CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source):[email protected] Remove this filter

Showing 4160 of 13348 results
«« First « Prev Page 3 / 668 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2017-0096 Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to obtain sensitive information from host OS memory via a crafted application, aka "Hyper-V Information Disclosure Vulnerability." 2.6 1.92% 2017-03-16 2026-06-16
CVE-2015-2476 The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "WebDAV Client Information Disclosure Vulnerability." 2.6 11.15% 2015-08-14 2026-06-16
CVE-2015-1648 ASP.NET in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, when the customErrors configuration is disabled, allows remote attackers to obtain sensitive configuration-file information via a crafted request, aka "ASP.NET Information Disclosure Vulnerability." 2.6 34.86% 2015-04-14 2026-06-16
CVE-2010-0808 Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not prevent script from simulating user interaction with the AutoComplete feature, which allows remote attackers to obtain sensitive form information via a crafted web site, aka "AutoComplete Information Disclosure Vulnerability." 2.6 9.71% 2010-10-13 2026-06-16
CVE-2009-1536 ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability." 2.6 51.32% 2009-08-12 2026-06-16
CVE-2006-5578 Microsoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive information via unspecified vectors involving certain drag and drop operations, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5577. 2.6 21.15% 2006-12-12 2026-06-16
CVE-2006-4685 The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains. 2.6 19.70% 2006-10-10 2026-06-16
CVE-2006-1193 Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing." 2.6 39.17% 2006-06-13 2026-06-16
CVE-2006-1192 Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address Bar Spoofing Vulnerability." NOTE: this is a different vulnerability than CVE-2006-1626. 2.6 31.47% 2006-04-11 2026-06-16
CVE-2005-2126 The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted filenames. 2.6 13.83% 2005-10-21 2026-06-16
CVE-2016-3272 The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles page-fault system calls, which allows local users to obtain sensitive information from an arbitrary process via a crafted application, aka "Windows Kernel Information Disclosure Vulnerability." 2.8 43.28% 2016-07-12 2026-06-16
CVE-2016-3251 The GDI component in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to obtain sensitive kernel-address information via a crafted application, aka "Win32k Information Disclosure Vulnerability." 2.8 58.07% 2016-07-12 2026-06-16
CVE-2023-32024 Microsoft Power Apps Spoofing Vulnerability 3.0 1.49% 2023-06-14 2026-06-17
CVE-2026-0102 Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of stored autofill data such as addresses, email, or phone number metadata. 3.1 0.46% 2026-02-17 2026-06-17
CVE-2025-65046 Microsoft Edge (Chromium-based) Spoofing Vulnerability 3.1 0.23% 2025-12-18 2026-06-17
CVE-2025-59280 Improper authentication in Windows SMB Client allows an unauthorized attacker to perform tampering over a network. 3.1 0.41% 2025-10-14 2026-06-17
CVE-2025-49731 Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network. 3.1 0.37% 2025-07-08 2026-06-17
CVE-2023-38158 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability 3.1 1.20% 2023-08-21 2026-06-17
CVE-2023-23395 Microsoft SharePoint Server Spoofing Vulnerability 3.1 0.60% 2023-03-14 2026-06-17
CVE-2022-29147 Microsoft Edge (Chromium-based) Spoofing Vulnerability 3.1 0.61% 2023-06-28 2026-06-17
«« First « Prev Page 3 / 668 Next »
cvelogic Threat Intelligence