Latest CVE Feed
-
7.5
HIGHCVE-2025-33050
Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network.... Read more
- Published: Jun. 10, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-32724
Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jun. 10, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2025-33052
Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 +1 more products- Published: Jun. 10, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Information Disclosure
-
4.9
MEDIUMCVE-2024-4284
A vulnerability in mintplex-labs/anything-llm allows for a denial of service (DoS) condition through the modification of a user's `id` attribute to a value of 0. This issue affects the current version of the software, with the latest commit id `57984fa85c... Read more
Affected Products : anythingllm- Published: May. 19, 2024
- Modified: Jul. 10, 2025
-
6.4
MEDIUMCVE-2024-10172
The WPBakery Visual Composer WHMCS Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's void_wbwhmcse_laouts_search shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and out... Read more
Affected Products : wpbakery_visual_composer_whmcs_elements- Published: Nov. 21, 2024
- Modified: Jul. 10, 2025
-
9.8
CRITICALCVE-2024-5716
Logsign Unified SecOps Platform Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerabi... Read more
Affected Products : unified_secops_platform- Published: Nov. 22, 2024
- Modified: Jul. 10, 2025
-
5.3
MEDIUMCVE-2024-3599
The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the gdpr_policy_process_delete() function in all versions up to, and including, 3.0.2. This makes it p... Read more
Affected Products : wp_cookie_consent- Published: May. 02, 2024
- Modified: Jul. 10, 2025
-
8.8
HIGHCVE-2024-5717
Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Although authentication is required t... Read more
Affected Products : unified_secops_platform- Published: Nov. 22, 2024
- Modified: Jul. 10, 2025
-
8.1
HIGHCVE-2024-5718
Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required t... Read more
Affected Products : unified_secops_platform- Published: Nov. 22, 2024
- Modified: Jul. 10, 2025
-
8.8
HIGHCVE-2024-5719
Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Although authentication is required t... Read more
Affected Products : unified_secops_platform- Published: Nov. 22, 2024
- Modified: Jul. 10, 2025
-
8.8
HIGHCVE-2024-5720
Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Although authentication is required t... Read more
Affected Products : unified_secops_platform- Published: Nov. 22, 2024
- Modified: Jul. 10, 2025
-
8.1
HIGHCVE-2024-5721
Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required t... Read more
Affected Products : unified_secops_platform- Published: Nov. 22, 2024
- Modified: Jul. 10, 2025
-
8.8
HIGHCVE-2024-5722
Logsign Unified SecOps Platform HTTP API Hard-coded Cryptographic Key Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authent... Read more
Affected Products : unified_secops_platform- Published: Nov. 22, 2024
- Modified: Jul. 10, 2025
-
8.8
HIGHCVE-2025-33073
Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jun. 10, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-33056
Improper access control in Microsoft Local Security Authority Server (lsasrv) allows an unauthorized attacker to deny service over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jun. 10, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-33057
Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jun. 10, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Denial of Service
-
8.8
HIGHCVE-2025-33064
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jun. 10, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-33066
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jun. 10, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Memory Corruption
-
5.1
MEDIUMCVE-2025-33069
Improper verification of cryptographic signature in App Control for Business (WDAC) allows an unauthorized attacker to bypass a security feature locally.... Read more
- Published: Jun. 10, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Cryptography
-
7.1
HIGHCVE-2025-47959
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network.... Read more
- Published: Jun. 13, 2025
- Modified: Jul. 10, 2025