Latest CVE Feed
-
7.5
HIGHCVE-2024-12070
A Denial of Service (DoS) vulnerability exists in the file upload feature of haotian-liu/llava, specifically in Release v1.2.0 (LLaVA-1.6). The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sen... Read more
Affected Products : large_language_and_vision_assistant- Published: Mar. 20, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Denial of Service
-
7.6
HIGHCVE-2024-11824
A stored cross-site scripting (XSS) vulnerability exists in langgenius/dify version latest, specifically in the chat log functionality. The vulnerability arises because certain HTML tags like <input> and <form> are not disallowed, allowing an attacker to ... Read more
- Published: Mar. 20, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Cross-Site Scripting
-
7.8
HIGHCVE-2025-47993
Improper access control in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-47991
Use after free in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 +3 more products- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-47987
Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-47986
Use after free in Universal Print Management Service allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2024-11219
The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 3.0.6 via the get_image function. This makes it possible for unauthenticated attackers ... Read more
Affected Products : otter_blocks- Published: Nov. 27, 2024
- Modified: Jul. 14, 2025
-
7.8
HIGHCVE-2025-47985
Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2024-11449
A vulnerability in haotian-liu/llava version 1.2.0 (LLaVA-1.6) allows for Server-Side Request Forgery (SSRF) through the /run/predict endpoint. An attacker can gain unauthorized access to internal networks or the AWS metadata endpoint by sending crafted r... Read more
Affected Products : large_language_and_vision_assistant- Published: Mar. 20, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Server-Side Request Forgery
-
7.5
HIGHCVE-2025-47984
Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Information Disclosure
-
7.8
HIGHCVE-2025-47982
Improper input validation in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 +3 more products- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-47981
Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +8 more products- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Memory Corruption
-
6.2
MEDIUMCVE-2025-47980
Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an unauthorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-47978
Out-of-bounds read in Windows Kerberos allows an authorized attacker to deny service over a network.... Read more
Affected Products : windows_server_2022 windows_server_2022_23h2 windows_server_23h2 windows_server_2025- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
-
6.1
MEDIUMCVE-2024-11684
The Kudos Donations – Easy donations and payments with Mollie plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 3.2.9 due to insufficient input sanitization and output escaping... Read more
Affected Products : kudos_donations- Published: Nov. 28, 2024
- Modified: Jul. 14, 2025
-
7.8
HIGHCVE-2025-47159
Protection mechanism failure in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +4 more products- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Authorization
-
7.0
HIGHCVE-2025-47975
Double free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-47973
Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
-
4.3
MEDIUMCVE-2024-11724
The Cookie Consent for WP – Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpl_script_save AJAX actio... Read more
Affected Products : wp_cookie_consent- Published: Dec. 12, 2024
- Modified: Jul. 14, 2025
-
7.8
HIGHCVE-2025-47971
Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Memory Corruption