CVE & CISA-KEV Catalog

362,600 CVEs1,630 actively exploited (KEV)AboutAPI
Active:
  • CVSS 9.1 v3·EPSS 0.5%·Fix available

    There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attacker to cause an arbitrary memory dereference, potentially resulting in remote code execution. Successful exploitation requires an attacker to supply a specially crafted Moniker protobuf message. This affects NI grpc-device 2.17.0 and prior versions.

    Published 2026-06-19

  • CVSS 7.8 v3·EPSS 0.4%·Fix available

    Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

    Published 2026-06-09

  • CVSS 7.8 v3·EPSS 0.4%·No fix yet

    Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

    Published 2026-06-09

  • CVSS 7.8 v3·EPSS 0.5%·Fix available

    Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

    Published 2026-06-09

  • CVSS 5.5 v3·EPSS 0.4%·Fix available

    Use after free in Windows Network Controller (NC) Host Agent allows an authorized attacker to deny service locally.

    Published 2026-06-09

  • CVSS 7.3 v3·EPSS 0.3%·Fix available

    IBM HTTP Server 8.5, and 9.0 is vulnerable to invalid pointer dereference. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to expose sensitive information or cause a denial of service.

    Published 2026-05-26

  • CVSS 8.4 v3·EPSS 0.5%·Fix available

    Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.

    Published 2026-05-20

  • CVSS 7.2 v4·EPSS 0.1%·No fix yet

    An untrusted pointer dereference in the ionic cloud driver for VMWare ESXi could allow an attacker with an unprivileged VM to read kernel memory or co-located guest VM memory, potentially resulting in loss of confidentiality or availability.

    Published 2026-05-13

  • CVSS 8.5 v4·EPSS 0.1%·No fix yet

    Untrusted pointer dereference for some Intel(R) QuickAssist Adapter 8960 software before version 1.13 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

    Published 2026-05-12

  • CVSS 7.8 v3·EPSS 4.7%·Fix available

    Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

    Published 2026-05-12

  • CVSS 7.8 v3·EPSS 0.1%·No fix yet

    Memory corruption when another driver calls an IOCTL with invalid input/output buffer.

    Published 2026-05-04

  • CVSS 7.8 v3·EPSS 0.1%·No fix yet

    Memory corruption when processing camera sensor input/output control codes with invalid output buffers.

    Published 2026-05-04

  • CVSS 8.8 v3·EPSS 0.7%·Fix available

    Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.

    Published 2026-04-14

  • CVSS 8.4 v3·EPSS 0.3%·No fix yet

    Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

    Published 2026-04-14

  • CVSS 7.8 v3·EPSS 0.3%·Fix available

    Untrusted pointer dereference in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

    Published 2026-04-14

  • CVSS 7.8 v3·EPSS 0.3%·Fix available

    Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.

    Published 2026-04-14

  • CVSS 7.8 v3·EPSS 0.2%·Fix available

    Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.

    Published 2026-04-14

  • CVSS 7.8 v3·EPSS 0.3%·Fix available

    Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.

    Published 2026-04-14

  • CVSS 7.8 v3·EPSS 0.3%·Fix available

    Untrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally.

    Published 2026-04-14

  • CVSS 5.7 v3·EPSS 0.3%·Fix available

    Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.

    Published 2026-04-14

  • CVSS 8.4 v3·EPSS 0.5%·Fix available

    Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.

    Published 2026-03-10

  • CVSS 7.8 v3·EPSS 0.5%·Fix available

    Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

    Published 2026-03-10

  • CVSS -·EPSS 0.1%·No fix yet

    Improper syscall input validation in ASP (AMD Secure Processor) may force the kernel into reading syscall parameter values from its own memory space allowing an attacker to infer the contents of the kernel memory leading to potential information disclosure.

    Published 2026-02-10

  • CVSS 7.8 v3·EPSS 1.0%·Fix available

    Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.

    Published 2026-02-10

  • CVSS 7.8 v3·EPSS 0.4%·Fix available

    Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.

