Latest CVE Feed
-
8.1
HIGHCVE-2025-26670
Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Apr. 08, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Memory Corruption
-
8.1
HIGHCVE-2025-26671
Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.... Read more
- Published: Apr. 08, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-26672
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Apr. 08, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Information Disclosure
-
9.8
CRITICALCVE-2024-1511
The parisneo/lollms-webui repository is susceptible to a path traversal vulnerability due to inadequate validation of user-supplied file paths. This flaw allows an unauthenticated attacker to read, write, and in certain configurations execute arbitrary fi... Read more
- Published: Apr. 10, 2024
- Modified: Jul. 09, 2025
-
7.8
HIGHCVE-2025-47168
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.... Read more
Affected Products : sharepoint_enterprise_server office word sharepoint_server 365_apps office_long_term_servicing_channel office_macos_2024 office_macos_2021 sharepoint_server_2016 word_2016 +4 more products- Published: Jun. 10, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2025-47167
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more
- Published: Jun. 10, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-47166
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.... Read more
Affected Products : sharepoint_enterprise_server sharepoint_server sharepoint_server_2016 sharepoint_server_2019- Published: Jun. 10, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Authentication
-
7.8
HIGHCVE-2025-47165
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Jun. 10, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2025-47164
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more
- Published: Jun. 10, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-47163
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.... Read more
Affected Products : sharepoint_enterprise_server sharepoint_server sharepoint_server_2016 sharepoint_server_2019- Published: Jun. 10, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Authentication
-
8.4
HIGHCVE-2025-47162
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more
- Published: Jun. 10, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-27747
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.... Read more
Affected Products : sharepoint_enterprise_server office word sharepoint_server 365_apps office_long_term_servicing_channel office_macos_2024 office_macos_2021 sharepoint_server_2016 word_2016 +4 more products- Published: Apr. 08, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Memory Corruption
-
6.4
MEDIUMCVE-2024-2457
The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 5.3.8 due to insufficient input sanitization and output escaping on user sup... Read more
Affected Products : modal_window- Published: Apr. 09, 2024
- Modified: Jul. 09, 2025
-
7.8
HIGHCVE-2025-27746
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office sharepoint_server 365_apps office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 office_2016 office_2024 office_2021 +1 more products- Published: Apr. 08, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-27745
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more
- Published: Apr. 08, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Memory Corruption
-
6.1
MEDIUMCVE-2024-11252
The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the heateor_mastodon_share parameter in all versions up to, and including, 3.3.69 due to insufficient input sanitization and output esc... Read more
Affected Products : sassy_social_share- Published: Nov. 30, 2024
- Modified: Jul. 09, 2025
-
7.8
HIGHCVE-2025-27744
Improper access control in Microsoft Office allows an authorized attacker to elevate privileges locally.... Read more
- Published: Apr. 08, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Authorization
-
8.4
HIGHCVE-2025-32717
Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.... Read more
Affected Products : 365_apps- Published: Jun. 11, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-7155
A vulnerability, which was classified as critical, was found in PHPGurukul Online Notes Sharing System 1.0. This affects an unknown part of the file /Dashboard of the component Cookie Handler. The manipulation of the argument sessionid leads to sql inject... Read more
Affected Products : online_notes_sharing_system- Published: Jul. 08, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Injection
-
6.4
MEDIUMCVE-2025-6244
The Essential Addons for Elementor – Popular Elementor Templates and Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the via `Calendar` And `Business Reviews` Widgets attributes in all versions up to, and including, 6.1.19 du... Read more
Affected Products : essential_addons_for_elementor- Published: Jul. 08, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Cross-Site Scripting