Latest CVE Feed
-
6.6
MEDIUMCVE-2025-4605
A maliciously crafted .usdc file, when loaded through Autodesk Maya, can force an uncontrolled memory allocation vulnerability. A malicious actor may leverage this vulnerability to cause a denial-of-service (DoS), or cause data corruption.... Read more
- Published: Jun. 11, 2025
- Modified: Aug. 19, 2025
-
7.8
HIGHCVE-2025-2497
A maliciously crafted DWG file, when parsed through Autodesk Revit, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.... Read more
Affected Products : revit- Published: Apr. 15, 2025
- Modified: Aug. 19, 2025
-
7.8
HIGHCVE-2025-1660
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.... Read more
- Published: Apr. 01, 2025
- Modified: Aug. 19, 2025
-
7.8
HIGHCVE-2025-1659
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of t... Read more
- Published: Apr. 01, 2025
- Modified: Aug. 19, 2025
-
7.8
HIGHCVE-2025-1658
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of t... Read more
- Published: Apr. 01, 2025
- Modified: Aug. 19, 2025
-
7.8
HIGHCVE-2025-1656
A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the co... Read more
Affected Products : revit- Published: Apr. 15, 2025
- Modified: Aug. 19, 2025
-
7.8
HIGHCVE-2025-1652
A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the... Read more
Affected Products : autocad advance_steel autocad_architecture autocad_electrical autocad_lt autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d civil_3d +1 more products- Published: Mar. 13, 2025
- Modified: Aug. 19, 2025
-
7.8
HIGHCVE-2025-1651
A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the... Read more
Affected Products : autocad advance_steel autocad_architecture autocad_electrical autocad_lt autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d civil_3d +1 more products- Published: Mar. 13, 2025
- Modified: Aug. 19, 2025
-
7.8
HIGHCVE-2025-1650
A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the conte... Read more
Affected Products : autocad advance_steel autocad_architecture autocad_electrical autocad_lt autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d civil_3d +1 more products- Published: Mar. 13, 2025
- Modified: Aug. 19, 2025
-
7.8
HIGHCVE-2025-1649
A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the conte... Read more
Affected Products : autocad advance_steel autocad_architecture autocad_electrical autocad_lt autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d civil_3d +1 more products- Published: Mar. 13, 2025
- Modified: Aug. 19, 2025
-
10.0
HIGHCVE-2020-13117
Wavlink WN575A4, WN579X3, and WN530G3A devices through 2020-05-15 allow unauthenticated remote users to inject commands via the key parameter in a login request.... Read more
- EPSS Score: %92.08
- Published: Feb. 09, 2021
- Modified: Aug. 19, 2025
-
5.7
MEDIUMCVE-2025-53138
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.... Read more
- Published: Aug. 12, 2025
- Modified: Aug. 19, 2025
-
7.0
HIGHCVE-2025-53137
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Aug. 12, 2025
- Modified: Aug. 19, 2025
-
5.5
MEDIUMCVE-2025-53136
Exposure of sensitive information to an unauthorized actor in Windows NT OS Kernel allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Aug. 12, 2025
- Modified: Aug. 19, 2025
-
7.0
HIGHCVE-2025-53135
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +6 more products- Published: Aug. 12, 2025
- Modified: Aug. 19, 2025
-
7.0
HIGHCVE-2025-53134
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Aug. 12, 2025
- Modified: Aug. 19, 2025
-
6.5
MEDIUMCVE-2024-45420
Uncontrolled resource consumption in some Zoom Apps before version 6.2.0 may allow an authenticated user to conduct a denial of service via network access.... Read more
- Published: Nov. 19, 2024
- Modified: Aug. 19, 2025
-
7.5
HIGHCVE-2024-45422
Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user to conduct a denial of service via network access.... Read more
- Published: Nov. 19, 2024
- Modified: Aug. 19, 2025
-
7.6
HIGHCVE-2024-56335
vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. In affected versions an attacker is capable of updating or deleting groups from an organization given a few conditions: 1. The attacker has a user ac... Read more
Affected Products : vaultwarden- Published: Dec. 20, 2024
- Modified: Aug. 19, 2025
-
8.4
HIGHCVE-2025-46269
In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing VC6 files. This could lead to a heap-based buffer overflow. An attacker c... Read more
- Published: Aug. 18, 2025
- Modified: Aug. 19, 2025