Patchapalooza Exploits

312 exploits tracked across all sources.

Sort: Newest Stars
CVE-2021-1732 PATCHAPALOOZA HIGH
Microsoft Windows 10 1803 - Out-of-Bounds Write
Windows Win32k Elevation of Privilege Vulnerability
by paipo
CVSS 7.8
CVE-2018-8174 PATCHAPALOOZA HIGH
Windows VBScript Engine - RCE
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
by shaoyine
CVSS 7.5
CVE-2026-21509 PATCHAPALOOZA HIGH
Microsoft Office - Info Disclosure
Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.
by Ashwesker
CVSS 7.8
CVE-2025-53772 PATCHAPALOOZA HIGH
Web Deploy - Code Injection
Deserialization of untrusted data in Web Deploy allows an authorized attacker to execute code over a network.
by sailay1996
CVSS 8.8
CVE-2025-24071 PATCHAPALOOZA MEDIUM
Microsoft Windows 10 1507 < 10.0.10240.20947 - Information Disclosure
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
by WhiteDominion
CVSS 6.5
CVE-2025-24054 PATCHAPALOOZA MEDIUM
Windows NTLM - Path Traversal
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
by WhiteDominion
CVSS 6.5
CVE-2025-33073 PATCHAPALOOZA HIGH
Windows SMB - Privilege Escalation
Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.
by Iddygodwin
CVSS 8.8
CVE-2025-33073 PATCHAPALOOZA HIGH
Windows SMB - Privilege Escalation
Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.
by B1ack4sh
CVSS 8.8
CVE-2025-59287 PATCHAPALOOZA CRITICAL
Microsoft Windows Server 2012 - Insecure Deserialization
Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
by crondenice
CVSS 9.8
CVE-2025-29824 PATCHAPALOOZA HIGH
Microsoft Windows 10 1507 < 10.0.10240.20978 - Use After Free
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
by zmkeh
CVSS 7.8
CVE-2025-21333 PATCHAPALOOZA HIGH
Microsoft Windows 10 21h2 < 10.0.19044.5371 - Heap Buffer Overflow
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
by pradip022
CVSS 7.8
CVE-2025-53770 PATCHAPALOOZA CRITICAL
Microsoft SharePoint Server - Code Injection
Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.
by Kamal-Hegazi
CVSS 9.8
CVE-2023-23397 PATCHAPALOOZA CRITICAL
Microsoft Outlook - Privilege Escalation
Microsoft Outlook Elevation of Privilege Vulnerability
by asocsam
CVSS 9.8
CVE-2025-53770 PATCHAPALOOZA CRITICAL
Microsoft SharePoint Server - Code Injection
Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.
by bijikutu
CVSS 9.8
CVE-2025-53770 PATCHAPALOOZA CRITICAL
Microsoft SharePoint Server - Code Injection
Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.
by GreenForceNetwork
CVSS 9.8
CVE-2025-53770 PATCHAPALOOZA CRITICAL
Microsoft SharePoint Server - Code Injection
Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.
by b33b0y
CVSS 9.8
CVE-2024-35250 PATCHAPALOOZA HIGH
Windows Kernel-Mode Driver - Privilege Escalation
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
by zsxen
CVSS 7.8
CVE-2025-33073 PATCHAPALOOZA HIGH
Windows SMB - Privilege Escalation
Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.
by joaozixx
CVSS 8.8
CVE-2020-0796 PATCHAPALOOZA CRITICAL
Microsoft Windows 10 1903 - Memory Corruption
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
by maqeel-git
CVSS 10.0
CVE-2025-21333 PATCHAPALOOZA HIGH
Microsoft Windows 10 21h2 < 10.0.19044.5371 - Heap Buffer Overflow
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
by B1ack4sh
CVSS 7.8
CVE-2025-24071 PATCHAPALOOZA MEDIUM
Microsoft Windows 10 1507 < 10.0.10240.20947 - Information Disclosure
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
by B1ack4sh
CVSS 6.5
CVE-2019-0708 PATCHAPALOOZA CRITICAL
CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
by jinshengsoul
CVSS 9.8
CVE-2025-24054 PATCHAPALOOZA MEDIUM
Windows NTLM - Path Traversal
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
by ClementNjeru
CVSS 6.5
CVE-2020-0796 PATCHAPALOOZA CRITICAL
Microsoft Windows 10 1903 - Memory Corruption
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
by madanokr001
CVSS 10.0
CVE-2025-24071 PATCHAPALOOZA MEDIUM
Microsoft Windows 10 1507 < 10.0.10240.20947 - Information Disclosure
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
by xigney
CVSS 6.5
By Source
All 312 Exploitdb 50,196 Writeup 43,060 Nomisec 19,721 Metasploit 3,028 Github 2,086 Vulncheck_xdb 887 Inthewild 518 Gitlab 431 Gitee 415 Patchapalooza 312
By Language
text 31,307 ruby 5,759 python 5,758 c 3,536 perl 2,854 html 2,051 php 1,332 bash 459 java 359 javascript 255 c++ 242 shell 54 go 38 postscript 25 xml 24