Latest CVE Feed
-
4.3
MEDIUMCVE-2025-1112
IBM OpenPages with Watson 8.3 and 9.0 could allow an authenticated user to obtain sensitive information that should only be available to privileged users.... Read more
- Published: Jul. 09, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2024-12433
A vulnerability in infiniflow/ragflow versions v0.12.0 allows for remote code execution. The RPC server in RagFlow uses a hard-coded AuthKey 'authkey=b'infiniflow-token4kevinhu'' which can be easily fetched by attackers to join the group communication wit... Read more
Affected Products : ragflow- Published: Mar. 20, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Authentication
-
4.3
MEDIUMCVE-2025-27369
IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used for the administration of OpenPages. An authenticated user is able to ob... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2024-12332
The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'cid' parameter in all versions up to, and including, 2.2.14 due to insufficient escaping on the user supplied parameter and lack of sufficient prepar... Read more
Affected Products : wpschoolpress- Published: Jan. 07, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2024-12070
A Denial of Service (DoS) vulnerability exists in the file upload feature of haotian-liu/llava, specifically in Release v1.2.0 (LLaVA-1.6). The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sen... Read more
Affected Products : large_language_and_vision_assistant- Published: Mar. 20, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Denial of Service
-
7.6
HIGHCVE-2024-11824
A stored cross-site scripting (XSS) vulnerability exists in langgenius/dify version latest, specifically in the chat log functionality. The vulnerability arises because certain HTML tags like <input> and <form> are not disallowed, allowing an attacker to ... Read more
- Published: Mar. 20, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Cross-Site Scripting
-
7.8
HIGHCVE-2025-47993
Improper access control in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-47991
Use after free in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 +3 more products- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-47987
Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-47986
Use after free in Universal Print Management Service allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2024-11219
The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 3.0.6 via the get_image function. This makes it possible for unauthenticated attackers ... Read more
Affected Products : otter_blocks- Published: Nov. 27, 2024
- Modified: Jul. 14, 2025
-
7.8
HIGHCVE-2025-47985
Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2024-11449
A vulnerability in haotian-liu/llava version 1.2.0 (LLaVA-1.6) allows for Server-Side Request Forgery (SSRF) through the /run/predict endpoint. An attacker can gain unauthorized access to internal networks or the AWS metadata endpoint by sending crafted r... Read more
Affected Products : large_language_and_vision_assistant- Published: Mar. 20, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Server-Side Request Forgery
-
7.5
HIGHCVE-2025-47984
Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Information Disclosure
-
7.8
HIGHCVE-2025-47982
Improper input validation in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 +3 more products- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-47981
Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +8 more products- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Memory Corruption
-
6.2
MEDIUMCVE-2025-47980
Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an unauthorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-47978
Out-of-bounds read in Windows Kerberos allows an authorized attacker to deny service over a network.... Read more
Affected Products : windows_server_2022 windows_server_2022_23h2 windows_server_23h2 windows_server_2025- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
-
6.1
MEDIUMCVE-2024-11684
The Kudos Donations – Easy donations and payments with Mollie plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 3.2.9 due to insufficient input sanitization and output escaping... Read more
Affected Products : kudos_donations- Published: Nov. 28, 2024
- Modified: Jul. 14, 2025
-
7.8
HIGHCVE-2025-47159
Protection mechanism failure in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +4 more products- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Authorization