Latest CVE Feed
-
6.8
MEDIUMCVE-2025-40766
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). The affected application runs docker containers without adequate resource and security limitations. This could allow an attacker to perform a denial-... Read more
Affected Products : sinec_traffic_analyzer- Published: Aug. 12, 2025
- Modified: Aug. 15, 2025
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-53728
Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network.... Read more
Affected Products : dynamics_365- Published: Aug. 12, 2025
- Modified: Aug. 15, 2025
- Vuln Type: Information Disclosure
-
7.8
HIGHCVE-2025-53723
Numeric truncation error in Windows Hyper-V allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +6 more products- Published: Aug. 12, 2025
- Modified: Aug. 15, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-49755
User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.... Read more
Affected Products : edge- Published: Aug. 12, 2025
- Modified: Aug. 15, 2025
- Vuln Type: Misconfiguration
-
6.8
MEDIUMCVE-2025-49751
Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 +3 more products- Published: Aug. 12, 2025
- Modified: Aug. 15, 2025
- Vuln Type: Denial of Service
-
5.4
MEDIUMCVE-2025-49745
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to perform spoofing over a network.... Read more
Affected Products : dynamics_365- Published: Aug. 12, 2025
- Modified: Aug. 15, 2025
- Vuln Type: Cross-Site Scripting
-
6.7
MEDIUMCVE-2025-49743
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Aug. 12, 2025
- Modified: Aug. 15, 2025
- Vuln Type: Race Condition
-
4.3
MEDIUMCVE-2025-49736
The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.... Read more
Affected Products : edge- Published: Aug. 12, 2025
- Modified: Aug. 15, 2025
- Vuln Type: Authentication
-
8.8
HIGHCVE-2025-49712
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.... Read more
- Published: Aug. 12, 2025
- Modified: Aug. 15, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2024-52304
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a ... Read more
Affected Products : aiohttp- Published: Nov. 18, 2024
- Modified: Aug. 15, 2025
-
9.8
CRITICALCVE-2024-41779
IBM Engineering Systems Design Rhapsody - Model Manager 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remo... Read more
- Published: Nov. 22, 2024
- Modified: Aug. 15, 2025
-
5.9
MEDIUMCVE-2024-41781
IBM PowerVM Platform KeyStore (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1030.00 through FW1030.60, FW1050.00 through FW1050.20, and FW1060.00 through FW1060.10 functionality can be compromised if an attacker gains service access to the HMC. An... Read more
- Published: Nov. 22, 2024
- Modified: Aug. 15, 2025
-
7.8
HIGHCVE-2024-6233
Check Point ZoneAlarm Extreme Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Check Point ZoneAlarm Extreme Security. An attacker must first ob... Read more
Affected Products : zonealarm_extreme_security- Published: Nov. 22, 2024
- Modified: Aug. 15, 2025
-
7.8
HIGHCVE-2024-6260
Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Antimalware. An attacker must first obtain the ability to execute ... Read more
Affected Products : antimalware- Published: Nov. 22, 2024
- Modified: Aug. 15, 2025
-
7.8
HIGHCVE-2025-53759
Use of uninitialized resource in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
- Published: Aug. 12, 2025
- Modified: Aug. 15, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-53741
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Aug. 12, 2025
- Modified: Aug. 15, 2025
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2025-53740
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more
- Published: Aug. 12, 2025
- Modified: Aug. 15, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-53739
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Aug. 12, 2025
- Modified: Aug. 15, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-8803
A vulnerability has been found in Open5GS up to 2.7.5. Affected is the function gmm_state_de_registered/gmm_state_exception of the file src/amf/gmm-sm.c of the component AMF. The manipulation leads to denial of service. It is possible to launch the attack... Read more
Affected Products : open5gs- Published: Aug. 10, 2025
- Modified: Aug. 15, 2025
- Vuln Type: Denial of Service
-
6.1
MEDIUMCVE-2025-51965
OURPHP thru 8.6.1 is vulnerable to Cross-Site Scripting (XSS) via the "Name" field of the "Complete Profile" functionality under the "My User Center" page, which can be accessed after registering through the front-end interface.... Read more
Affected Products :- Published: Aug. 14, 2025
- Modified: Aug. 15, 2025
- Vuln Type: Cross-Site Scripting