Latest CVE Feed
-
5.3
MEDIUMCVE-2024-55895
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.... Read more
- Published: Mar. 29, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Information Disclosure
-
7.4
HIGHCVE-2025-20202
A vulnerability in Cisco IOS XE Wireless Controller Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of access poin... Read more
Affected Products : ios_xe- Published: May. 07, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Denial of Service
-
7.0
HIGHCVE-2025-27492
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally.... Read more
- Published: Apr. 08, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Race Condition
-
7.5
HIGHCVE-2025-49741
No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.... Read more
Affected Products : edge_chromium- Published: Jul. 01, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Information Disclosure
-
7.1
HIGHCVE-2025-27491
Use after free in Windows Hyper-V allows an authorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows +5 more products- Published: Apr. 08, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-21384
An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.... Read more
Affected Products : azure_health_bot- Published: Apr. 01, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Server-Side Request Forgery
-
8.2
HIGHCVE-2025-3648
A vulnerability has been identified in the Now Platform that could result in data being inferred without authorization. Under certain conditional access control list (ACL) configurations, this vulnerability could enable unauthenticated and authenticated u... Read more
Affected Products :- Published: Jul. 08, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-27490
Heap-based buffer overflow in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.... Read more
- Published: Apr. 08, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-27486
Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.... Read more
- Published: Apr. 08, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-27485
Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.... Read more
- Published: Apr. 08, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Denial of Service
-
6.8
MEDIUMCVE-2025-32726
Improper access control in Visual Studio Code allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : visual_studio_code- Published: Apr. 12, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-29823
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : 365_apps- Published: Apr. 08, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-29822
Incomplete list of disallowed inputs in Microsoft Office OneNote allows an unauthorized attacker to bypass a security feature locally.... Read more
Affected Products : office 365_apps office_long_term_servicing_channel onenote onenote_for_mac onenote_2016 office_macos_2024 office_macos_2021 office_2024 office_2021 +1 more products- Published: Apr. 08, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-29820
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.... Read more
Affected Products : sharepoint_enterprise_server office 365_apps office_long_term_servicing_channel office_macos_2024 office_macos_2021 sharepoint_server_2016 office_2016 office_2024 office_2021 +1 more products- Published: Apr. 08, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Memory Corruption
-
4.3
MEDIUMCVE-2025-3611
Mattermost versions 10.7.x <= 10.7.0, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fails to properly enforce access control restrictions for System Manager roles, allowing authenticated users with System Manager privileges to view team details they should not have... Read more
Affected Products : mattermost_server- Published: May. 30, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Authorization
-
7.0
HIGHCVE-2025-27732
Sensitive data storage in improperly locked memory in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Apr. 08, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-27130
Welcart e-Commerce 2.11.6 and earlier versions contains an untrusted data deserialization vulnerability. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker who can access websites created using the prod... Read more
Affected Products : welcart_e-commerce- Published: Apr. 01, 2025
- Modified: Jul. 08, 2025
-
7.8
HIGHCVE-2025-27731
Improper input validation in OpenSSH for Windows allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 +2 more products- Published: Apr. 08, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Authorization
-
9.0
CRITICALCVE-2025-47289
CE Phoenix is a free, open-source eCommerce platform. A stored cross-site scripting (XSS) vulnerability was discovered in CE Phoenix versions 1.0.9.9 through 1.1.0.2 where an attacker can inject malicious JavaScript into the testimonial description field.... Read more
Affected Products : ce_phoenix_cart- Published: Jun. 02, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Cross-Site Scripting
-
8.8
HIGHCVE-2025-4546
A vulnerability was found in 1Panel-dev MaxKB up to 1.10.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Knowledge Base Module. The manipulation leads to csv injection. The attack can be lau... Read more
Affected Products : maxkb- Published: May. 11, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Injection