Latest CVE Feed
-
7.8
HIGHCVE-2025-27476
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_22h2 windows windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 +1 more products- Published: Apr. 08, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Memory Corruption
-
7.0
HIGHCVE-2025-27475
Sensitive data storage in improperly locked memory in Windows Update Stack allows an authorized attacker to elevate privileges locally.... Read more
- Published: Apr. 08, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2025-27474
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more
- Published: Apr. 08, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-27473
Uncontrolled resource consumption in Windows HTTP.sys allows an unauthorized attacker to deny service over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Apr. 08, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Denial of Service
-
5.4
MEDIUMCVE-2025-27472
Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network.... Read more
- Published: Apr. 08, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Misconfiguration
-
5.9
MEDIUMCVE-2025-27471
Sensitive data storage in improperly locked memory in Microsoft Streaming Service allows an unauthorized attacker to deny service over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Apr. 08, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-27470
Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.... Read more
- Published: Apr. 08, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Denial of Service
-
5.4
MEDIUMCVE-2025-7153
A vulnerability classified as problematic was found in CodeAstro Simple Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /doctor.html of the component POST Parameter Handler. The manipulation of the ar... Read more
Affected Products : simple_hospital_management_system- Published: Jul. 08, 2025
- Modified: Jul. 08, 2025
-
7.5
HIGHCVE-2025-27469
Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Apr. 08, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Denial of Service
-
6.1
MEDIUMCVE-2025-2712
A vulnerability was found in Yonyou UFIDA ERP-NC 5.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /help/top.jsp. The manipulation of the argument langcode leads to cross site scripting. The a... Read more
Affected Products : ufida_erp-nc- Published: Mar. 24, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Cross-Site Scripting
-
7.8
HIGHCVE-2025-27467
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_22h2 windows windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 +1 more products- Published: Apr. 08, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2023-43037
IBM Maximo Application Suite 8.11 and 9.0 could allow an authenticated user to perform unauthorized actions due to improper input validation.... Read more
Affected Products : maximo_application_suite- Published: Apr. 10, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2024-13337
The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.2. This is due to missing or incorrect nonce validation on the 'setu... Read more
Affected Products : clearfy- Published: Apr. 12, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Cross-Site Request Forgery
-
5.3
MEDIUMCVE-2024-13338
The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on the wclea... Read more
Affected Products : clearfy- Published: Apr. 12, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Cross-Site Request Forgery
-
9.8
CRITICALCVE-2025-7120
A vulnerability was found in Campcodes Complaint Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /users/check_availability.php. The manipulation of the argument email leads to sql injectio... Read more
Affected Products : complaint_management_system- Published: Jul. 07, 2025
- Modified: Jul. 08, 2025
-
5.3
MEDIUMCVE-2025-3282
The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the user_registration_membership_register_me... Read more
- Published: Apr. 12, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-3292
The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the user_registration_update_profile_details... Read more
- Published: Apr. 12, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Authorization
-
8.8
HIGHCVE-2025-7121
A vulnerability was found in Campcodes Complaint Management System 1.0. It has been classified as critical. This affects an unknown part of the file /users/complaint-details.php. The manipulation of the argument cid leads to sql injection. It is possible ... Read more
Affected Products : complaint_management_system- Published: Jul. 07, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-7122
A vulnerability was found in Campcodes Complaint Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. The attack ca... Read more
Affected Products : complaint_management_system- Published: Jul. 07, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Injection
-
7.2
HIGHCVE-2025-7123
A vulnerability was found in Campcodes Complaint Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/complaint-details.php. The manipulation of the argument cid/uid leads to sql injection. Th... Read more
Affected Products : complaint_management_system- Published: Jul. 07, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Injection