Latest CVE Feed
-
7.8
HIGHCVE-2025-47987
Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-47986
Use after free in Universal Print Management Service allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2024-11219
The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 3.0.6 via the get_image function. This makes it possible for unauthenticated attackers ... Read more
Affected Products : otter_blocks- Published: Nov. 27, 2024
- Modified: Jul. 14, 2025
-
7.8
HIGHCVE-2025-47985
Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2024-11449
A vulnerability in haotian-liu/llava version 1.2.0 (LLaVA-1.6) allows for Server-Side Request Forgery (SSRF) through the /run/predict endpoint. An attacker can gain unauthorized access to internal networks or the AWS metadata endpoint by sending crafted r... Read more
Affected Products : large_language_and_vision_assistant- Published: Mar. 20, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Server-Side Request Forgery
-
7.5
HIGHCVE-2025-47984
Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Information Disclosure
-
7.8
HIGHCVE-2025-47982
Improper input validation in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 +3 more products- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-47981
Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +8 more products- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Memory Corruption
-
6.2
MEDIUMCVE-2025-47980
Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an unauthorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-47978
Out-of-bounds read in Windows Kerberos allows an authorized attacker to deny service over a network.... Read more
Affected Products : windows_server_2022 windows_server_2022_23h2 windows_server_23h2 windows_server_2025- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
-
6.1
MEDIUMCVE-2024-11684
The Kudos Donations – Easy donations and payments with Mollie plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 3.2.9 due to insufficient input sanitization and output escaping... Read more
Affected Products : kudos_donations- Published: Nov. 28, 2024
- Modified: Jul. 14, 2025
-
7.8
HIGHCVE-2025-47159
Protection mechanism failure in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +4 more products- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Authorization
-
7.0
HIGHCVE-2025-47975
Double free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-47973
Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
-
4.3
MEDIUMCVE-2024-11724
The Cookie Consent for WP – Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpl_script_save AJAX actio... Read more
Affected Products : wp_cookie_consent- Published: Dec. 12, 2024
- Modified: Jul. 14, 2025
-
7.8
HIGHCVE-2025-47971
Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-47976
Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Memory Corruption
-
5.3
MEDIUMCVE-2024-11771
Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access restricted functionality.... Read more
Affected Products : cloud_services_appliance- Published: Feb. 11, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Path Traversal
-
6.4
MEDIUMCVE-2025-3100
The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.22 due to insuffici... Read more
Affected Products : wp_project_manager- Published: Apr. 09, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-5528
The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the heateor_mastodon_share parameter in all versions up to, and including, 3.3.75 due to insufficient input sanitization and output esc... Read more
Affected Products : sassy_social_share- Published: Jun. 07, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Cross-Site Scripting