Latest CVE Feed
-
9.0
CRITICALCVE-2025-47158
Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.... Read more
Affected Products : azure_devops- Published: Jul. 18, 2025
- Modified: Aug. 14, 2025
-
7.2
HIGHCVE-2024-41746
IBM CICS TX Advanced 10.1, 11.1, and Standard 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials d... Read more
- Published: Jan. 16, 2025
- Modified: Aug. 14, 2025
-
5.7
MEDIUMCVE-2025-50156
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.... Read more
- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025
-
7.8
HIGHCVE-2025-50155
Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +6 more products- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025
-
7.5
HIGHCVE-2025-50154
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025
-
7.8
HIGHCVE-2025-50153
Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +4 more products- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025
-
8.8
HIGHCVE-2025-24999
Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.... Read more
- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025
-
7.3
HIGHCVE-2025-50161
Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025
-
8.0
HIGHCVE-2025-50160
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.... Read more
- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025
-
7.3
HIGHCVE-2025-50159
Use after free in Remote Access Point-to-Point Protocol (PPP) EAP-TLS allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +6 more products- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025
-
7.0
HIGHCVE-2025-50158
Time-of-check time-of-use (toctou) race condition in Windows NTFS allows an unauthorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025
-
5.7
MEDIUMCVE-2025-50157
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.... Read more
- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025
-
7.8
HIGHCVE-2025-53789
Missing authentication for critical function in Windows StateRepository API allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +4 more products- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025
-
9.8
CRITICALCVE-2025-53766
Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 office windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 +10 more products- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025
-
7.5
HIGHCVE-2024-45662
IBM Safer Payments 6.4.0.00 through 6.4.2.07, 6.5.0.00 through 6.5.0.05, and 6.6.0.00 through 6.6.0.03 could allow a remote attacker to cause a denial of service due to improper allocation of resources.... Read more
Affected Products : safer_payments- Published: Jan. 18, 2025
- Modified: Aug. 14, 2025
-
7.8
HIGHCVE-2025-53729
Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : azure_file_sync- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025
-
9.1
CRITICALCVE-2025-50171
Missing authorization in Remote Desktop Server allows an unauthorized attacker to perform spoofing over a network.... Read more
- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025
-
7.5
HIGHCVE-2024-22348
IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited t... Read more
- Published: Jan. 20, 2025
- Modified: Aug. 14, 2025
-
8.2
HIGHCVE-2025-4565
Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This ca... Read more
- Published: Jun. 16, 2025
- Modified: Aug. 14, 2025
-
9.8
CRITICALCVE-2025-50165
Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.... Read more
- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025