Latest CVE Feed
-
7.0
HIGHCVE-2025-58735
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +11 more products- Published: Oct. 14, 2025
- Modified: Oct. 16, 2025
-
7.0
HIGHCVE-2025-58734
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +6 more products- Published: Oct. 14, 2025
- Modified: Oct. 16, 2025
-
7.0
HIGHCVE-2025-58733
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +11 more products- Published: Oct. 14, 2025
- Modified: Oct. 16, 2025
-
7.0
HIGHCVE-2025-58732
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Oct. 14, 2025
- Modified: Oct. 16, 2025
-
7.0
HIGHCVE-2025-58731
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 16, 2025
-
7.0
HIGHCVE-2025-58730
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Oct. 14, 2025
- Modified: Oct. 16, 2025
-
7.0
HIGHCVE-2025-58738
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 +4 more products- Published: Oct. 14, 2025
- Modified: Oct. 16, 2025
-
7.0
HIGHCVE-2025-58737
Use after free in Windows Remote Desktop allows an unauthorized attacker to execute code locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 16, 2025
-
7.1
HIGHCVE-2025-61543
A Host Header Injection vulnerability exists in the password reset functionality of CraftMyCMS 4.0.2.2. The system uses `$_SERVER['HTTP_HOST']` directly to construct password reset links sent via email. An attacker can manipulate the Host header to send m... Read more
Affected Products :- Published: Oct. 16, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Injection
-
7.1
HIGHCVE-2025-21066
Out-of-bounds read in the SPI decoder in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory.... Read more
Affected Products : notes- Published: Oct. 10, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Memory Corruption
-
7.1
HIGHCVE-2025-21067
Out-of-bounds read in the allocation of image buffer in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory.... Read more
Affected Products : notes- Published: Oct. 10, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Memory Corruption
-
7.1
HIGHCVE-2025-21068
Out-of-bounds read in the reading of image data in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory.... Read more
Affected Products : notes- Published: Oct. 10, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Memory Corruption
-
7.1
HIGHCVE-2025-21069
Out-of-bounds read in the parsing of image data in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory.... Read more
Affected Products : notes- Published: Oct. 10, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-21070
Out-of-bounds write in the SPI decoder in Samsung Notes prior to version 4.4.30.63 allows local attackers to write out-of-bounds memory.... Read more
Affected Products : notes- Published: Oct. 10, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-11656
A weakness has been identified in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This affects an unknown function of the file /assets/editNotes.php. Executing manipulation of the argument File can lead to unre... Read more
Affected Products : school_management_system- Published: Oct. 13, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2025-11657
A security vulnerability has been detected in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This impacts an unknown function of the file /assets/createNotice.php. The manipulation of the argument File leads t... Read more
Affected Products : school_management_system- Published: Oct. 13, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2025-11658
A vulnerability was detected in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected is an unknown function of the file /assets/changeSllyabus.php. The manipulation of the argument File results in unrestric... Read more
Affected Products : school_management_system- Published: Oct. 13, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2025-11659
A flaw has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected by this vulnerability is an unknown functionality of the file /assets/uploadNotes.php. This manipulation of the argument File ca... Read more
Affected Products : school_management_system- Published: Oct. 13, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Misconfiguration
-
4.6
MEDIUMCVE-2025-61926
Allstar is a GitHub App to set and enforce security policies. In versions prior to 4.5, a vulnerability in Allstar’s Reviewbot component caused inbound webhook requests to be validated against a hard-coded, shared secret. The value used for the secret tok... Read more
Affected Products :- Published: Oct. 09, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Misconfiguration
-
8.1
HIGHCVE-2025-61787
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions prior to 2.5.3 and 2.2.15 are vulnerable to Command Line Injection attacks on Windows when batch files are executed. In Windows, ``CreateProcess()`` always implicitly spawns ``cmd.exe`` i... Read more
- Published: Oct. 08, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Injection