Latest CVE Feed
-
9.3
CRITICALCVE-2025-25034
A PHP object injection vulnerability exists in SugarCRM versions prior to 6.5.24, 6.7.13, 7.5.2.5, 7.6.2.2, and 7.7.1.0 due to improper validation of PHP serialized input in the SugarRestSerialize.php script. The vulnerable code fails to sanitize the rest... Read more
Affected Products : sugarcrm- Published: Jun. 20, 2025
- Modified: Jul. 16, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2024-42649
NanoMQ v0.22.10 was discovered to contain a memory leak which allows attackers to cause a Denial of Service (DoS) via a crafted PUBLISH message.... Read more
Affected Products : nanomq- Published: Jul. 14, 2025
- Modified: Jul. 16, 2025
- Vuln Type: Denial of Service
-
7.8
HIGHCVE-2025-20929
Out-of-bounds write in parsing jpeg image in Samsung Notes prior to version 4.4.26.71 allows local attackers to execute arbitrary code.... Read more
Affected Products : notes- Published: Mar. 06, 2025
- Modified: Jul. 16, 2025
-
5.5
MEDIUMCVE-2025-20930
Out-of-bounds read in parsing jpeg image in Samsung Notes prior to version 4.4.26.71 allows local attackers to read out-of-bounds memory.... Read more
Affected Products : notes- Published: Mar. 06, 2025
- Modified: Jul. 16, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-20931
Out-of-bounds write in parsing bmp image in Samsung Notes prior to version 4.4.26.71 allows local attackers to execute arbitrary code.... Read more
Affected Products : notes- Published: Mar. 06, 2025
- Modified: Jul. 16, 2025
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-20932
Out-of-bounds read in parsing rle of bmp image in Samsung Notes prior to version 4.4.26.71 allows local attackers to혻read out-of-bounds memory.... Read more
Affected Products : notes- Published: Mar. 06, 2025
- Modified: Jul. 16, 2025
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-20933
Out-of-bounds read in parsing bmp image in Samsung Notes prior to version 4.4.26.71 allows local attackers to read out-of-bounds memory.... Read more
Affected Products : notes- Published: Mar. 06, 2025
- Modified: Jul. 16, 2025
- Vuln Type: Memory Corruption
-
5.6
MEDIUMCVE-2025-27867
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Felix HTTP Webconsole Plugin. This issue affects Apache Felix HTTP Webconsole Plugin: from Version 1.X through 1.2.0. Users are recommended to u... Read more
- Published: Mar. 12, 2025
- Modified: Jul. 16, 2025
- Vuln Type: Cross-Site Scripting
-
7.8
HIGHCVE-2025-49705
Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 16, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-49703
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office word sharepoint_server 365_apps office_long_term_servicing_channel office_macos_2024 office_macos_2021 sharepoint_server_2016 word_2016 sharepoint_server_2019 +3 more products- Published: Jul. 08, 2025
- Modified: Jul. 16, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-49702
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 16, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-49723
Missing authorization in Windows StateRepository API allows an authorized attacker to perform tampering locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 +1 more products- Published: Jul. 08, 2025
- Modified: Jul. 16, 2025
- Vuln Type: Authorization
-
7.2
HIGHCVE-2024-10296
A vulnerability was found in PHPGurukul Medical Card Generation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/card-bwdates-reports-details.php of the component Report of Medical... Read more
- Published: Oct. 23, 2024
- Modified: Jul. 16, 2025
-
5.7
MEDIUMCVE-2025-49722
Uncontrolled resource consumption in Windows Print Spooler Components allows an authorized attacker to deny service over an adjacent network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 16, 2025
- Vuln Type: Denial of Service
-
7.8
HIGHCVE-2025-49721
Heap-based buffer overflow in Windows Fast FAT Driver allows an unauthorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 16, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-49716
Uncontrolled resource consumption in Windows Netlogon allows an unauthorized attacker to deny service over a network.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 16, 2025
- Vuln Type: Denial of Service
-
7.8
HIGHCVE-2025-49714
Trust boundary violation in Visual Studio Code - Python extension allows an unauthorized attacker to execute code locally.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 16, 2025
- Vuln Type: Authentication
-
8.8
HIGHCVE-2025-49729
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 16, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2024-56474
IBM TXSeries for Multiplatforms 9.1 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.... Read more
- Published: Apr. 02, 2025
- Modified: Jul. 16, 2025
- Vuln Type: Cross-Site Request Forgery
-
7.0
HIGHCVE-2025-49727
Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 16, 2025
- Vuln Type: Memory Corruption