CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2021-22555	High	85.2%	LinuxKernel	Linux Kernel contains a heap out-of-bounds write vulnerability that could allow an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space.	Oct 6, 2025	KEV
CVE-2025-61882(1)	High	88.2%	OracleE-Business Suite	Oracle E-Business Suite contains an unspecified vulnerability in the BI Publisher Integration component. The vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks can result in takeover of Oracle Concurrent Processing.	Oct 6, 2025	KEV
CVE-2021-43226	High	7.3%	MicrosoftWindows	Microsoft Windows Common Log File System Driver contains a privilege escalation vulnerability that could allow a local, privileged attacker to bypass certain security mechanisms.	Oct 6, 2025	KEV
CVE-2013-3918	High	87.0%	MicrosoftWindows	Microsoft Windows contains an out-of-bounds write vulnerability in the InformationCardSigninHelper Class ActiveX control, icardie.dll. An attacker could exploit the vulnerability by constructing a specially crafted webpage. When a user views the webpage, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.	Oct 6, 2025	KEV
CVE-2010-3962	High	88.3%	MicrosoftInternet Explorer	Microsoft Internet Explorer contains an uninitialized memory corruption vulnerability that could allow for remote code execution. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.	Oct 6, 2025	KEV
CVE-2010-3765	High	86.0%	MozillaMultiple Products	Mozilla Firefox, SeaMonkey, and Thunderbird contain an unspecified vulnerability when JavaScript is enabled. This allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption.	Oct 6, 2025	KEV
CVE-2011-3402	High	90.3%	MicrosoftWindows	Microsoft Windows Kernel contains an unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers that allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page.	Oct 6, 2025	KEV
CVE-2017-1000353	High 9.8	94.5%	JenkinsJenkins	Jenkins contains a remote code execution vulnerability. This vulnerability that could allowed attackers to transfer a serialized Java SignedObject object to the remoting-based Jenkins CLI, that would be deserialized using a new ObjectInputStream, bypassing the existing blocklist-based protection mechanism.	Oct 2, 2025	KEVExploit
CVE-2025-21043	High	4.9%	SamsungMobile Devices	Samsung mobile devices contain an out-of-bounds write vulnerability in libimagecodec.quram.so which allows remote attackers to execute arbitrary code.	Oct 2, 2025	KEV
CVE-2015-7755	High	85.6%	JuniperScreenOS	Juniper ScreenOS contains an improper authentication vulnerability that could allow unauthorized remote administrative access to the device.	Oct 2, 2025	KEV
CVE-2025-4008	High	39.9%	SmartbeddedMeteobridge	Smartbedded Meteobridge contains a command injection vulnerability that could allow remote unauthenticated attackers to gain arbitrary command execution with elevated privileges (root) on affected devices.	Oct 2, 2025	KEV
CVE-2014-6278	High	90.1%	GNUGNU Bash	GNU Bash contains an OS command injection vulnerability which allows remote attackers to execute arbitrary commands via a crafted environment.	Oct 2, 2025	KEV
CVE-2025-10035	High	52.0%	FortraGoAnywhere MFT	Fortra GoAnywhere MFT contains a deserialization of untrusted data vulnerability allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection.	Sep 29, 2025	KEV
CVE-2025-59689	High	6.0%	LibraesvaEmail Security Gateway	Libraesva Email Security Gateway (ESG) contains a command injection vulnerability which allows command injection via a compressed e-mail attachment.	Sep 29, 2025	KEV
CVE-2025-20352	High	2.0%	CiscoIOS and IOS XE	Cisco IOS and IOS XE contains a stack-based buffer overflow vulnerability in the Simple Network Management Protocol (SNMP) subsystem that could allow for denial of service or remote code execution. A successful exploit could allow a low-privileged attacker to cause the affected system to reload, resulting in a DoS condition, or allow a high-privileged attacker to execute arbitrary code as the root user and obtain full control of the affected system.	Sep 29, 2025	KEV
CVE-2025-32463	High	26.5%	SudoSudo	Sudo contains an inclusion of functionality from untrusted control sphere vulnerability. This vulnerability could allow local attacker to leverage sudo’s -R (--chroot) option to run arbitrary commands as root, even if they are not listed in the sudoers file.	Sep 29, 2025	KEV
CVE-2021-21311	High	94.2%	AdminerAdminer	Adminer contains a server-side request forgery vulnerability that, when exploited, allows a remote attacker to obtain potentially sensitive information.	Sep 29, 2025	KEV
CVE-2025-20333	High	18.8%	CiscoSecure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense	Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Software VPN Web Server contain a buffer overflow vulnerability that allows for remote code execution. This vulnerability could be chained with CVE-2025-20362.	Sep 25, 2025	KEV
CVE-2025-20362	High	37.1%	CiscoSecure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense	Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Software VPN Web Server contain a missing authorization vulnerability. This vulnerability could be chained with CVE-2025-20333.	Sep 25, 2025	KEV
CVE-2025-10585	High	0.7%	GoogleChromium V8	Google Chromium contains a type confusion vulnerability in the V8 JavaScript and WebAssembly engine.	Sep 23, 2025	KEV

CVE-2021-22555KEV

High

Linux Kernel contains a heap out-of-bounds write vulnerability that could allow an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space.

