Latest CVE Feed
-
7.5
HIGHCVE-2025-26641
Uncontrolled resource consumption in Windows Cryptographic Services allows an unauthorized attacker to deny service over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Denial of Service
-
7.0
HIGHCVE-2025-26640
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_22h2 windows windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 +1 more products- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-24058
Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 +2 more products- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2024-4192
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. ... Read more
Affected Products : cncsoft-g2- Published: Apr. 30, 2024
- Modified: Jul. 10, 2025
-
8.8
HIGHCVE-2025-21221
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-21205
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-21203
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more
- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-21197
Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-24986
Improper isolation or compartmentalization in Azure PromptFlow allows an unauthorized attacker to execute code over a network.... Read more
- Published: Mar. 11, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Misconfiguration
-
6.1
MEDIUMCVE-2024-41380
microweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnerability via userfiles\modules\tags\add_tagging_tagged.php.... Read more
- Published: Aug. 05, 2024
- Modified: Jul. 10, 2025
-
6.1
MEDIUMCVE-2024-41381
microweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnerability via userfiles\modules\settings\admin.php.... Read more
- Published: Aug. 05, 2024
- Modified: Jul. 10, 2025
-
6.5
MEDIUMCVE-2025-27738
Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +7 more products- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Information Disclosure
-
9.1
CRITICALCVE-2024-3279
An improper access control vulnerability exists in the mintplex-labs/anything-llm application, specifically within the import endpoint. This vulnerability allows an anonymous attacker, without an account in the application, to import their own database fi... Read more
Affected Products : anythingllm- Published: Aug. 12, 2024
- Modified: Jul. 10, 2025
-
8.6
HIGHCVE-2025-27737
Improper input validation in Windows Security Zone Mapping allows an unauthorized attacker to bypass a security feature locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Misconfiguration
-
5.5
MEDIUMCVE-2017-5975
Heap-based buffer overflow in the __zzip_get64 function in fetch.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file.... Read more
- Published: Mar. 01, 2017
- Modified: Jul. 10, 2025
-
3.3
LOWCVE-2020-18442
Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file".... Read more
- Published: Jun. 18, 2021
- Modified: Jul. 10, 2025
-
5.5
MEDIUMCVE-2017-5979
The prescan_entry function in fseeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted ZIP file.... Read more
- Published: Mar. 01, 2017
- Modified: Jul. 10, 2025
-
5.5
MEDIUMCVE-2017-5980
The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted ZIP file.... Read more
- Published: Mar. 01, 2017
- Modified: Jul. 10, 2025
-
5.5
MEDIUMCVE-2017-5977
The zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted ZIP file.... Read more
- Published: Mar. 01, 2017
- Modified: Jul. 10, 2025
-
6.5
MEDIUMCVE-2018-16548
An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack.... Read more
- Published: Sep. 05, 2018
- Modified: Jul. 10, 2025