Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
CVE-2025-53770
CRITICAL CVSS 9.8 KEV
Find Similar
Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exist
Deserialization of untrusted data in Microsoft Office allows an unauthorized attacker to elevate privileges locally.
CVE-2025-59287
CRITICAL CVSS 9.8 KEV
Find Similar
Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-49704
HIGH CVSS 8.8 KEV
Find Similar
Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-47732
CRITICAL CVSS 9.8
Find Similar
Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network.
CWE-502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server.
CVE-2025-49706
MEDIUM CVSS 6.5 KEV
Find Similar
Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution and compromise of system integrity when authenticated users send crafted data to a network-expose
Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network.