Latest CVE Feed
-
7.8
HIGHCVE-2025-49692
Improper access control in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : azure_connected_machine_agent- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
7.8
HIGHCVE-2025-54900
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.8
HIGHCVE-2025-54898
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.8
HIGHCVE-2025-54904
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.8
HIGHCVE-2025-7988
Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to expl... Read more
Affected Products : graphite- Published: Sep. 17, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-58322
NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM by invoking arbitrary DLLs due to improper privilege checks.... Read more
- Published: Aug. 28, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-8003
Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit th... Read more
Affected Products : cobalt- Published: Sep. 17, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-54913
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows UI XAML Maps MapControlSettings allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +3 more products- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
7.8
HIGHCVE-2025-54899
Free of memory not on the heap in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.8
HIGHCVE-2025-7992
Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit th... Read more
Affected Products : cobalt- Published: Sep. 17, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-55317
Improper link resolution before file access ('link following') in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : autoupdate- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.8
HIGHCVE-2025-50255
Cross Site Request Forgery (CSRF) vulnerability in Smartvista BackOffice SmartVista Suite 2.2.22 via crafted GET request.... Read more
Affected Products :- Published: Sep. 18, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Cross-Site Request Forgery
-
7.8
HIGHCVE-2025-54092
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
7.8
HIGHCVE-2025-22437
In setMediaButtonReceiver of multiple files, there is a possible way to launch arbitrary activities from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User int... Read more
Affected Products : android- Published: Sep. 02, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-10198
Sunshine for Windows, version v2025.122.141614, contains a DLL search-order hijacking vulnerability, allowing attackers to insert a malicious DLL in user-writeable PATH directories.... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Misconfiguration
-
7.8
HIGHCVE-2025-54916
Stack-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +7 more products- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
7.8
HIGHCVE-2022-38694
In BootRom, there is a possible unchecked write address. This could lead to local escalation of privilege with no additional execution privileges needed.... Read more
Affected Products :- Published: Sep. 01, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-8893
A maliciously crafted PDF file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the cont... Read more
Affected Products : autocad advance_steel autocad_architecture autocad_electrical autocad_lt autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d revit +1 more products- Published: Sep. 16, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-48544
In multiple locations, there is a possible way to read files belonging to other apps due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more
Affected Products : android- Published: Sep. 04, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Injection
-
7.8
HIGHCVE-2025-48552
In saveGlobalProxyLocked of DevicePolicyManagerService.java, there is a possible way to desync from persistence due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interac... Read more
Affected Products : android- Published: Sep. 04, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Misconfiguration