Latest CVE Feed
-
7.8
HIGHCVE-2025-50155
Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +6 more products- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-50154
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Information Disclosure
-
7.8
HIGHCVE-2025-50153
Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +4 more products- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-24999
Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.... Read more
- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Authorization
-
7.3
HIGHCVE-2025-50161
Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Memory Corruption
-
8.0
HIGHCVE-2025-50160
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.... Read more
- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Memory Corruption
-
7.3
HIGHCVE-2025-50159
Use after free in Remote Access Point-to-Point Protocol (PPP) EAP-TLS allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +6 more products- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Memory Corruption
-
7.0
HIGHCVE-2025-50158
Time-of-check time-of-use (toctou) race condition in Windows NTFS allows an unauthorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Race Condition
-
5.7
MEDIUMCVE-2025-50157
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.... Read more
- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Information Disclosure
-
7.8
HIGHCVE-2025-53789
Missing authentication for critical function in Windows StateRepository API allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +4 more products- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-53766
Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 office windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 +10 more products- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2024-45662
IBM Safer Payments 6.4.0.00 through 6.4.2.07, 6.5.0.00 through 6.5.0.05, and 6.6.0.00 through 6.6.0.03 could allow a remote attacker to cause a denial of service due to improper allocation of resources.... Read more
Affected Products : safer_payments- Published: Jan. 18, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Denial of Service
-
7.8
HIGHCVE-2025-53729
Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : azure_file_sync- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Authorization
-
9.1
CRITICALCVE-2025-50171
Missing authorization in Remote Desktop Server allows an unauthorized attacker to perform spoofing over a network.... Read more
- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2024-22348
IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited t... Read more
- Published: Jan. 20, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Misconfiguration
-
8.2
HIGHCVE-2025-4565
Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This ca... Read more
- Published: Jun. 16, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Denial of Service
-
9.8
CRITICALCVE-2025-50165
Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.... Read more
- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Memory Corruption
-
6.0
MEDIUMCVE-2024-45672
IBM Security Verify Bridge 1.0.0 through 1.0.15 could allow a local privileged user to overwrite files due to excessive privileges granted to the agent. which could also cause a denial of service.... Read more
Affected Products : security_verify_bridge- Published: Jan. 23, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Misconfiguration
-
7.8
HIGHCVE-2023-44441
GIMP DDS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in tha... Read more
Affected Products : gimp- Published: May. 03, 2024
- Modified: Aug. 14, 2025
-
9.0
HIGHCVE-2025-8810
A vulnerability classified as critical was found in Tenda AC20 16.03.08.05. Affected by this vulnerability is the function strcpy of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. The att... Read more
- Published: Aug. 10, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Memory Corruption