Latest CVE Feed
-
7.5
HIGHCVE-2025-36047
IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.... Read more
- Published: Aug. 14, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Denial of Service
-
9.8
CRITICALCVE-2025-8943
The Custom MCPs feature is designed to execute OS commands, for instance, using tools like `npx` to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks role-based access controls (RBAC). Furth... Read more
Affected Products :- Published: Aug. 14, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Authentication
-
3.6
LOWCVE-2025-55188
7-Zip before 25.01 does not always properly handle symbolic links during extraction.... Read more
Affected Products : 7-zip- Published: Aug. 08, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Path Traversal
-
9.8
CRITICALCVE-2025-22941
A command injection vulnerability in the web interface of Adtran 411 ONT L80.00.0011.M2 allows attackers to escalate privileges to root and execute arbitrary commands.... Read more
- Published: Mar. 31, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Injection
-
9.1
CRITICALCVE-2025-22940
Incorrect access control in Adtran 411 ONT L80.00.0011.M2 allows unauthorized attackers to arbitrarily set the admin password.... Read more
- Published: Mar. 31, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-22939
A command injection vulnerability in the telnet service of Adtran 411 ONT L80.00.0011.M2 allows attackers to escalate privileges to root and execute arbitrary commands.... Read more
- Published: Mar. 31, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-22938
Adtran 411 ONT L80.00.0011.M2 was discovered to contain weak default passwords.... Read more
- Published: Mar. 31, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-22937
An issue in Adtran 411 ONT vL80.00.0011.M2 allows attackers to escalate privileges via unspecified vectors.... Read more
- Published: Mar. 31, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Authorization
-
5.5
MEDIUMCVE-2023-33202
Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and P... Read more
- EPSS Score: %0.06
- Published: Nov. 23, 2023
- Modified: Aug. 18, 2025
-
7.8
HIGHCVE-2025-53154
Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Aug. 12, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Authorization
-
5.7
MEDIUMCVE-2025-53153
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.... Read more
- Published: Aug. 12, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Information Disclosure
-
7.8
HIGHCVE-2025-53152
Use after free in Desktop Windows Manager allows an authorized attacker to execute code locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +4 more products- Published: Aug. 12, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-53151
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 +1 more products- Published: Aug. 12, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-53149
Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Aug. 12, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Memory Corruption
-
5.7
MEDIUMCVE-2025-53148
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.... Read more
- Published: Aug. 12, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Information Disclosure
-
7.0
HIGHCVE-2025-53147
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Aug. 12, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Memory Corruption
-
7.0
HIGHCVE-2025-53142
Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.... Read more
- Published: Aug. 12, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-53141
Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Aug. 12, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Authentication
-
7.0
HIGHCVE-2025-53140
Use after free in Kernel Transaction Manager allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Aug. 12, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2024-43790
Vim is an open source command line text editor. When performing a search and displaying the search-count message is disabled (:set shm+=S), the search pattern is displayed at the bottom of the screen in a buffer (msgbuf). When right-left mode (:set rl) is... Read more
- Published: Aug. 22, 2024
- Modified: Aug. 18, 2025