Latest CVE Feed
-
7.8
HIGHCVE-2025-59275
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Oct. 14, 2025
- Modified: Oct. 27, 2025
-
7.8
HIGHCVE-2025-59243
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 16, 2025
-
7.8
HIGHCVE-2025-9870
Razer Synapse 3 RazerPhilipsHueUninstall Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to e... Read more
Affected Products : synapse- Published: Oct. 29, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Path Traversal
-
7.8
HIGHCVE-2025-10922
GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in tha... Read more
- Published: Oct. 29, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-55677
Untrusted pointer dereference in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 24, 2025
-
7.8
HIGHCVE-2025-24052
Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October c... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +11 more products- Published: Oct. 14, 2025
- Modified: Oct. 20, 2025
-
7.8
HIGHCVE-2025-57227
An unquoted service path in Kingosoft Technology Ltd Kingo ROOT v1.5.8.3353 allows attackers to escalate privileges via placing a crafted executable file into a parent folder.... Read more
Affected Products :- Published: Oct. 29, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Path Traversal
-
7.8
HIGHCVE-2025-9458
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.... Read more
Affected Products : shared_components- Published: Nov. 07, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-11464
Ashlar-Vellum Cobalt CO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to ex... Read more
Affected Products : cobalt- Published: Oct. 29, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-59227
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 16, 2025
-
7.8
HIGHCVE-2025-59241
Improper link resolution before file access ('link following') in Windows Health and Optimized Experiences Service allows an authorized attacker to elevate privileges locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
7.8
HIGHCVE-2025-53814
A use-after-free vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .xml file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.... Read more
Affected Products :- Published: Oct. 28, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-46423
Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability to execu... Read more
Affected Products : unity_operating_environment- Published: Oct. 30, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Injection
-
7.8
HIGHCVE-2025-47365
Memory corruption while processing large input data from a remote source via a communication interface.... Read more
Affected Products : qam8295p_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6145p_firmware sa6150p_firmware sa6155p_firmware sa8145p_firmware sa8150p_firmware sa8155p_firmware +60 more products- Published: Nov. 04, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-58720
Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 +3 more products- Published: Oct. 14, 2025
- Modified: Nov. 07, 2025
-
7.8
HIGHCVE-2025-59278
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Oct. 14, 2025
- Modified: Oct. 27, 2025
-
7.8
HIGHCVE-2025-59281
Improper link resolution before file access ('link following') in XBox Gaming Services allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : xbox_gaming_services- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
7.8
HIGHCVE-2025-62801
FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0, a command-injection vulnerability lets any attacker who can influence the server_name field of an MCP execute arbitrary OS commands on Windows hosts that run fastmc... Read more
Affected Products : fastmcp- Published: Oct. 28, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Injection
-
7.8
HIGHCVE-2025-43364
A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. An app may be able to break out of its sandbox.... Read more
Affected Products : macos- Published: Nov. 04, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Race Condition
-
7.8
HIGHCVE-2025-43387
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.2. A malicious app may be able to gain root privileges.... Read more
Affected Products : macos- Published: Nov. 04, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Authorization