Latest CVE Feed
-
7.8
HIGHCVE-2025-14930
Hugging Face Transformers GLM4 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required... Read more
Affected Products : transformers- Published: Dec. 23, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Injection
-
7.8
HIGHCVE-2025-10884
AA maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the... Read more
Affected Products : 3ds_max autocad advance_steel autocad_architecture autocad_electrical autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d revit +6 more products- Published: Dec. 16, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-36931
In GetHostAddress of gxp_buffer.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more
Affected Products : android- Published: Dec. 11, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-10889
A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.... Read more
Affected Products : 3ds_max autocad advance_steel autocad_architecture autocad_electrical autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d revit +6 more products- Published: Dec. 16, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-36936
In GetTachyonCommand of tachyon_server_common.h, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploi... Read more
Affected Products : android- Published: Dec. 11, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-36935
In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploita... Read more
Affected Products : android- Published: Dec. 11, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-48606
In preparePackage of InstallPackageHelper.java, there is a possible way for an app to appear hidden upon installation without a mechanism to uninstall it due to a logic error in the code. This could lead to local escalation of privilege with no additional... Read more
Affected Products : android- Published: Dec. 08, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Authentication
-
7.8
HIGHCVE-2025-36932
In tracepoint_msg_handler of cpm/google/lib/tracepoint/tracepoint_ipc.c, there is a possible memory overwrite due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interacti... Read more
Affected Products : android- Published: Dec. 11, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-14498
TradingView Desktop Electron Uncontrolled Search Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of TradingView Desktop. An attacker must first obtain the ability to... Read more
Affected Products :- Published: Dec. 23, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Misconfiguration
-
7.8
HIGHCVE-2025-14494
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the... Read more
Affected Products :- Published: Dec. 23, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Misconfiguration
-
7.8
HIGHCVE-2025-9457
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.... Read more
Affected Products : 3ds_max autocad advance_steel autocad_architecture autocad_electrical autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d revit +6 more products- Published: Dec. 16, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-14926
Hugging Face Transformers SEW convert_config Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to e... Read more
Affected Products : transformers- Published: Dec. 23, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Injection
-
7.8
HIGHCVE-2025-64680
Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +5 more products- Published: Dec. 09, 2025
- Modified: Dec. 12, 2025
-
7.8
HIGHCVE-2025-41700
An unauthenticated attacker can trick a local user into executing arbitrary code by opening a deliberately manipulated CODESYS project file with a CODESYS development system. This arbitrary code is executed in the user context.... Read more
Affected Products : development_system- Published: Dec. 01, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Misconfiguration
-
7.8
HIGHCVE-2025-36919
In aocc_read of aoc_channel_dev.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more
Affected Products : android- Published: Dec. 11, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-62455
Improper input validation in Windows Message Queuing allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2012_r2 windows_server_2008_r2 +1 more products- Published: Dec. 09, 2025
- Modified: Dec. 12, 2025
-
7.8
HIGHCVE-2025-43510
A memory corruption issue was addressed with improved lock state checking. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Tahoe 26.1, visionOS 26.1, tvOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, iOS 26.1 and iPadOS 26.1. ... Read more
- Published: Dec. 12, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-14927
Hugging Face Transformers SEW-D convert_config Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to... Read more
Affected Products : transformers- Published: Dec. 23, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Injection
-
7.8
HIGHCVE-2025-14490
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the... Read more
Affected Products :- Published: Dec. 23, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authentication
-
7.8
HIGHCVE-2025-47350
Memory corruption while handling concurrent memory mapping and unmapping requests from a user-space application.... Read more
Affected Products : wcd9380_firmware wcd9385_firmware fastconnect_6900_firmware fastconnect_7800_firmware qca0000_firmware wsa8840_firmware wsa8845_firmware wsa8845h_firmware wcd9380 wcd9385 +26 more products- Published: Dec. 18, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Memory Corruption