Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2025-54914 | Azure Networking Elevation of Privilege Vulnerability | 10.0 | 2.24% | 2025-09-04 | 2026-06-17 |
| CVE-2025-53767 | Azure OpenAI Elevation of Privilege Vulnerability | 10.0 | 1.08% | 2025-08-07 | 2026-06-17 |
| CVE-2025-49752 | Azure Bastion Elevation of Privilege Vulnerability | 10.0 | 0.88% | 2025-11-20 | 2026-06-17 |
| CVE-2025-29813 | Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network. | 10.0 | 1.48% | 2025-05-08 | 2026-06-17 |
| CVE-2022-37968 | Microsoft has identified a vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. This vulnerability could allow an unauthenticated user to elevate their privileges and potentially gain administrative control over the Kubernetes cluster. Additionally, because Azure Stack Edge allows customers to deploy Kubernetes workloads on their devices via Azure Arc, Azure Stack Edge devices are also vulnerable to this vulnerability. | 10.0 | 2.59% | 2022-10-11 | 2026-06-17 |
| CVE-2021-42313 | Microsoft Defender for IoT Remote Code Execution Vulnerability | 10.0 | 3.82% | 2021-12-15 | 2026-06-17 |
| CVE-2021-42311 | Microsoft Defender for IoT Remote Code Execution Vulnerability | 10.0 | 4.03% | 2021-12-15 | 2026-06-17 |
| CVE-2020-1467 | An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by correcting how W | 10.0 | 3.55% | 2020-08-17 | 2026-06-16 |
| CVE-2020-1350 KEV | A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'. | 10.0 | 92.18% | 2020-07-14 | 2026-06-16 |
| CVE-2020-0796 KEV | A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'. | 10.0 | 99.81% | 2020-03-12 | 2026-06-16 |
| CVE-2019-1372 | An remote code execution vulnerability exists when Azure App Service/ Antares on Azure Stack fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability could allow an unprivileged function run by the user to execute code in the context of NT AUTHORITY\system thereby escaping the Sandbox.The security update addresses the vulnerability by ensuring that Azure App Service sanitizes user inputs., aka 'Azure App Service Remote Code Exe | 10.0 | 17.83% | 2019-10-10 | 2026-06-16 |
| CVE-2015-2373 | The Remote Desktop Protocol (RDP) server service in Microsoft Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a series of crafted packets, aka "Remote Desktop Protocol (RDP) Remote Code Execution Vulnerability." | 10.0 | 38.97% | 2015-07-14 | 2026-06-16 |
| CVE-2015-0014 | Buffer overflow in the Telnet service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows Telnet Service Buffer Overflow Vulnerability." | 10.0 | 96.89% | 2015-01-13 | 2026-06-16 |
| CVE-2014-6321 | Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via crafted packets, aka "Microsoft Schannel Remote Code Execution Vulnerability." | 10.0 | 95.99% | 2014-11-11 | 2026-06-16 |
| CVE-2014-4121 | Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse internationalized resource identifiers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted request to a .NET web application, aka ".NET Framework Remote Code Execution Vulnerability." | 10.0 | 19.23% | 2014-10-15 | 2026-06-16 |
| CVE-2014-4073 | Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the ClickOnce installer, which allows remote attackers to gain privileges via vectors involving Internet Explorer, aka ".NET ClickOnce Elevation of Privilege Vulnerability." | 10.0 | 23.43% | 2014-10-15 | 2026-06-16 |
| CVE-2014-1806 | The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly restrict memory access, which allows remote attackers to execute arbitrary code via vectors involving malformed objects, aka "TypeFilterLevel Vulnerability." | 10.0 | 39.59% | 2014-05-14 | 2026-06-16 |
| CVE-2014-1764 | Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism by leveraging "object confusion" in a broker process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014. | 10.0 | 37.37% | 2014-04-27 | 2026-06-16 |
| CVE-2014-1763 | Use-after-free vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014. | 10.0 | 22.56% | 2014-04-27 | 2026-06-16 |
| CVE-2014-0294 | Microsoft Forefront Protection 2010 for Exchange Server does not properly parse e-mail content, which might allow remote attackers to execute arbitrary code via a crafted message, aka "RCE Vulnerability." | 10.0 | 20.89% | 2014-02-11 | 2026-06-16 |