Latest CVE Feed
-
7.8
HIGHCVE-2025-47962
Improper access control in Windows SDK allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_software_development_kit- Published: Jun. 10, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Authorization
-
5.5
MEDIUMCVE-2025-47956
External control of file name or path in Windows Security App allows an authorized attacker to perform spoofing locally.... Read more
Affected Products : windows_security_app- Published: Jun. 10, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Path Traversal
-
7.8
HIGHCVE-2025-47955
Improper privilege management in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jun. 10, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2025-47160
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +6 more products- Published: Jun. 10, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Authentication
-
7.8
HIGHCVE-2025-33075
Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jun. 10, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-26688
Stack-based buffer overflow in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +7 more products- Published: Apr. 08, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-26687
Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 office windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 +11 more products- Published: Apr. 08, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-21204
Improper link resolution before file access ('link following') in Windows Update Stack allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Apr. 08, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Authorization
-
7.0
HIGHCVE-2025-26665
Sensitive data storage in improperly locked memory in Windows upnphost.dll allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Apr. 08, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Information Disclosure
-
7.8
HIGHCVE-2025-26666
Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 +2 more products- Published: Apr. 08, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-26667
Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more
- Published: Apr. 08, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-26673
Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Apr. 08, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Denial of Service
-
7.8
HIGHCVE-2025-26679
Use after free in RPC Endpoint Mapper Service allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Apr. 08, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-26680
Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.... Read more
- Published: Apr. 08, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Denial of Service
-
6.7
MEDIUMCVE-2025-26681
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.... Read more
- Published: Apr. 08, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-26682
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.... Read more
- Published: Apr. 08, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-26686
Sensitive data storage in improperly locked memory in Windows TCP/IP allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Apr. 08, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Memory Corruption
-
7.2
HIGHCVE-2025-1913
The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.5.0 via deserialization of untrusted input from the 'form_data' parameter This m... Read more
Affected Products : product_import_export_for_woocommerce- Published: Mar. 26, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-3040
A vulnerability was found in Project Worlds Online Time Table Generator 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add_student.php. The manipulation of the argument pic leads to unrestricted... Read more
Affected Products : online_time_table_generator- Published: Mar. 31, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-3041
A vulnerability classified as critical has been found in Project Worlds Online Time Table Generator 1.0. This affects an unknown part of the file /admin/updatestudent.php. The manipulation of the argument pic leads to unrestricted upload. It is possible t... Read more
Affected Products : online_time_table_generator- Published: Apr. 01, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Authentication