Latest CVE Feed
-
6.5
MEDIUMCVE-2024-49824
IBM Robotic Process Automation 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 could allow an authenticated user to perform unauthorized actions as... Read more
- Published: Jan. 18, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Authorization
-
9.1
CRITICALCVE-2024-47113
IBM ICP - Voice Gateway 1.0.2, 1.0.2.4, 1.0.3, 1.0.4, 1.0.5, 1.0.6. 1.0.7, 1.0.7.1, and 1.0.8 could allow remote attacker to send specially crafted XML statements, which would allow them to attacker to view or modify information in the XML document.... Read more
Affected Products : voice_gateway- Published: Jan. 18, 2025
- Modified: Aug. 18, 2025
- Vuln Type: XML External Entity
-
7.5
HIGHCVE-2025-36047
IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.... Read more
- Published: Aug. 14, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Denial of Service
-
9.8
CRITICALCVE-2025-8943
The Custom MCPs feature is designed to execute OS commands, for instance, using tools like `npx` to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks role-based access controls (RBAC). Furth... Read more
Affected Products :- Published: Aug. 14, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Authentication
-
3.6
LOWCVE-2025-55188
7-Zip before 25.01 does not always properly handle symbolic links during extraction.... Read more
Affected Products : 7-zip- Published: Aug. 08, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Path Traversal
-
9.8
CRITICALCVE-2025-22941
A command injection vulnerability in the web interface of Adtran 411 ONT L80.00.0011.M2 allows attackers to escalate privileges to root and execute arbitrary commands.... Read more
- Published: Mar. 31, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Injection
-
9.1
CRITICALCVE-2025-22940
Incorrect access control in Adtran 411 ONT L80.00.0011.M2 allows unauthorized attackers to arbitrarily set the admin password.... Read more
- Published: Mar. 31, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-22939
A command injection vulnerability in the telnet service of Adtran 411 ONT L80.00.0011.M2 allows attackers to escalate privileges to root and execute arbitrary commands.... Read more
- Published: Mar. 31, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-22938
Adtran 411 ONT L80.00.0011.M2 was discovered to contain weak default passwords.... Read more
- Published: Mar. 31, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-22937
An issue in Adtran 411 ONT vL80.00.0011.M2 allows attackers to escalate privileges via unspecified vectors.... Read more
- Published: Mar. 31, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Authorization
-
5.5
MEDIUMCVE-2023-33202
Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and P... Read more
- EPSS Score: %0.06
- Published: Nov. 23, 2023
- Modified: Aug. 18, 2025
-
7.8
HIGHCVE-2025-53154
Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Aug. 12, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Authorization
-
5.7
MEDIUMCVE-2025-53153
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.... Read more
- Published: Aug. 12, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Information Disclosure
-
7.8
HIGHCVE-2025-53152
Use after free in Desktop Windows Manager allows an authorized attacker to execute code locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +4 more products- Published: Aug. 12, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-53151
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 +1 more products- Published: Aug. 12, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-53149
Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Aug. 12, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Memory Corruption
-
5.7
MEDIUMCVE-2025-53148
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.... Read more
- Published: Aug. 12, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Information Disclosure
-
7.0
HIGHCVE-2025-53147
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Aug. 12, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Memory Corruption
-
7.0
HIGHCVE-2025-53142
Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.... Read more
- Published: Aug. 12, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-53141
Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Aug. 12, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Authentication