Latest CVE Feed
-
4.6
MEDIUMCVE-2025-36730
A prompt injection vulnerability exists in Windsurft version 1.10.7 in Write mode using SWE-1 model. It is possible to create a file name that will be appended to the user prompt causing Windsurf to follow its instructions.... Read more
Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Injection
-
6.1
MEDIUMCVE-2025-55333
Incomplete comparison with missing factors in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +4 more products- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
-
6.1
MEDIUMCVE-2025-55330
Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.... Read more
Affected Products : windows_11_22h2 windows_11_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 windows_11_2h2- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
-
6.1
MEDIUMCVE-2025-55337
Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
-
7.0
HIGHCVE-2025-59193
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 +1 more products- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
-
7.0
HIGHCVE-2025-59194
Use of uninitialized resource in Windows Kernel allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_11_22h2 windows_11_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 windows_11_2h2- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
-
7.0
HIGHCVE-2025-59285
Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : azure_monitor_agent- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
-
7.4
HIGHCVE-2025-55693
Use after free in Windows Kernel allows an unauthorized attacker to elevate privileges locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
-
5.5
MEDIUMCVE-2025-55683
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_server_2022 windows_server_23h2 windows_server_2025- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
-
6.5
MEDIUMCVE-2025-60537
Improper input validation in the component /kafka/ui/serdes/CustomSerdeLoader.java of kafka-ui v0.6.0 to v0.7.2 allows attackers to execute arbitrary code via supplying crafted data.... Read more
Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-60536
An issue in the Configure New Cluster interface of kafka-ui v0.6.0 to v0.7.2 allows attackers to cause a Denial of Service (DoS) via uploading a crafted configuration file.... Read more
Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Denial of Service
-
7.3
HIGHCVE-2025-57618
A path traversal vulnerability in FastX3 thru 3.3.67 allows an unauthenticated attacker to read arbitrary files on the server. By leveraging this vulnerability, it is possible to access the application's configuration files, which contain the secret key u... Read more
Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2025-57563
A path traversal in StarNet Communications Corporation FastX v.4 through v4.1.51 allows unauthenticated attackers to read arbitrary files.... Read more
Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Path Traversal
-
8.4
HIGHCVE-2025-23356
NVIDIA Isaac Lab contains a vulnerability in SB3 configuration parsing. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.... Read more
Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-54603
An incorrect OIDC authentication flow in Claroty Secure Access 3.3.0 through 4.0.2 can result in unauthorized user creation or impersonation of existing OIDC users.... Read more
Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Authentication
-
4.9
MEDIUMCVE-2025-37143
An arbitrary file download vulnerability exists in the web-based management interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated malicious actor to download arbitrary files ... Read more
Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-55326
Use after free in Connected Devices Platform Service (Cdpsvc) allows an unauthorized attacker to execute code over a network.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
-
8.4
HIGHCVE-2025-59236
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : 365_apps office_macos_2024 office_macos_2021 office_2024 office_2021 office_2019- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
-
7.0
HIGHCVE-2025-58725
Heap-based buffer overflow in Windows COM allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +8 more products- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
-
5.3
MEDIUMCVE-2025-59288
Improper verification of cryptographic signature in GitHub allows an unauthorized attacker to perform spoofing over an adjacent network.... Read more
Affected Products : playwright- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025