Latest CVE Feed
-
8.2
HIGHCVE-2025-7029
A vulnerability in the Software SMI handler (SwSmiInputValue 0xB2) allows a local attacker to control the RBX register, which is used to derive pointers (OcHeader, OcData) passed into power and thermal configuration logic. These buffers are not validated ... Read more
Affected Products :- Published: Jul. 11, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Memory Corruption
-
8.2
HIGHCVE-2025-7027
A vulnerability in the Software SMI handler (SwSmiInputValue 0xB2) allows a local attacker to control both the read and write addresses used by the CommandRcx1 function. The write target is derived from an unvalidated UEFI NVRAM variable (SetupXtuBufferAd... Read more
Affected Products :- Published: Jul. 11, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Memory Corruption
-
6.9
MEDIUMCVE-2025-52951
A Protection Mechanism Failure vulnerability in kernel filter processing of Juniper Networks Junos OS allows an attacker sending IPv6 traffic destined to the device to effectively bypass any firewall filtering configured on the interface. Due to an issue... Read more
Affected Products : junos- Published: Jul. 11, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2024-8196
In mintplex-labs/anything-llm v1.5.11 desktop version for Windows, the application opens server port 3001 on 0.0.0.0 with no authentication by default. This vulnerability allows an attacker to gain full backend access, enabling them to perform actions suc... Read more
- Published: Mar. 20, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2024-7771
A vulnerability in the Dockerized version of mintplex-labs/anything-llm (latest, digest 1d9452da2b92) allows for a denial of service. Uploading an audio file with a very low sample rate causes the functionality responsible for transcribing it to crash the... Read more
Affected Products : anythingllm- Published: Mar. 20, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2024-6842
In version 1.5.5 of mintplex-labs/anything-llm, the `/setup-complete` API endpoint allows unauthorized users to access sensitive system settings. The data returned by the `currentSettings` function includes sensitive information such as API keys for searc... Read more
Affected Products : anythingllm- Published: Mar. 20, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Authorization
-
9.1
CRITICALCVE-2024-5211
A path traversal vulnerability in mintplex-labs/anything-llm allowed a manager to bypass the `normalizePath()` function, intended to defend against path traversal attacks. This vulnerability enables the manager to read, delete, or overwrite the 'anythingl... Read more
Affected Products : anythingllm- Published: Jun. 12, 2024
- Modified: Jul. 15, 2025
-
7.5
HIGHCVE-2024-8984
A Denial of Service (DoS) vulnerability exists in berriai/litellm version v1.44.5. This vulnerability can be exploited by appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request. The server continuously processes ea... Read more
Affected Products : litellm- Published: Mar. 20, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Denial of Service
-
8.8
HIGHCVE-2024-6825
BerriAI/litellm version 1.40.12 contains a vulnerability that allows remote code execution. The issue exists in the handling of the 'post_call_rules' configuration, where a callback function can be added. The provided value is split at the final '.' mark,... Read more
Affected Products : litellm- Published: Mar. 20, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Authentication
-
7.3
HIGHCVE-2025-49682
Use after free in Windows Media allows an authorized attacker to elevate privileges locally.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-48824
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-49658
Out-of-bounds read in Windows TDX.sys allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Information Disclosure
-
7.8
HIGHCVE-2025-49659
Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-49661
Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-49660
Use after free in Windows Event Tracing allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +6 more products- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-49657
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Memory Corruption
-
10.0
CRITICALCVE-2025-47812
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP serv... Read more
Affected Products : wing_ftp_server- Actively Exploited
- Published: Jul. 10, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-48814
Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an unauthorized attacker to bypass a security feature over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +7 more products- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Authentication
-
7.8
HIGHCVE-2025-48815
Access of resource using incompatible type ('type confusion') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
-
7.8
HIGHCVE-2025-48816
Integer overflow or wraparound in HID class driver allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Memory Corruption