server_2022windows_server_2022_23h2windows_10_21h2windows_10_1507windows_server_2019windows_10_22h2windows_server_2025windows_11_23h2Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-416
Use After Free
CVE-2026-41096
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 22.88%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 16:58
Updated-15 May, 2026 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows DNS Client Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_25h2windows_server_2025windows_11_26h1windows_11_24h2windows_server_2022_23h2windows_11_23h2Windows 11 Version 24H2Windows 11 version 26H1Windows Server 2025Windows 11 version 22H3Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025 (Server Core installation)Windows 11 Version 25H2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2015-5119
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-93.21% / 99.81%
||
7 Day CHG+0.06%
Published-08 Jul, 2015 | 14:00
Updated-21 Apr, 2026 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-24||The impacted product is end-of-life and should be disconnected if still in use.

Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.

Action-Not Available
Vendor-n/aApple Inc.openSUSELinux Kernel Organization, IncSUSERed Hat, Inc.Microsoft CorporationAdobe Inc.
Product-evergreenlinux_enterprise_desktopmac_os_xenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktopenterprise_linux_server_from_rhuiwindowsflash_playerenterprise_linux_server_ausenterprise_linux_euslinux_kernellinux_enterprise_workstation_extensionopensusen/aFlash Player
CWE ID-CWE-416
Use After Free
CVE-2015-3043
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-87.40% / 99.47%
||
7 Day CHG~0.00%
Published-14 Apr, 2015 | 22:00
Updated-21 Apr, 2026 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-24||The impacted product is end-of-life and should be disconnected if still in use.

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in April 2015, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3042.

Action-Not Available
Vendor-n/aApple Inc.openSUSELinux Kernel Organization, IncNovellRed Hat, Inc.Microsoft CorporationAdobe Inc.
Product-evergreenmac_os_xenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktopenterprise_linux_server_from_rhuiwindowsflash_playersuse_linux_enterprise_workstation_extensionenterprise_linux_eusenterprise_linux_server_aussuse_linux_enterprise_desktoplinux_kernelopensusen/aFlash Player
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-28054
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.61% / 81.98%
||
7 Day CHG~0.00%
Published-02 May, 2022 | 13:33
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper sanitization of trigger action scripts in VanDyke Software VShell for Windows v4.6.2 allows attackers to execute arbitrary code via a crafted value.

Action-Not Available
Vendor-vandyken/aMicrosoft Corporation
Product-vshellwindowsn/a
CVE-2020-10964
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.82% / 88.24%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 21:53
Updated-04 Aug, 2024 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename.

Action-Not Available
Vendor-s9yn/aMicrosoft Corporation
Product-windowsserendipityn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2015-1635
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-94.31% / 99.95%
||
7 Day CHG~0.00%
Published-14 Apr, 2015 | 20:00
Updated-22 Apr, 2026 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-08-10||Apply updates per vendor instructions.

HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_8.1windows_server_2008windows_8windows_server_2012n/aHTTP.sys
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2014-9390
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-77.16% / 98.99%
||
7 Day CHG~0.00%
Published-12 Feb, 2020 | 01:58
Updated-06 Aug, 2024 | 13:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.

Action-Not Available
Vendor-git-scmlibgit2mercurialn/aApple Inc.Microsoft CorporationEclipse Foundation AISBL
Product-jgitmac_os_xegitxcodewindowsmercuriallibgit2gitn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-10867
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.40% / 60.61%
||
7 Day CHG~0.00%
Published-01 Apr, 2020 | 17:06
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to bypass intended access restrictions on tasks from an untrusted process, when Self Defense is enabled.

Action-Not Available
Vendor-avastn/aMicrosoft Corporation
Product-windowsantivirusn/a
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2020-10515
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.99% / 77.08%
||
7 Day CHG~0.00%
Published-02 Apr, 2020 | 21:30
Updated-04 Aug, 2024 | 11:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

STARFACE UCC Client before 6.7.1.204 on WIndows allows binary planting to execute code with System rights, aka usd-2020-0006.

Action-Not Available
Vendor-starfacen/aMicrosoft Corporation
Product-windowsunified_communication_\&_collaboration_clientn/a
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-26809
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-92.56% / 99.75%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 19:04
Updated-02 Jan, 2025 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Procedure Call Runtime Remote Code Execution Vulnerability

Remote Procedure Call Runtime Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2019-19513
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.98% / 83.77%
||
7 Day CHG~0.00%
Published-16 Oct, 2020 | 12:52
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The BASSMIDI plugin 2.4.12.1 for Un4seen BASS Audio Library on Windows is prone to an out of bounds write vulnerability. An attacker may exploit this to execute code on the target machine. A failure in exploitation leads to a denial of service.

Action-Not Available
Vendor-un4seenn/aMicrosoft Corporation
Product-windowsbassmidin/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-14917
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 2.20%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 20:13
Updated-30 Mar, 2026 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server Liberty could provide weaker than expected security

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could provide weaker than expected security when administering security settings.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationIBM CorporationLinux Kernel Organization, Inc
Product-windowswebsphere_application_serveraixz\/osmacosilinux_kernelWebSphere Application Server - Liberty
CWE ID-CWE-1393
Use of Default Password
CVE-2015-0311
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-92.72% / 99.76%
||
7 Day CHG~0.00%
Published-23 Jan, 2015 | 21:00
Updated-21 Apr, 2026 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-04||The impacted product is end-of-life and should be disconnected if still in use.

Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.Linux Kernel Organization, IncSUSE
Product-internet_explorerwindows_rtlinux_enterprise_desktopmac_os_xwindows_8.1windows_rt_8.1windowsflash_playerwindows_8edgewindows_10_1507linux_kernellinux_enterprise_workstation_extensionwindows_server_2012n/aFlash Player
CVE-2019-19167
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.46% / 64.52%
||
7 Day CHG~0.00%
Published-06 May, 2020 | 12:47
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tobesoft Nexacro14 ActiveX File Download Vulnerability

Tobesoft Nexacro v2019.9.25.1 and earlier version have an arbitrary code execution vulnerability by using method supported by Nexacro14 ActiveX Control. It allows attacker to cause remote code execution.

Action-Not Available
Vendor-tobesoftTobesoftMicrosoft Corporation
Product-windowsnexacroNexacro14
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2020-0610
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-74.66% / 98.88%
||
7 Day CHG~0.00%
Published-14 Jan, 2020 | 23:11
Updated-04 Aug, 2024 | 06:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0609.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2016windows_server_2019Windows Server
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 27
  • 28
  • Next
Details not found