Latest CVE Feed
-
7.1
HIGHCVE-2025-59976
An arbitrary file download vulnerability in the web interface of Juniper Networks Junos Space allows a network-based authenticated attacker using a crafted GET method to access any file on the file system. Using specially crafted GET methods, an attacker ... Read more
Affected Products : junos_space- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Path Traversal
-
7.0
HIGHCVE-2025-23280
NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information ... Read more
- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Memory Corruption
-
7.0
HIGHCVE-2024-48891
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiSOAR 7.6.0 through 7.6.1, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an attacker who has already obtained a... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 15, 2025
- Vuln Type: Injection
-
7.0
HIGHCVE-2025-34503
Deck Mate 1 executes firmware directly from an external EEPROM without verifying authenticity or integrity. An attacker with physical access can replace or reflash the EEPROM to run arbitrary code that persists across reboots. Because this design predates... Read more
Affected Products :- Published: Oct. 24, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Authentication
-
7.0
HIGHCVE-2025-58737
Use after free in Windows Remote Desktop allows an unauthorized attacker to execute code locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 16, 2025
-
7.0
HIGHCVE-2025-59957
An Origin Validation Error vulnerability in an insufficient protected file of Juniper Networks Junos OS on EX4600 Series and QFX5000 Series allows an unauthenticated attacker with physical access to the device to create a backdoor which allows complete co... Read more
Affected Products : junos- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Misconfiguration
-
7.0
HIGHCVE-2025-23282
NVIDIA Display Driver for Linux contains a vulnerability where an attacker might be able to use a race condition to escalate privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, den... Read more
- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Race Condition
-
7.0
HIGHCVE-2025-55331
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 windows_11_25h2 +1 more products- Published: Oct. 14, 2025
- Modified: Oct. 27, 2025
-
7.0
HIGHCVE-2025-58736
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +11 more products- Published: Oct. 14, 2025
- Modified: Oct. 16, 2025
-
7.0
HIGHCVE-2025-58735
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +11 more products- Published: Oct. 14, 2025
- Modified: Oct. 16, 2025
-
7.0
HIGHCVE-2025-59194
Use of uninitialized resource in Windows Kernel allows an authorized attacker to elevate privileges locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 30, 2025
-
7.0
HIGHCVE-2025-55678
Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Oct. 14, 2025
- Modified: Oct. 24, 2025
-
7.0
HIGHCVE-2025-58727
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
-
7.0
HIGHCVE-2025-55690
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 30, 2025
-
7.0
HIGHCVE-2025-62258
CSRF vulnerability in Headless API in Liferay Portal 7.4.0 through 7.4.3.107, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to execute any Headless A... Read more
- Published: Oct. 27, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Cross-Site Request Forgery
-
7.0
HIGHCVE-2025-59285
Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : azure_monitor_agent- Published: Oct. 14, 2025
- Modified: Oct. 27, 2025
-
7.0
HIGHCVE-2025-55684
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 27, 2025
-
7.0
HIGHCVE-2025-34133
Wimi Teamwork versions prior to 7.38.17 contains a cross-site request forgery (CSRF) vulnerability in its API. The API accepts any authenticated request that contains a JSON field named 'csrf_token' without validating the field’s value; only the presence ... Read more
Affected Products :- Published: Oct. 27, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Cross-Site Request Forgery
-
7.0
HIGHCVE-2025-55688
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 30, 2025
-
7.0
HIGHCVE-2025-53717
Reliance on untrusted inputs in a security decision in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 20, 2025