Latest CVE Feed
-
7.8
HIGHCVE-2025-48805
Heap-based buffer overflow in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-48806
Use after free in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-21005
Improper access control in isemtelephony prior to Android 15 allows local attackers to access sensitive information.... Read more
Affected Products : android- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Authorization
-
6.8
MEDIUMCVE-2025-47999
Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 +3 more products- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Denial of Service
-
7.8
HIGHCVE-2025-48000
Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 +3 more products- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Memory Corruption
-
5.7
MEDIUMCVE-2025-48002
Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to disclose information over an adjacent network.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Information Disclosure
-
6.8
MEDIUMCVE-2025-48003
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 +1 more products- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Authentication
-
6.8
MEDIUMCVE-2025-48001
Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +6 more products- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Race Condition
-
7.8
HIGHCVE-2025-21006
Out-of-bounds write in handling of macro blocks for MPEG4 codec in libsavsvc.so prior to Android 15 allows local attackers to write out-of-bounds memory.... Read more
Affected Products : android- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-48976
Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to u... Read more
Affected Products : commons_fileupload- Published: Jun. 16, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Denial of Service
-
9.8
CRITICALCVE-2024-2952
BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the `/completions` endpoint. The vulnerability arises from the `hf_chat_template` method processing the `chat_template` parameter from the `tokenizer_config.json` file through the ... Read more
Affected Products : litellm- Published: Apr. 10, 2024
- Modified: Jul. 15, 2025
-
5.5
MEDIUMCVE-2025-21007
Out-of-bounds write in accessing uninitialized memory in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.... Read more
Affected Products : android- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-53015
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0, infinite lines occur when writing during a specific XMP file conversion command. Version 7.1.2-0 fixes the issue.... Read more
Affected Products : imagemagick- Published: Jul. 14, 2025
- Modified: Jul. 15, 2025
-
5.5
MEDIUMCVE-2025-43580
Audition versions 25.2, 24.6.3 and earlier are affected by an Access of Memory Location After End of Buffer vulnerability that could result in application denial-of-service. An attacker could leverage this vulnerability to crash the application or disrupt... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Memory Corruption
-
8.6
HIGHCVE-2025-47994
Deserialization of untrusted data in Microsoft Office allows an unauthorized attacker to elevate privileges locally.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Authentication
-
9.9
CRITICALCVE-2025-23121
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user... Read more
Affected Products : veeam_backup_\&_replication- Published: Jun. 19, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2024-24683
Improper Input Validation vulnerability in Apache Hop Engine.This issue affects Apache Hop Engine: before 2.8.0. Users are recommended to upgrade to version 2.8.0, which fixes the issue. When Hop Server writes links to the PrepareExecutionPipelineServle... Read more
Affected Products : hop_engine- Published: Mar. 19, 2024
- Modified: Jul. 15, 2025
-
7.8
HIGHCVE-2025-47996
Integer underflow (wrap or wraparound) in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-47998
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2024-5979
In h2oai/h2o-3 version 3.46.0, the `run_tool` command in the `rapids` component allows the `main` function of any class under the `water.tools` namespace to be called. One such class, `MojoConvertTool`, crashes the server when invoked with an invalid argu... Read more
- Published: Jun. 27, 2024
- Modified: Jul. 15, 2025