#high-epss
21 articles
CVE-2010-0249: 2010 Vulnerability Now Actively Exploited (Microsoft)
Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object. The impacted p...
CVE-2024-21182: 2024 Vulnerability Now Actively Exploited (Oracle)
Oracle WebLogic contains an unspecified vulnerability that could allow an unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vul...
CVE-2008-4250: 2008 Vulnerability Now Actively Exploited (Microsoft)
Microsoft Windows contains a buffer overflow vulnerability in the Windows Server Service that allows remote attackers to execute arbitrary code via a crafted RPC request that triggers an overflow duri...
CVE-2009-1537: 2009 Vulnerability Now Actively Exploited (Microsoft)
Microsoft DirectX contains a NULL byte overwrite vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow which could allow remote attackers to execute arbitrary code via a craft...
CVE-2009-3459: 2009 Vulnerability Now Actively Exploited (Adobe)
Adobe Acrobat and Reader contain a heap-based buffer overflow vulnerability which could allow remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption....
CVE-2010-0806: 2010 Vulnerability Now Actively Exploited (Microsoft)
Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion o...
CVE-2024-1708: 2024 Vulnerability Now Actively Exploited (ConnectWise)
ConnectWise ScreenConnect contains a path traversal vulnerability which could allow an attacker to execute remote code or directly impact confidential data and critical systems....
CVE-2024-7399: 2024 Vulnerability Now Actively Exploited (Samsung)
Samsung MagicINFO 9 Server contains a path traversal vulnerability that could allow an attacker to write arbitrary files as system authority....
CVE-2024-27199: 2024 Vulnerability Now Actively Exploited (JetBrains)
JetBrains TeamCity contains a relative path traversal vulnerability that could allow limited admin actions to be performed....
CVE-2009-0238: 2009 Vulnerability Now Actively Exploited (Microsoft)
Microsoft Office Excel contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system if a user opens a specially crafted Excel file that in...
CVE-2020-9715: 2020 Vulnerability Now Actively Exploited (Adobe)
Adobe Acrobat contains a use-after-free vulnerability that allows for code execution...
CVE-2026-1340: Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution....
CVE-2026-1731: BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability
BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)contain an OS command injection vulnerability. Successful exploitation could allow an unauthenticated remote attacker to execute opera...
CVE-2025-32432: High-Risk Craft CMS Vulnerability (EPSS: 79%)
Craft CMS contains a code injection vulnerability that allows a remote attacker to execute arbitrary code....
CVE-2025-68613: High-Risk n8n Vulnerability (EPSS: 79%)
n8n contains an improper control of dynamically managed code resources vulnerability in its workflow expression evaluation system that allows for remote code execution....
CVE-2025-49113: High-Risk Webmail Vulnerability (EPSS: 90%)
RoundCube Webmail contains a deserialization of untrusted data vulnerability that allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/a...
CVE-2021-22054: 2021 Vulnerability Now Actively Exploited (Omnissa)
Omnissa Workspace One UEM contains a server-side request forgery (SSRF) vulnerability that could allow a malicious actor with network access to UEM to send t...
CVE-2017-7921: 2017 Vulnerability Now Actively Exploited (Hikvision)
Multiple Hikvision products contain an improper authentication vulnerability that could allow a malicious user to escalate privileges on the system and gain access to sensitive information....
CVE-2008-0015: 2008 Vulnerability Now Actively Exploited (Microsoft)
Microsoft Windows Video ActiveX Control contains a remote code execution vulnerability. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the ...
CVE-2020-7796: 2020 Vulnerability Now Actively Exploited (Synacor)
Synacor Zimbra Collaboration Suite (ZCS) contains a server-side request forgery vulnerability if WebEx zimlet installed and zimlet JSP is enabled....
CVE-2024-43468: 2024 Vulnerability Now Actively Exploited (Microsoft)
Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment wh...