Latest CVE Feed
-
7.1
HIGHCVE-2025-62795
JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.21-lts and v4.10.12-lts, a low-privileged authenticated user can invoke LDAP configuration tests and start LDAP synchronization by sending cra... Read more
Affected Products : jumpserver- Published: Oct. 30, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Authentication
-
7.0
HIGHCVE-2025-62213
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
-
7.0
HIGHCVE-2025-62219
Double free in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
-
7.0
HIGHCVE-2025-60719
Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
-
7.0
HIGHCVE-2024-48891
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiSOAR 7.6.0 through 7.6.1, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an attacker who has already obtained a... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 15, 2025
- Vuln Type: Injection
-
7.0
HIGHCVE-2025-59508
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 windows_11_24h2 +2 more products- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
-
7.0
HIGHCVE-2025-59282
Concurrent execution using shared resource with improper synchronization ('race condition') in Inbox COM Objects allows an unauthorized attacker to execute code locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Oct. 14, 2025
- Modified: Oct. 27, 2025
-
7.0
HIGHCVE-2025-62258
CSRF vulnerability in Headless API in Liferay Portal 7.4.0 through 7.4.3.107, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to execute any Headless A... Read more
- Published: Oct. 27, 2025
- Modified: Nov. 10, 2025
- Vuln Type: Cross-Site Request Forgery
-
7.0
HIGHCVE-2025-59507
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 windows_11_24h2 +2 more products- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
-
7.0
HIGHCVE-2025-59285
Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : azure_monitor_agent- Published: Oct. 14, 2025
- Modified: Oct. 27, 2025
-
7.0
HIGHCVE-2025-60716
Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
-
7.0
HIGHCVE-2025-55684
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 27, 2025
-
7.0
HIGHCVE-2025-55685
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 windows_11_25h2 +1 more products- Published: Oct. 14, 2025
- Modified: Oct. 27, 2025
-
7.0
HIGHCVE-2025-55689
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 windows_11_25h2 +1 more products- Published: Oct. 14, 2025
- Modified: Oct. 30, 2025
-
7.0
HIGHCVE-2025-34133
Wimi Teamwork versions prior to 7.38.17 contains a cross-site request forgery (CSRF) vulnerability in its API. The API accepts any authenticated request that contains a JSON field named 'csrf_token' without validating the field’s value; only the presence ... Read more
Affected Products :- Published: Oct. 27, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Cross-Site Request Forgery
-
7.0
HIGHCVE-2025-59506
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +4 more products- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
-
7.0
HIGHCVE-2025-62218
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
-
7.0
HIGHCVE-2025-59205
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +11 more products- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
7.0
HIGHCVE-2025-59202
Use after free in Windows Remote Desktop Services allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 +7 more products- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
7.0
HIGHCVE-2025-34500
Deck Mate 2's firmware update mechanism accepts packages without cryptographic signature verification, encrypts them with a single hard-coded AES key shared across devices, and uses a truncated HMAC for integrity validation. Attackers with access to the u... Read more
Affected Products :- Published: Oct. 24, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Cryptography