Latest CVE Feed
-
6.5
MEDIUMCVE-2025-11905
A vulnerability was found in yanyutao0402 ChanCMS up to 3.3.2. This vulnerability affects the function getArticle of the file app\modules\cms\controller\gather.js. The manipulation results in code injection. The attack may be launched remotely. The exploi... Read more
Affected Products : chancms- Published: Oct. 17, 2025
- Modified: Oct. 17, 2025
- Vuln Type: Injection
-
7.0
HIGHCVE-2025-59261
Time-of-check time-of-use (toctou) race condition in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
6.5
MEDIUMCVE-2025-59252
M365 Copilot Spoofing Vulnerability... Read more
Affected Products : 365_word_copilot- Published: Oct. 09, 2025
- Modified: Oct. 17, 2025
-
8.7
HIGH- Published: Oct. 09, 2025
- Modified: Oct. 17, 2025
-
6.5
MEDIUM- Published: Oct. 09, 2025
- Modified: Oct. 17, 2025
-
7.3
HIGHCVE-2025-55240
Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
6.5
MEDIUM- Published: Oct. 09, 2025
- Modified: Oct. 17, 2025
-
8.4
HIGHCVE-2025-59213
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an unauthorized attacker to elevate privileges locally.... Read more
Affected Products : configuration_manager_2503 configuration_manager_2409 configuration_manager_2403- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
7.8
HIGHCVE-2025-59281
Improper link resolution before file access ('link following') in XBox Gaming Services allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : xbox_gaming_services- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
8.2
HIGHCVE-2025-59291
External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : azure_compute_gallery- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
8.2
HIGHCVE-2025-59292
External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : azure_compute_gallery- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
8.8
HIGHCVE-2025-59295
Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
7.7
HIGHCVE-2025-59200
Concurrent execution using shared resource with improper synchronization ('race condition') in Data Sharing Service Client allows an unauthorized attacker to perform spoofing locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +6 more products- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
7.8
HIGHCVE-2025-59201
Improper access control in Network Connection Status Indicator (NCSI) allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +11 more products- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
7.0
HIGHCVE-2025-59202
Use after free in Windows Remote Desktop Services allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 +7 more products- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
7.8
HIGHCVE-2025-59255
Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 +2 more products- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
5.5
MEDIUMCVE-2025-59203
Insertion of sensitive information into log file in Windows StateRepository API allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +6 more products- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
7.0
HIGHCVE-2025-59205
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +11 more products- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
5.5
MEDIUMCVE-2025-59204
Use of uninitialized resource in Windows Management Services allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 +3 more products- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
7.4
HIGHCVE-2025-59206
Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025