    Published 2026-02-10

  • CVSS 5.5 v3·EPSS 0.1%·Fix available

    An Untrusted Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to cause a Denial-of-Service (DoS). When the command 'show route < ( receive-protocol | advertising-protocol ) bgp > detail' is executed, and at least one of the routes in the intended output has specific attributes, this will cause an rpd crash and restart. 'show route ... extensive' is not affected. This issue affects: Junos OS: * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S5, * 23.4 versions before 23.4R2-S5, * 24.2 versions before 24.2R2-S2, * 24.4 versions before 24.4R2; Junos OS Evolved: * all versions before 22.4R3-S8-EVO, * 23.2 version

    Published 2026-01-15

  • CVSS 7.8 v3·EPSS 0.4%·No fix yet

    Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

    Published 2026-01-13

  • CVSS 7.8 v3·EPSS 0.6%·Fix available

    Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

    Published 2026-01-13

  • CVSS 7.8 v3·EPSS 0.5%·Fix available

    Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

    Published 2026-01-13

  • CVSS 7.8 v3·EPSS 0.5%·Fix available

    Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

    Published 2026-01-13

  • CVSS 7.8 v3·EPSS 0.5%·Fix available

    Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.

    Published 2026-01-13

  • CVSS 6.2 v3·EPSS 0.4%·Fix available

    Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an unauthorized attacker to disclose information locally.

    Published 2026-01-13

  • CVSS 7.8 v3·EPSS 0.5%·Fix available

    Untrusted pointer dereference in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

    Published 2026-01-13

  • CVSS 5.5 v3·EPSS 0.5%·Fix available

    Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to disclose information locally.

    Published 2026-01-13

  • CVSS 7.8 v3·EPSS 0.5%·Fix available

    Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

    Published 2026-01-13

  • CVSS 7.8 v3·EPSS 0.1%·No fix yet

    Memory corruption while preprocessing IOCTLs in sensors.

    Published 2026-01-07

  • CVSS 7.8 v3·EPSS 0.1%·No fix yet

    Memory corruption while processing a video session to set video parameters.

    Published 2026-01-07

  • CVSS 6.2 v3·EPSS 0.1%·No fix yet

    An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, 2500. An invalid kernel address dereference in the issimian device driver leads to a denial of service.

    Published 2026-01-05

  • CVSS 7.8 v3·EPSS 0.1%·No fix yet

    Memory Corruption when processing IOCTLs for JPEG data without verification.

    Published 2025-12-18

  • CVSS 6.5 v3·EPSS 0.1%·No fix yet

    Information disclosure while processing system calls with invalid parameters.

    Published 2025-12-18

  • CVSS 7.8 v3·EPSS 0.5%·Fix available

    Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

    Published 2025-12-09

  • CVSS 7.8 v3·EPSS 0.5%·Fix available

    Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

    Published 2025-12-09

  • CVSS 7.8 v3·EPSS 0.5%·Fix available

    Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

    Published 2025-12-09

  • CVSS 8.8 v3·EPSS 1.2%·Fix available

    Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

    Published 2025-12-09

  • CVSS 6.5 v3·EPSS 0.1%·Fix available

    Untrusted pointer dereference for some Intel QuickAssist Technology software before version 2.6.0 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a low complexity attack may enable data manipulation. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (high) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

    Published 2025-11-11

  • CVSS 6.5 v3·EPSS 0.1%·Fix available

    Untrusted pointer dereference for some Intel(R) QAT Windows software before version 2.6.0. within Ring 3: User Applications may allow an information disclosure. System software adversary with an authenticated user combined with a low complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

    Published 2025-11-11

  • CVSS 7.8 v3·EPSS 0.5%·Fix available

    Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

    Published 2025-11-11

  • CVSS 4.3 v3·EPSS 0.7%·No fix yet

    Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.

    Published 2025-11-11

  • CVSS 7.0 v3·EPSS 1.7%·Fix available

    Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

    Published 2025-11-11

  • CVSS 7.8 v3·EPSS 0.4%·Fix available

    Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.

    Published 2025-11-11

Uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog.