Latest CVE Feed
-
5.7
MEDIUMCVE-2025-55248
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 linux_kernel .net_framework windows_server_2019 macos windows_10_1607 windows_10_1809 windows_10_21h2 +10 more products- Published: Oct. 14, 2025
- Modified: Oct. 23, 2025
-
5.7
MEDIUMCVE-2025-24847
Improper input validation for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an information disclosure. Unprivileged software adversary with a privileged user combined with a low complexity attack ... Read more
Affected Products : computing_improvement_program- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Information Disclosure
-
5.6
MEDIUMCVE-2025-12418
Potential Denial of Service issue in all supported versions of Revenera InstallShield version 2025 R1, 2024 R2, 2023 R2, and prior. When e.g., a local administrator performs an uninstall, a symlink may get followed on removal of a user writeable configura... Read more
Affected Products : installshield- Published: Nov. 07, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Denial of Service
-
5.6
MEDIUMCVE-2025-53860
A vulnerability exists in F5OS-A software that allows a highly privileged authenticated attacker to access sensitive FIPS hardware security module (HSM) information on F5 rSeries systems. Note: Software versions which have reached End of Technical Suppor... Read more
- Published: Oct. 15, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authorization
-
5.6
MEDIUMCVE-2025-8871
The Everest Forms (Pro) plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted input in the mime_content_type() function. This makes it possible for unauthenticated attackers... Read more
Affected Products : everest_forms- Published: Nov. 05, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Injection
-
5.6
MEDIUMCVE-2025-54271
Creative Cloud Desktop versions 6.7.0.278 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to arbitrary file system write. A low-privileged attacker could exploit the timing between the check an... Read more
- Published: Oct. 15, 2025
- Modified: Oct. 17, 2025
- Vuln Type: Race Condition
-
5.6
MEDIUMCVE-2024-32014
A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to alter the local database which contains the application credentials. This allows an attacker to gain administrative app... Read more
Affected Products : spectrum_power_4- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Authentication
-
5.5
MEDIUMCVE-2025-62209
Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 windows_server_23h2 +3 more products- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
5.5
MEDIUMCVE-2025-55683
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 27, 2025
-
5.5
MEDIUMCVE-2025-59184
Exposure of sensitive information to an unauthorized actor in Windows High Availability Services allows an authorized attacker to disclose information locally.... Read more
- Published: Oct. 14, 2025
- Modified: Nov. 07, 2025
-
5.5
MEDIUMCVE-2025-43348
A logic issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may bypass Gatekeeper checks.... Read more
Affected Products : macos- Published: Nov. 04, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Authentication
-
5.5
MEDIUMCVE-2025-11852
A vulnerability was found in Apeman ID71 218.53.203.117. The impacted element is an unknown function of the file /onvif/device_service of the component ONVIF Service. Performing manipulation results in missing authentication. The attack is possible to be ... Read more
Affected Products :- Published: Oct. 16, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authentication
-
5.5
MEDIUMCVE-2025-12632
The RandomQuotr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers... Read more
Affected Products :- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Cross-Site Scripting
-
5.5
MEDIUMCVE-2025-46602
Dell SupportAssist OS Recovery, versions prior to 5.5.15.0, contain an Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability,... Read more
Affected Products : supportassist_os_recovery- Published: Oct. 27, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Information Disclosure
-
5.5
MEDIUMCVE-2025-55336
Exposure of sensitive information to an unauthorized actor in Windows Cloud Files Mini Filter Driver allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 +3 more products- Published: Oct. 14, 2025
- Modified: Oct. 27, 2025
-
5.5
MEDIUMCVE-2025-47979
Insertion of sensitive information into log file in Windows Failover Cluster allows an authorized attacker to disclose information locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 20, 2025
-
5.5
MEDIUMCVE-2025-43397
A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to cause a denial-of-service.... Read more
Affected Products : macos- Published: Nov. 04, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2025-59260
Exposure of sensitive information to an unauthorized actor in Microsoft Failover Cluster Virtual Driver allows an authorized attacker to disclose information locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 20, 2025
-
5.5
MEDIUMCVE-2025-59188
Exposure of sensitive information to an unauthorized actor in Windows Failover Cluster allows an authorized attacker to disclose information locally.... Read more
- Published: Oct. 14, 2025
- Modified: Nov. 05, 2025
-
5.5
MEDIUMCVE-2025-59186
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.... Read more
- Published: Oct. 14, 2025
- Modified: Nov. 05, 2025