CVE Tracker
Track known exploited vulnerabilities, CISA KEV alerts, and linked threat intelligence.
2,235
Total CVEs
1,590
CISA KEV
41
Known Exploits
8.8
Avg CVSS Score
Showing 20 of 2,235 CVEs
Microsoft Windows Win32k contains an unspecified vulnerability that allows for privilege escalation.
Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user.
Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution.
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could allow for code execution.
Accellion FTA contains a SQL injection vulnerability exploited via a crafted host header in a request to document_root.html.
Microsoft Exchange Server contains an unspecified vulnerability that allows for security feature bypass.
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
Microsoft Internet Explorer contains a memory corruption vulnerability in how the scripting engine handles objects in memory. Successful exploitation allows for remote code execution in the context of the current user.
Microsoft Office Outlook contains a security feature bypass vulnerability due to improperly handling objects in memory. Successful exploitation allows an attacker to execute commands.
Microsoft MSHTML contains a unspecified vulnerability that allows for remote code execution.
F5 BIG-IP and BIG-IQ Centralized Management contain a remote code execution vulnerability in the iControl REST interface that allows unauthenticated attackers with network access to execute system commands, create or delete files, and disable services.
Microsoft Office contains an unspecified vulnerability that allows for remote code execution.
SolarWinds Virtualization Manager allows for privilege escalation through leveraging a misconfiguration of sudo.
SAP Solution Manager User Experience Monitoring contains a missing authentication for critical function vulnerability which results in complete compromise of all SMDAgents connected to the Solution Manager.
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution.
Trend Micro OfficeScan contains a directory traversal vulnerability by extracting files from a zip file to a specific folder on the OfficeScan server, leading to remote code execution.
Microsoft Hyper-V RemoteFX vGPU contains an improper input validation vulnerability due to the host server failing to properly validate input from an authenticated user on a guest operating system. Successful exploitation allows for remote code execution on the host operating system.
SAP NetWeaver Application Server Java Platforms Invoker Servlet does not require authentication, allowing for remote code execution via a HTTP or HTTPS request.
Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation.
Microsoft Windows Update Medic Service contains an unspecified vulnerability that allows for privilege escalation.