CVE-2019-11707 - A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox E... read CVE-2019-11707
Published: July 23, 2019; 10:15:15 AM -0400

V3.1: 8.8 HIGH
V2.0: 7.5 HIGH

CVE-2019-1132 - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.
Published: July 15, 2019; 3:15:21 PM -0400

V3.1: 7.8 HIGH
V2.0: 7.2 HIGH

CVE-2019-1130 - An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1129.
Published: July 15, 2019; 3:15:21 PM -0400

V3.1: 7.8 HIGH
V2.0: 7.2 HIGH

CVE-2019-1129 - An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1130.
Published: July 15, 2019; 3:15:20 PM -0400

V3.1: 7.8 HIGH
V2.0: 7.2 HIGH

CVE-2019-0880 - A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege Vulnerability'.
Published: July 15, 2019; 3:15:15 PM -0400

V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM

CVE-2019-1064 - An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'.
Published: June 12, 2019; 10:29:04 AM -0400

V3.1: 7.8 HIGH
V2.0: 7.2 HIGH

CVE-2019-0903 - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.
Published: May 16, 2019; 3:29:02 PM -0400

V3.1: 8.8 HIGH
V2.0: 9.3 HIGH

CVE-2019-0863 - An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.
Published: May 16, 2019; 3:29:00 PM -0400

V3.1: 7.8 HIGH
V2.0: 7.2 HIGH

CVE-2015-2419 - JScript 9 in Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "JScript9 Memory Corruption Vulnerability."
Published: July 14, 2015; 5:59:33 PM -0400

V3.1: 8.8 HIGH
V2.0: 9.3 HIGH

CVE-2012-0507 - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availabili... read CVE-2012-0507
Published: June 07, 2012; 6:55:17 PM -0400

V2.0: 10.0 HIGH

CVE-2025-24813 - Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: fro... read CVE-2025-24813
Published: March 10, 2025; 1:15:35 PM -0400

V3.1: 9.8 CRITICAL

CVE-2025-21333 - Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
Published: January 14, 2025; 1:15:58 PM -0500

V3.1: 7.8 HIGH

CVE-2024-20439 - A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a static administrative credential. This vulnerability is due to an undocumented static user credent... read CVE-2024-20439
Published: September 04, 2024; 1:15:13 PM -0400

V3.1: 9.8 CRITICAL

CVE-2023-20198 - Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that... read CVE-2023-20198
Published: October 16, 2023; 12:15:10 PM -0400

V3.1: 10.0 CRITICAL

CVE-2022-41082 - Microsoft Exchange Server Remote Code Execution Vulnerability
Published: October 02, 2022; 9:15:08 PM -0400

V3.1: 8.0 HIGH

CVE-2021-44228 - Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An a... read CVE-2021-44228
Published: December 10, 2021; 5:15:09 AM -0500

V3.1: 10.0 CRITICAL
V2.0: 9.3 HIGH

CVE-2021-30900 - An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.8.1 and iPadOS 14.8.1, iOS 15.1 and iPadOS 15.1. A malicious application may be able to execute arbitrary code with kernel privileges.
Published: August 24, 2021; 3:15:18 PM -0400

V3.1: 7.8 HIGH
V2.0: 9.3 HIGH

CVE-2021-31979 - Windows Kernel Elevation of Privilege Vulnerability
Published: July 14, 2021; 2:15:09 PM -0400

V2.0: 7.2 HIGH

CVE-2019-1253 - An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privi... read CVE-2019-1253
Published: September 11, 2019; 6:15:16 PM -0400

V3.1: 7.8 HIGH
V2.0: 7.2 HIGH

CVE-2019-1215 - An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303.
Published: September 11, 2019; 6:15:14 PM -0400

V3.1: 7.8 HIGH
V2.0: 7.2 HIGH