CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source):[email protected] Remove this filter

Showing 2140 of 13350 results
«« First « Prev Page 2 / 668 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2025-54914 Azure Networking Elevation of Privilege Vulnerability 10.0 2.24% 2025-09-04 2026-06-17
CVE-2025-53767 Azure OpenAI Elevation of Privilege Vulnerability 10.0 1.08% 2025-08-07 2026-06-17
CVE-2025-49752 Azure Bastion Elevation of Privilege Vulnerability 10.0 0.88% 2025-11-20 2026-06-17
CVE-2025-29813 Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network. 10.0 1.48% 2025-05-08 2026-06-17
CVE-2022-37968 Microsoft has identified a vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. This vulnerability could allow an unauthenticated user to elevate their privileges and potentially gain administrative control over the Kubernetes cluster. Additionally, because Azure Stack Edge allows customers to deploy Kubernetes workloads on their devices via Azure Arc, Azure Stack Edge devices are also vulnerable to this vulnerability. 10.0 2.59% 2022-10-11 2026-06-17
CVE-2021-42313 Microsoft Defender for IoT Remote Code Execution Vulnerability 10.0 3.82% 2021-12-15 2026-06-17
CVE-2021-42311 Microsoft Defender for IoT Remote Code Execution Vulnerability 10.0 4.03% 2021-12-15 2026-06-17
CVE-2020-1467 An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by correcting how W 10.0 3.55% 2020-08-17 2026-06-16
CVE-2020-1350 KEV A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'. 10.0 92.18% 2020-07-14 2026-06-16
CVE-2020-0796 KEV A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'. 10.0 99.81% 2020-03-12 2026-06-16
CVE-2019-1372 An remote code execution vulnerability exists when Azure App Service/ Antares on Azure Stack fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability could allow an unprivileged function run by the user to execute code in the context of NT AUTHORITY\system thereby escaping the Sandbox.The security update addresses the vulnerability by ensuring that Azure App Service sanitizes user inputs., aka 'Azure App Service Remote Code Exe 10.0 17.83% 2019-10-10 2026-06-16
CVE-2015-2373 The Remote Desktop Protocol (RDP) server service in Microsoft Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a series of crafted packets, aka "Remote Desktop Protocol (RDP) Remote Code Execution Vulnerability." 10.0 38.97% 2015-07-14 2026-06-16
CVE-2015-0014 Buffer overflow in the Telnet service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows Telnet Service Buffer Overflow Vulnerability." 10.0 96.89% 2015-01-13 2026-06-16
CVE-2014-6321 Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via crafted packets, aka "Microsoft Schannel Remote Code Execution Vulnerability." 10.0 95.99% 2014-11-11 2026-06-16
CVE-2014-4121 Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse internationalized resource identifiers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted request to a .NET web application, aka ".NET Framework Remote Code Execution Vulnerability." 10.0 19.23% 2014-10-15 2026-06-16
CVE-2014-4073 Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the ClickOnce installer, which allows remote attackers to gain privileges via vectors involving Internet Explorer, aka ".NET ClickOnce Elevation of Privilege Vulnerability." 10.0 23.43% 2014-10-15 2026-06-16
CVE-2014-1806 The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly restrict memory access, which allows remote attackers to execute arbitrary code via vectors involving malformed objects, aka "TypeFilterLevel Vulnerability." 10.0 39.59% 2014-05-14 2026-06-16
CVE-2014-1764 Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism by leveraging "object confusion" in a broker process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014. 10.0 37.37% 2014-04-27 2026-06-16
CVE-2014-1763 Use-after-free vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014. 10.0 22.56% 2014-04-27 2026-06-16
CVE-2014-0294 Microsoft Forefront Protection 2010 for Exchange Server does not properly parse e-mail content, which might allow remote attackers to execute arbitrary code via a crafted message, aka "RCE Vulnerability." 10.0 20.89% 2014-02-11 2026-06-16
«« First « Prev Page 2 / 668 Next »
cvelogic Threat Intelligence