Latest CVE Feed
-
9.8
CRITICALCVE-2025-8960
A vulnerability has been found in Campcodes Online Flight Booking Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/save_airlines.php. The manipulation of the argument ID leads to sql injection. The attack may ... Read more
Affected Products : online_flight_booking_management_system- Published: Aug. 14, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Injection
-
10.0
CRITICAL- Published: Aug. 07, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-53771
Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.... Read more
- Published: Jul. 20, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Authentication
-
9.9
CRITICALCVE-2025-53762
Permissive list of allowed inputs in Microsoft Purview allows an authorized attacker to elevate privileges over a network.... Read more
- Published: Jul. 18, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Authorization
-
9.9
CRITICALCVE-2025-49747
Missing authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.... Read more
Affected Products : azure_machine_learning- Published: Jul. 18, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Authorization
-
9.9
CRITICALCVE-2025-49746
Improper authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.... Read more
Affected Products : azure_machine_learning- Published: Jul. 18, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Authorization
-
8.8
HIGHCVE-2025-47995
Weak authentication in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.... Read more
Affected Products : azure_machine_learning- Published: Jul. 18, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Authentication
-
9.0
CRITICALCVE-2025-47158
Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.... Read more
Affected Products : azure_devops- Published: Jul. 18, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Authentication
-
7.2
HIGHCVE-2024-41746
IBM CICS TX Advanced 10.1, 11.1, and Standard 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials d... Read more
- Published: Jan. 16, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Cross-Site Scripting
-
5.7
MEDIUMCVE-2025-50156
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.... Read more
- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Information Disclosure
-
7.8
HIGHCVE-2025-50155
Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +6 more products- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-50154
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Information Disclosure
-
7.8
HIGHCVE-2025-50153
Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +4 more products- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-24999
Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.... Read more
- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Authorization
-
7.3
HIGHCVE-2025-50161
Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Memory Corruption
-
8.0
HIGHCVE-2025-50160
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.... Read more
- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Memory Corruption
-
7.3
HIGHCVE-2025-50159
Use after free in Remote Access Point-to-Point Protocol (PPP) EAP-TLS allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +6 more products- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Memory Corruption
-
7.0
HIGHCVE-2025-50158
Time-of-check time-of-use (toctou) race condition in Windows NTFS allows an unauthorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Race Condition
-
5.7
MEDIUMCVE-2025-50157
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.... Read more
- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Information Disclosure
-
7.8
HIGHCVE-2025-53789
Missing authentication for critical function in Windows StateRepository API allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +4 more products- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Authentication