Latest CVE Feed
-
7.0
HIGHCVE-2025-58730
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Oct. 14, 2025
- Modified: Oct. 16, 2025
-
7.0
HIGHCVE-2025-58727
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.... Read more
- Published: Oct. 14, 2025
- Modified: Nov. 06, 2025
-
7.0
HIGHCVE-2025-59289
Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 22, 2025
-
7.0
HIGHCVE-2025-59261
Time-of-check time-of-use (toctou) race condition in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
7.0
HIGHCVE-2025-59221
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office word sharepoint_server 365_apps office_long_term_servicing_channel office_macos_2024 office_macos_2021 sharepoint_server_2016 word_2016 sharepoint_server_2019 +3 more products- Published: Oct. 14, 2025
- Modified: Oct. 16, 2025
-
7.0
HIGHCVE-2025-55331
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 windows_11_25h2 +1 more products- Published: Oct. 14, 2025
- Modified: Oct. 27, 2025
-
7.0
HIGHCVE-2025-58737
Use after free in Windows Remote Desktop allows an unauthorized attacker to execute code locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 16, 2025
-
7.0
HIGHCVE-2025-34503
Deck Mate 1 executes firmware directly from an external EEPROM without verifying authenticity or integrity. An attacker with physical access can replace or reflash the EEPROM to run arbitrary code that persists across reboots. Because this design predates... Read more
Affected Products :- Published: Oct. 24, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Authentication
-
7.0
HIGHCVE-2025-62219
Double free in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
7.0
HIGHCVE-2025-59193
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 +3 more products- Published: Oct. 14, 2025
- Modified: Oct. 31, 2025
-
6.9
MEDIUMCVE-2025-62613
VDO.Ninja is a tool that brings remote video feeds into OBS or other studio software via WebRTC. From versions 28.0 to before 28.4, a reflected Cross-Site Scripting (XSS) vulnerability exists on examples/control.html through the room parameter, which is i... Read more
Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Cross-Site Scripting
-
6.9
MEDIUMCVE-2025-55084
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check in_nx_secure_tls_proc_clienthello_supported_versions_extension() in the extension version field.... Read more
- Published: Oct. 16, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
6.9
MEDIUMCVE-2025-62236
The Frontier Airlines website has a publicly available endpoint that validates if an email addresses is associated with an account. An unauthenticated, remote attacker could determine valid email addresses, possibly aiding in further attacks.... Read more
Affected Products :- Published: Oct. 23, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Information Disclosure
-
6.9
MEDIUMCVE-2025-62375
go-witness and witness are Go modules for generating attestations. In go-witness versions 0.8.6 and earlier and witness versions 0.9.2 and earlier the AWS attestor improperly verifies AWS EC2 instance identity documents. Verification can incorrectly succe... Read more
Affected Products :- Published: Oct. 15, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Authentication
-
6.9
MEDIUMCVE-2025-61959
Prior to September 19, 2025, the Hospital Manager Backend Services returned verbose ASP.NET error pages for invalid WebResource.axd requests, disclosing framework and ASP.NET version information, stack traces, internal paths, and the insecure configuratio... Read more
- Published: Oct. 29, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Information Disclosure
-
6.9
MEDIUMCVE-2025-62664
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - ImageRating Extension allows Stored XSS.This issue affects Mediawiki - ImageRating Extension: from master bef... Read more
Affected Products :- Published: Oct. 18, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Cross-Site Scripting
-
6.9
MEDIUMCVE-2025-60015
An out-of-bounds write vulnerability exists in F5OS-A and F5OS-C that could lead to memory corruption. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more
- Published: Oct. 15, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Memory Corruption
-
6.9
MEDIUMCVE-2025-62661
Incorrect Default Permissions vulnerability in The Wikimedia Foundation Mediawiki - Thanks Extension, Mediawiki - Growth Experiments Extension allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Mediawiki - Thanks Extension,... Read more
Affected Products :- Published: Oct. 21, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Authorization
-
6.9
MEDIUMCVE-2025-55082
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was a potential out of bound read in _nx_secure_tls_process_clienthello() because of a missing validation of PSK length provided in the user message.... Read more
- Published: Oct. 15, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
6.9
MEDIUMCVE-2025-55093
In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() when handling unicast DHCP messages that could cause corruption of 4 bytes of memory.... Read more
- Published: Oct. 17, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Memory Corruption