LinuxEPSS 85.2%

CVE-2025-61882KEV

High

Oracle E-Business Suite contains an unspecified vulnerability in the BI Publisher Integration component. The vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks can result in takeover of Oracle Concurrent Processing.

OracleEPSS 88.2%

CVE-2021-43226KEV

High

Microsoft Windows Common Log File System Driver contains a privilege escalation vulnerability that could allow a local, privileged attacker to bypass certain security mechanisms.

MicrosoftEPSS 7.3%

CVE-2013-3918KEV

High

Microsoft Windows contains an out-of-bounds write vulnerability in the InformationCardSigninHelper Class ActiveX control, icardie.dll. An attacker could exploit the vulnerability by constructing a specially crafted webpage. When a user views the webpage, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

MicrosoftEPSS 87.0%

CVE-2010-3962KEV

High

Microsoft Internet Explorer contains an uninitialized memory corruption vulnerability that could allow for remote code execution. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

MicrosoftEPSS 88.3%

CVE-2010-3765KEV

High

Mozilla Firefox, SeaMonkey, and Thunderbird contain an unspecified vulnerability when JavaScript is enabled. This allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption.

MozillaEPSS 86.0%

CVE-2011-3402KEV

High

Microsoft Windows Kernel contains an unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers that allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page.

MicrosoftEPSS 90.3%

CVE-2017-1000353KEV

High

Jenkins contains a remote code execution vulnerability. This vulnerability that could allowed attackers to transfer a serialized Java SignedObject object to the remoting-based Jenkins CLI, that would be deserialized using a new ObjectInputStream, bypassing the existing blocklist-based protection mechanism.

JenkinsCVSS 9.8EPSS 94.5%

Exploit

CVE-2025-21043KEV

High

Samsung mobile devices contain an out-of-bounds write vulnerability in libimagecodec.quram.so which allows remote attackers to execute arbitrary code.

SamsungEPSS 4.9%

CVE-2015-7755KEV

High

Juniper ScreenOS contains an improper authentication vulnerability that could allow unauthorized remote administrative access to the device.

JuniperEPSS 85.6%

CVE-2025-4008KEV

High

Smartbedded Meteobridge contains a command injection vulnerability that could allow remote unauthenticated attackers to gain arbitrary command execution with elevated privileges (root) on affected devices.

SmartbeddedEPSS 39.9%

CVE-2014-6278KEV

High

GNU Bash contains an OS command injection vulnerability which allows remote attackers to execute arbitrary commands via a crafted environment.

GNUEPSS 90.1%

CVE-2025-10035KEV

High

Fortra GoAnywhere MFT contains a deserialization of untrusted data vulnerability allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection.

FortraEPSS 52.0%

CVE-2025-59689KEV

High

Libraesva Email Security Gateway (ESG) contains a command injection vulnerability which allows command injection via a compressed e-mail attachment.

LibraesvaEPSS 6.0%

CVE-2025-20352KEV

High

Cisco IOS and IOS XE contains a stack-based buffer overflow vulnerability in the Simple Network Management Protocol (SNMP) subsystem that could allow for denial of service or remote code execution. A successful exploit could allow a low-privileged attacker to cause the affected system to reload, resulting in a DoS condition, or allow a high-privileged attacker to execute arbitrary code as the root user and obtain full control of the affected system.

CiscoEPSS 2.0%

CVE-2025-32463KEV

High

Sudo contains an inclusion of functionality from untrusted control sphere vulnerability. This vulnerability could allow local attacker to leverage sudo’s -R (--chroot) option to run arbitrary commands as root, even if they are not listed in the sudoers file.

SudoEPSS 26.5%

CVE-2021-21311KEV

High

Adminer contains a server-side request forgery vulnerability that, when exploited, allows a remote attacker to obtain potentially sensitive information.

AdminerEPSS 94.2%

CVE-2025-20333KEV

High

Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Software VPN Web Server contain a buffer overflow vulnerability that allows for remote code execution. This vulnerability could be chained with CVE-2025-20362.

CiscoEPSS 18.8%

CVE-2025-20362KEV

High

Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Software VPN Web Server contain a missing authorization vulnerability. This vulnerability could be chained with CVE-2025-20333.

CiscoEPSS 37.1%

CVE-2025-10585KEV

High

Google Chromium contains a type confusion vulnerability in the V8 JavaScript and WebAssembly engine.

GoogleEPSS 0.7%

38 39 40 41 42 43 44