Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing locally.
External control of file name or path in Windows Kernel allows an authorized attacker to elevate privileges locally.
Improper restriction of names for files and other resources in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network.
Improper verification of cryptographic signature in Windows Certificates allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-47643
CRITICAL CVSS 9.8
Find Similar
External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network.
External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.
CVE-2026-21510
HIGH CVSS 8.8 KEV
Find Similar
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
Out-of-bounds read in Windows Extensible File Allocation allows an authorized attacker to elevate privileges locally.
CVE-2025-54945
CRITICAL CVSS 10.0
Find Similar
An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious file by
CVE-2025-32706
HIGH CVSS 7.8 KEV
Find Similar
Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-32202
MEDIUM CVSS 4.3 KEV
Find Similar
Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
Improper authentication in Windows Remote Desktop Protocol allows an authorized attacker to bypass a security feature locally.
Authentication bypass by spoofing in Microsoft Configuration Manager allows an authorized attacker to perform spoofing over an adjacent network.
Out-of-bounds read in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.