Latest CVE Feed
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
Heap-based buffer overflow in Windows Win32K allows an authorized attacker to elevate privileges locally.
Stack-based buffer overflow in Active Directory Federation Services (AD FS) allows an unauthorized attacker to deny service over a network.
Integer underflow (wrap or wraparound) in Reliable Multicast Transport Driver (RMCAST) allows an unauthorized attacker to execute code over an adjacent network.
In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, there is Stored Cross-Site Scripting (XSS) via a crafted plain-text email message. The attacker-controlled JavaScript executes within the vi…
Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2 allows Stored Cross-Site Scripting (XSS). The issue occurs because the attachment MIME type is not properly escaped on the attachment-validation…
Heap-based buffer overflow in Windows Kernel allows an unauthorized attacker to elevate privileges with a physical attack.
Use after free in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.
Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code locally.
Loop with unreachable exit condition ('infinite loop') in Windows Active Directory allows an unauthorized attacker to deny service over a network.
Deserialization of untrusted data in SQL Server allows an authorized attacker to execute code over a network.
Deserialization of untrusted data in SQL Server allows an authorized attacker to execute code over a network.
Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K allows an authorized attacker to elevate privileges locally.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges locally.
Integer overflow or wraparound in Windows Resilient File System (ReFS) allows an authorized attacker to execute code locally.
External control of file name or path in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K allows an authorized attacker to elevate privileges locally.
Pillow is a Python imaging library. Prior to 12.3.0, when Pillow loads an uncompressed McIdas AREA image from a filename through the mmap raw codec path, attacker-controlled header words can set a ro…
Exposure of sensitive information to an unauthorized actor in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.