Latest CVE Feed
-
7.8
HIGHCVE-2025-47168
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.... Read more
Affected Products : sharepoint_enterprise_server office word sharepoint_server 365_apps office_long_term_servicing_channel office_macos_2024 office_macos_2021 sharepoint_server_2016 word_2016 +4 more products- Published: Jun. 10, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2025-47167
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more
- Published: Jun. 10, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-47166
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.... Read more
Affected Products : sharepoint_enterprise_server sharepoint_server sharepoint_server_2016 sharepoint_server_2019- Published: Jun. 10, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Authentication
-
7.8
HIGHCVE-2025-47165
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Jun. 10, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2025-47164
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more
- Published: Jun. 10, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-47163
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.... Read more
Affected Products : sharepoint_enterprise_server sharepoint_server sharepoint_server_2016 sharepoint_server_2019- Published: Jun. 10, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Authentication
-
8.4
HIGHCVE-2025-47162
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more
- Published: Jun. 10, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-27747
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.... Read more
Affected Products : sharepoint_enterprise_server office word sharepoint_server 365_apps office_long_term_servicing_channel office_macos_2024 office_macos_2021 sharepoint_server_2016 word_2016 +4 more products- Published: Apr. 08, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Memory Corruption
-
6.4
MEDIUMCVE-2024-2457
The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 5.3.8 due to insufficient input sanitization and output escaping on user sup... Read more
Affected Products : modal_window- Published: Apr. 09, 2024
- Modified: Jul. 09, 2025
-
7.8
HIGHCVE-2025-27746
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office sharepoint_server 365_apps office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 office_2016 office_2024 office_2021 +1 more products- Published: Apr. 08, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-27745
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more
- Published: Apr. 08, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Memory Corruption
-
6.1
MEDIUMCVE-2024-11252
The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the heateor_mastodon_share parameter in all versions up to, and including, 3.3.69 due to insufficient input sanitization and output esc... Read more
Affected Products : sassy_social_share- Published: Nov. 30, 2024
- Modified: Jul. 09, 2025
-
7.8
HIGHCVE-2025-27744
Improper access control in Microsoft Office allows an authorized attacker to elevate privileges locally.... Read more
- Published: Apr. 08, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Authorization
-
8.4
HIGHCVE-2025-32717
Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.... Read more
Affected Products : 365_apps- Published: Jun. 11, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-7155
A vulnerability, which was classified as critical, was found in PHPGurukul Online Notes Sharing System 1.0. This affects an unknown part of the file /Dashboard of the component Cookie Handler. The manipulation of the argument sessionid leads to sql inject... Read more
Affected Products : online_notes_sharing_system- Published: Jul. 08, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Injection
-
6.4
MEDIUMCVE-2025-6244
The Essential Addons for Elementor – Popular Elementor Templates and Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the via `Calendar` And `Business Reviews` Widgets attributes in all versions up to, and including, 6.1.19 du... Read more
Affected Products : essential_addons_for_elementor- Published: Jul. 08, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Cross-Site Scripting
-
9.8
CRITICALCVE-2025-7157
A vulnerability was found in code-projects Online Note Sharing 1.0. It has been classified as critical. Affected is an unknown function of the file /login.php. The manipulation of the argument username/password leads to sql injection. It is possible to la... Read more
Affected Products : online_note_sharing- Published: Jul. 08, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-7161
A vulnerability classified as critical was found in PHPGurukul Zoo Management System 2.1. This vulnerability affects unknown code of the file /admin/add-normal-ticket.php. The manipulation of the argument cprice leads to sql injection. The attack can be i... Read more
Affected Products : zoo_management_system- Published: Jul. 08, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-7162
A vulnerability, which was classified as critical, has been found in PHPGurukul Zoo Management System 2.1. This issue affects some unknown processing of the file /admin/add-foreigners-ticket.php. The manipulation of the argument cprice leads to sql inject... Read more
Affected Products : zoo_management_system- Published: Jul. 08, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Injection
-
6.4
MEDIUMCVE-2024-11453
The WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gs_pin_widget' shortcode in all versions up to, and including, 1.8.8 due to insuffi... Read more
Affected Products : gs_pinterest_portfolio- Published: Dec. 03, 2024
- Modified: Jul. 09, 2025