Latest CVE Feed
-
6.6
MEDIUMCVE-2025-5915
A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read b... Read more
- Published: Jun. 09, 2025
- Modified: Aug. 15, 2025
-
9.8
CRITICALCVE-2025-55151
Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, the "convert file to pdf" functionality (/api/v1/convert/file/pdf) uses LibreOffice's unoconvert tool for conversion, and SSRF vulnerab... Read more
Affected Products : stirling_pdf- Published: Aug. 11, 2025
- Modified: Aug. 15, 2025
-
9.8
CRITICALCVE-2025-55161
Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/markdown/pdf endpoint to convert Markdown to PDF, the backend calls a third-party tool to process it and... Read more
Affected Products : stirling_pdf- Published: Aug. 11, 2025
- Modified: Aug. 15, 2025
-
4.9
MEDIUMCVE-2025-8081
The Elementor plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.30.2 via the Import_Images::import() function due to insufficient controls on the filename specified. This makes it possible for authenticated ... Read more
Affected Products : website_builder- Published: Aug. 12, 2025
- Modified: Aug. 15, 2025
-
6.8
MEDIUMCVE-2025-40766
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). The affected application runs docker containers without adequate resource and security limitations. This could allow an attacker to perform a denial-... Read more
Affected Products : sinec_traffic_analyzer- Published: Aug. 12, 2025
- Modified: Aug. 15, 2025
-
6.5
MEDIUMCVE-2025-53728
Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network.... Read more
Affected Products : dynamics_365- Published: Aug. 12, 2025
- Modified: Aug. 15, 2025
-
7.8
HIGHCVE-2025-53723
Numeric truncation error in Windows Hyper-V allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +6 more products- Published: Aug. 12, 2025
- Modified: Aug. 15, 2025
-
4.3
MEDIUMCVE-2025-49755
User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.... Read more
Affected Products : edge- Published: Aug. 12, 2025
- Modified: Aug. 15, 2025
-
6.8
MEDIUMCVE-2025-49751
Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 +3 more products- Published: Aug. 12, 2025
- Modified: Aug. 15, 2025
-
5.4
MEDIUMCVE-2025-49745
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to perform spoofing over a network.... Read more
Affected Products : dynamics_365- Published: Aug. 12, 2025
- Modified: Aug. 15, 2025
-
6.7
MEDIUMCVE-2025-49743
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Aug. 12, 2025
- Modified: Aug. 15, 2025
-
4.3
MEDIUMCVE-2025-49736
The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.... Read more
Affected Products : edge- Published: Aug. 12, 2025
- Modified: Aug. 15, 2025
-
8.8
HIGHCVE-2025-49712
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.... Read more
- Published: Aug. 12, 2025
- Modified: Aug. 15, 2025
-
7.5
HIGHCVE-2024-52304
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a ... Read more
Affected Products : aiohttp- Published: Nov. 18, 2024
- Modified: Aug. 15, 2025
-
9.8
CRITICALCVE-2024-41779
IBM Engineering Systems Design Rhapsody - Model Manager 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remo... Read more
- Published: Nov. 22, 2024
- Modified: Aug. 15, 2025
-
5.9
MEDIUMCVE-2024-41781
IBM PowerVM Platform KeyStore (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1030.00 through FW1030.60, FW1050.00 through FW1050.20, and FW1060.00 through FW1060.10 functionality can be compromised if an attacker gains service access to the HMC. An... Read more
- Published: Nov. 22, 2024
- Modified: Aug. 15, 2025
-
7.8
HIGHCVE-2024-6233
Check Point ZoneAlarm Extreme Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Check Point ZoneAlarm Extreme Security. An attacker must first ob... Read more
Affected Products : zonealarm_extreme_security- Published: Nov. 22, 2024
- Modified: Aug. 15, 2025
-
7.8
HIGHCVE-2024-6260
Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Antimalware. An attacker must first obtain the ability to execute ... Read more
Affected Products : antimalware- Published: Nov. 22, 2024
- Modified: Aug. 15, 2025
-
7.8
HIGHCVE-2025-53759
Use of uninitialized resource in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
- Published: Aug. 12, 2025
- Modified: Aug. 15, 2025
-
7.8
HIGHCVE-2025-53741
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Aug. 12, 2025
- Modified: Aug. 15, 2025