Latest CVE Feed
-
6.3
MEDIUMCVE-2024-32638
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Apache APISIX when using `forward-auth` plugin.This issue affects Apache APISIX: from 3.8.0, 3.9.0. Users are recommended to upgrade to version 3.8.1, 3.9.1 or highe... Read more
Affected Products : apisix- Published: May. 02, 2024
- Modified: Jul. 10, 2025
-
8.4
HIGHCVE-2025-33067
Improper privilege management in Windows Kernel allows an unauthorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +4 more products- Published: Jun. 10, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-33068
Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.... Read more
- Published: Jun. 10, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Denial of Service
-
7.8
HIGHCVE-2025-26648
Sensitive data storage in improperly locked memory in Windows Kernel allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Information Disclosure
-
8.8
HIGHCVE-2025-26647
Improper input validation in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network.... Read more
- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2023-30464
CoreDNS through 1.10.1 enables attackers to achieve DNS cache poisoning and inject fake responses via a birthday attack.... Read more
Affected Products : coredns- Published: Sep. 18, 2024
- Modified: Jul. 10, 2025
-
5.1
MEDIUMCVE-2025-26644
Automated recognition mechanism with inadequate detection or handling of adversarial input perturbations in Windows Hello allows an unauthorized attacker to perform spoofing locally.... Read more
- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Authentication
-
7.4
HIGHCVE-2024-41262
mmudb v1.9.3 was discovered to use the HTTP protocol in the ShowMetricsRaw and ShowMetricsAsText functions, possibly allowing attackers to intercept communications via a man-in-the-middle attack.... Read more
Affected Products : immudb- Published: Jul. 31, 2024
- Modified: Jul. 10, 2025
-
7.5
HIGHCVE-2025-26641
Uncontrolled resource consumption in Windows Cryptographic Services allows an unauthorized attacker to deny service over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Denial of Service
-
7.0
HIGHCVE-2025-26640
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_22h2 windows windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 +1 more products- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-24058
Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 +2 more products- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2024-4192
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. ... Read more
Affected Products : cncsoft-g2- Published: Apr. 30, 2024
- Modified: Jul. 10, 2025
-
8.8
HIGHCVE-2025-21221
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-21205
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-21203
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more
- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-21197
Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-24986
Improper isolation or compartmentalization in Azure PromptFlow allows an unauthorized attacker to execute code over a network.... Read more
- Published: Mar. 11, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Misconfiguration
-
6.1
MEDIUMCVE-2024-41380
microweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnerability via userfiles\modules\tags\add_tagging_tagged.php.... Read more
- Published: Aug. 05, 2024
- Modified: Jul. 10, 2025
-
6.1
MEDIUMCVE-2024-41381
microweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnerability via userfiles\modules\settings\admin.php.... Read more
- Published: Aug. 05, 2024
- Modified: Jul. 10, 2025
-
6.5
MEDIUMCVE-2025-27738
Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +7 more products- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Information Disclosure