Latest CVE Feed
-
7.3
HIGHCVE-2025-32721
Improper link resolution before file access ('link following') in Windows Recovery Driver allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +4 more products- Published: Jun. 10, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-32718
Integer overflow or wraparound in Windows SMB allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +6 more products- Published: Jun. 10, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-32716
Out-of-bounds read in Windows Media allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +7 more products- Published: Jun. 10, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-32714
Improper access control in Windows Installer allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jun. 10, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-32713
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jun. 10, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-32712
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jun. 10, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Memory Corruption
-
8.1
HIGHCVE-2025-32710
Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.... Read more
- Published: Jun. 10, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Memory Corruption
-
8.1
HIGHCVE-2025-29828
Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network.... Read more
- Published: Jun. 10, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-53004
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's Redshift Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigge... Read more
Affected Products : dataease- Published: Jun. 30, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Misconfiguration
-
8.0
HIGHCVE-2025-3467
An XSS vulnerability exists in langgenius/dify versions prior to 1.1.3, specifically affecting Firefox browsers. This vulnerability allows an attacker to obtain the administrator's token by sending a payload in the published chat. When the administrator v... Read more
- Published: Jul. 07, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-5537
The Lightbox & Modal Popup WordPress Plugin – FooBox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alternative texts in all versions up to, and including, 2.7.34 due to insufficient input sanitization and output escaping. Thi... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Cross-Site Scripting
-
7.5
HIGHCVE-2024-42760
SQL Injection vulnerability in Ellevo v.6.2.0.38160 allows a remote attacker to obtain sensitive information via the /api/mob/instrucao/conta/destinatarios component.... Read more
Affected Products : ellevo- Published: Sep. 11, 2024
- Modified: Jul. 10, 2025
-
8.8
HIGHCVE-2024-39924
An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A vulnerability has been identified in the authentication and authorization process of the endpoint responsible for altering the metadata of an emergency access. It permits an attacker... Read more
Affected Products : vaultwarden- Published: Sep. 13, 2024
- Modified: Jul. 10, 2025
-
6.5
MEDIUMCVE-2024-39925
An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. It lacks an offboarding process for members who leave an organization. As a result, the shared organization key is not rotated when a member departs. Consequently, the departing member... Read more
Affected Products : vaultwarden- Published: Sep. 13, 2024
- Modified: Jul. 10, 2025
-
5.4
MEDIUMCVE-2024-39926
An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A stored cross-site scripting (XSS) or, due to the default CSP, HTML injection vulnerability has been discovered in the admin dashboard. This potentially allows an authenticated attack... Read more
Affected Products : vaultwarden- Published: Sep. 13, 2024
- Modified: Jul. 10, 2025
-
8.8
HIGHCVE-2024-42404
SQL injection vulnerability in Welcart e-Commerce prior to 2.11.2 allows an attacker who can login to the product to obtain or alter the information stored in the database.... Read more
Affected Products : welcart_e-commerce- Published: Sep. 18, 2024
- Modified: Jul. 10, 2025
-
6.1
MEDIUMCVE-2024-45366
Welcart e-Commerce prior to 2.11.2 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser.... Read more
Affected Products : welcart_e-commerce- Published: Sep. 18, 2024
- Modified: Jul. 10, 2025
-
7.5
HIGHCVE-2023-49203
Technitium 11.5.3 allows remote attackers to cause a denial of service (bandwidth amplification) because the DNSBomb manipulation causes accumulation of low-rate DNS queries such that there is a large-sized response in a burst of traffic.... Read more
Affected Products : dnsserver- Published: Sep. 18, 2024
- Modified: Jul. 10, 2025
-
5.5
MEDIUMCVE-2025-21008
Out-of-bounds read in decoding frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.... Read more
Affected Products : android- Published: Jul. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Memory Corruption
-
5.6
MEDIUMCVE-2024-36350
A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information.... Read more
Affected Products :- Published: Jul. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Information Disclosure