Latest CVE Feed
-
8.8
HIGHCVE-2025-5571
A vulnerability was found in D-Link DCS-932L 2.18.01. It has been classified as critical. Affected is the function setSystemAdmin of the file /setSystemAdmin. The manipulation of the argument AdminID leads to os command injection. It is possible to launch... Read more
- Published: Jun. 04, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-49676
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-49683
Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execute code locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-49681
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Information Disclosure
-
7.3
HIGHCVE-2025-49680
Improper link resolution before file access ('link following') in Windows Performance Recorder allows an authorized attacker to deny service locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +4 more products- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Denial of Service
-
7.8
HIGHCVE-2025-49679
Numeric truncation error in Windows Shell allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Authorization
-
7.0
HIGHCVE-2025-49678
Null pointer dereference in Windows NTFS allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Authentication
-
7.0
HIGHCVE-2025-49677
Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_11_22h2- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Memory Corruption
-
6.4
MEDIUMCVE-2025-5703
The StageShow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘anchor’ parameter in all versions up to, and including, 10.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated at... Read more
Affected Products : stageshow- Published: Jun. 06, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-5568
The WpEvently plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attack... Read more
Affected Products : event_manager_and_tickets_selling_for_woocommerce- Published: Jun. 07, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Cross-Site Scripting
-
8.8
HIGHCVE-2025-49701
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-7612
A vulnerability was found in code-projects Mobile Shop 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remote... Read more
Affected Products : mobile_shop- Published: Jul. 14, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Injection
-
7.8
HIGHCVE-2025-49700
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office word 365_apps office_long_term_servicing_channel word_2016 office_2024 office_2021 office_2019- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Memory Corruption
-
7.0
HIGHCVE-2025-49699
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office word 365_apps outlook powerpoint office_long_term_servicing_channel outlook_2016 office_macos_2024 office_macos_2021 word_2016 +4 more products- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-49698
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Memory Corruption
-
8.2
HIGHCVE-2023-45588
An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /... Read more
Affected Products : forticlient- Published: Mar. 14, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Path Traversal
-
8.4
HIGHCVE-2025-49697
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Memory Corruption
-
5.6
MEDIUMCVE-2025-51650
An arbitrary file upload vulnerability in the component /controller/PicManager.php of FoxCMS v1.2.6 allows attackers to execute arbitrary code via uploading a crafted template file.... Read more
- Published: Jul. 14, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Authentication
-
5.4
MEDIUMCVE-2025-51652
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Categories.php.... Read more
Affected Products : semcms- Published: Jul. 14, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Injection
-
5.4
MEDIUMCVE-2025-51653
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_ct.php.... Read more
Affected Products : semcms- Published: Jul. 14, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Injection