Latest CVE Feed
-
7.8
HIGHCVE-2025-26648
Sensitive data storage in improperly locked memory in Windows Kernel allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Information Disclosure
-
8.8
HIGHCVE-2025-26647
Improper input validation in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network.... Read more
- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2023-30464
CoreDNS through 1.10.1 enables attackers to achieve DNS cache poisoning and inject fake responses via a birthday attack.... Read more
Affected Products : coredns- Published: Sep. 18, 2024
- Modified: Jul. 10, 2025
-
5.1
MEDIUMCVE-2025-26644
Automated recognition mechanism with inadequate detection or handling of adversarial input perturbations in Windows Hello allows an unauthorized attacker to perform spoofing locally.... Read more
- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Authentication
-
7.4
HIGHCVE-2024-41262
mmudb v1.9.3 was discovered to use the HTTP protocol in the ShowMetricsRaw and ShowMetricsAsText functions, possibly allowing attackers to intercept communications via a man-in-the-middle attack.... Read more
Affected Products : immudb- Published: Jul. 31, 2024
- Modified: Jul. 10, 2025
-
7.5
HIGHCVE-2025-26641
Uncontrolled resource consumption in Windows Cryptographic Services allows an unauthorized attacker to deny service over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Denial of Service
-
7.0
HIGHCVE-2025-26640
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_22h2 windows windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 +1 more products- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-24058
Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 +2 more products- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2024-4192
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. ... Read more
Affected Products : cncsoft-g2- Published: Apr. 30, 2024
- Modified: Jul. 10, 2025
-
8.8
HIGHCVE-2025-21221
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-21205
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-21203
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more
- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-21197
Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-24986
Improper isolation or compartmentalization in Azure PromptFlow allows an unauthorized attacker to execute code over a network.... Read more
- Published: Mar. 11, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Misconfiguration
-
6.1
MEDIUMCVE-2024-41380
microweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnerability via userfiles\modules\tags\add_tagging_tagged.php.... Read more
- Published: Aug. 05, 2024
- Modified: Jul. 10, 2025
-
6.1
MEDIUMCVE-2024-41381
microweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnerability via userfiles\modules\settings\admin.php.... Read more
- Published: Aug. 05, 2024
- Modified: Jul. 10, 2025
-
6.5
MEDIUMCVE-2025-27738
Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +7 more products- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Information Disclosure
-
9.1
CRITICALCVE-2024-3279
An improper access control vulnerability exists in the mintplex-labs/anything-llm application, specifically within the import endpoint. This vulnerability allows an anonymous attacker, without an account in the application, to import their own database fi... Read more
Affected Products : anythingllm- Published: Aug. 12, 2024
- Modified: Jul. 10, 2025
-
8.6
HIGHCVE-2025-27737
Improper input validation in Windows Security Zone Mapping allows an unauthorized attacker to bypass a security feature locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2018-16548
An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack.... Read more
- EPSS Score: %0.50
- Published: Sep. 05, 2018
- Modified: Jul. 10, 2025