Latest CVE Feed
-
8.5
HIGHCVE-2025-40827
A vulnerability has been identified in Siemens Software Center (All versions < V3.5), Solid Edge SE2025 (All versions < V225.0 Update 10). The affected application is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code via ... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Misconfiguration
-
7.8
HIGHCVE-2025-60720
Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
5.5
MEDIUMCVE-2025-60706
Out-of-bounds read in Windows Hyper-V allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 windows_11_24h2 +2 more products- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
7.8
HIGHCVE-2025-60705
Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
8.0
HIGHCVE-2025-60715
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
7.0
HIGHCVE-2025-60719
Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
4.3
MEDIUMCVE-2025-12732
The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to unauthorized access of sensitive information due to a missing authorization check on the showsetting() function in all versions up to, and including, 7.33. This ... Read more
Affected Products :- Published: Nov. 12, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-62203
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : 365_apps office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 office_2019- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
9.8
CRITICALCVE-2025-60724
Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 office windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 +9 more products- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
0.0
NACVE-2025-40174
In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fix SMP ordering in switch_mm_irqs_off() Stephen noted that it is possible to not have an smp_mb() between the loaded_mm store and the tlb_gen load in switch_mm(), meaning the o... Read more
Affected Products : linux_kernel- Published: Nov. 12, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-12748
A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted... Read more
Affected Products :- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-60704
Missing cryptographic step in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
8.5
HIGHCVE-2025-40763
A vulnerability has been identified in Altair Grid Engine (All versions < V2026.0.0). Affected products do not properly validate environment variables when loading shared libraries, allowing path hijacking through malicious library substitution. This cou... Read more
Affected Products :- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2025-12903
The Payment Plugins Braintree For WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wc-braintree/v1/3ds/vaulted_nonce REST API endpoint in all versions up to, and including, 3.2.78. This is due... Read more
Affected Products :- Published: Nov. 12, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-60728
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
7.5
HIGHCVE-2025-12633
The Booking Calendar | Appointment Booking | Bookit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/bookit/v1/commerce/stripe/return' REST API Endpoint in all versions up to, and ... Read more
Affected Products : bookit- Published: Nov. 12, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Authorization
-
0.0
NACVE-2025-40142
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Disable bottom softirqs as part of spin_lock_irq() on PREEMPT_RT snd_pcm_group_lock_irq() acquires a spinlock_t and disables interrupts via spin_lock_irq(). This also implici... Read more
Affected Products : linux_kernel- Published: Nov. 12, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Race Condition
-
8.5
HIGHCVE-2024-32009
A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to a local privilege escalation due to wrongly set permissions to a binary which allows any local attacker to gain adminis... Read more
Affected Products : spectrum_power_4- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Authorization
-
0.0
NACVE-2025-40148
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add NULL pointer checks in dc_stream cursor attribute functions The function dc_stream_set_cursor_attributes() currently dereferences the `stream` pointer and nested me... Read more
Affected Products : linux_kernel- Published: Nov. 12, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Misconfiguration
-
7.1
HIGHCVE-2025-62795
JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.21-lts and v4.10.12-lts, a low-privileged authenticated user can invoke LDAP configuration tests and start LDAP synchronization by sending cra... Read more
Affected Products : jumpserver- Published: Oct. 30, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Authentication