Latest CVE Feed
-
5.3
MEDIUMCVE-2024-6763
Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviou... Read more
Affected Products : jetty- Published: Oct. 14, 2024
- Modified: Jul. 10, 2025
-
7.5
HIGHCVE-2025-29810
Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-3466
langgenius/dify versions 1.1.0 to 1.1.2 are vulnerable to unsanitized input in the code node, allowing execution of arbitrary code with full root permissions. The vulnerability arises from the ability to override global functions in JavaScript, such as pa... Read more
- Published: Jul. 07, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Misconfiguration
-
5.5
MEDIUMCVE-2025-24069
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +4 more products- Published: Jun. 10, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Information Disclosure
-
6.1
MEDIUMCVE-2025-53377
WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the cadastro_dependente_pessoa_nova.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious s... Read more
Affected Products : wegia- Published: Jul. 07, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Cross-Site Scripting
-
8.0
HIGHCVE-2025-26646
External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.... Read more
Affected Products : linux_kernel macos visual_studio .net windows visual_studio_2022 build_tools_for_visual_studio_2022 build_tools- Published: May. 13, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Path Traversal
-
7.3
HIGHCVE-2025-29803
Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally.... Read more
- Published: Apr. 12, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Authorization
-
6.2
MEDIUMCVE-2025-29819
External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose information locally.... Read more
Affected Products : windows_admin_center- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Path Traversal
-
7.8
HIGHCVE-2025-29812
Untrusted pointer dereference in Windows Kernel Memory allows an authorized attacker to elevate privileges locally.... Read more
- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-29811
Improper input validation in Windows Mobile Broadband allows an authorized attacker to elevate privileges locally.... Read more
- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-29331
An issue in MHSanaei 3x-ui before v.2.5.3 and before allows a remote attacker to execute arbitrary code via the management script x-ui passes the no check certificate option to wget when downloading updates... Read more
Affected Products : 3x-ui- Published: Jun. 26, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Misconfiguration
-
7.1
HIGHCVE-2025-29809
Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows +5 more products- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Misconfiguration
-
6.1
MEDIUMCVE-2025-4966
The WP Online Users Stats plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation within the hk_dataset_results() function. This makes it possible for unauthenti... Read more
Affected Products : wp_online_users_stats- Published: Jun. 06, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Cross-Site Request Forgery
-
4.9
MEDIUMCVE-2025-4964
The WP Online Users Stats plugin for WordPress is vulnerable to time-based SQL Injection via the ‘table_name’ parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparat... Read more
Affected Products : wp_online_users_stats- Published: Jun. 06, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Injection
-
6.4
MEDIUMCVE-2025-5341
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id' and 'data-size’ parameters in all versions up to, and including, 1.44.1 due to insufficient input saniti... Read more
- Published: Jun. 05, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Cross-Site Scripting
-
7.5
HIGH- Published: Jan. 14, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Authentication
-
5.5
MEDIUMCVE-2025-29808
Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2022- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Cryptography
-
7.5
HIGHCVE-2025-29805
Exposure of sensitive information to an unauthorized actor in Outlook for Android allows an unauthorized attacker to disclose information over a network.... Read more
Affected Products : outlook- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-30399
Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.... Read more
- Published: Jun. 13, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Misconfiguration
-
8.0
HIGHCVE-2025-52995
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.33.10, the implementation of the allowlist is erroneous, allowing a user to execute more ... Read more
Affected Products : filebrowser- Published: Jun. 30, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Authorization