Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
CVE-2025-53770
CRITICAL CVSS 9.8 KEV
Find Similar
Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exist
Deserialization of untrusted data in Microsoft Office allows an unauthorized attacker to elevate privileges locally.
CVE-2025-59287
CRITICAL CVSS 9.8 KEV
Find Similar
Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-47732
CRITICAL CVSS 9.8
Find Similar
Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network.
CVE-2025-49706
MEDIUM CVSS 6.5 KEV
Find Similar
Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-49704
HIGH CVSS 8.8 KEV
Find Similar
Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CWE-502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server.
Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network.
CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution and compromise of system integrity when authenticated users send crafted data to a network-expose