Latest CVE Feed
-
8.8
HIGHCVE-2025-61591
Cursor is a code editor built for programming with AI. In versions 1.7 and below, when MCP uses OAuth authentication with an untrusted MCP server, an attacker can impersonate a malicious MCP server and return crafted, maliciously injected commands during ... Read more
Affected Products : cursor- Published: Oct. 03, 2025
- Modified: Oct. 17, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-61590
Cursor is a code editor built for programming with AI. Versions 1.6 and below are vulnerable to Remote Code Execution (RCE) attacks through Visual Studio Code Workspaces. Workspaces allow users to open more than a single folder and save specific settings ... Read more
Affected Products : cursor- Published: Oct. 03, 2025
- Modified: Oct. 17, 2025
- Vuln Type: Misconfiguration
-
8.3
HIGHCVE-2025-60880
An authenticated stored XSS vulnerability exists in the Bagisto 2.3.6 admin panel's product creation path, allowing an attacker to upload a crafted SVG file containing malicious JavaScript code. This vulnerability can be exploited by an authenticated admi... Read more
Affected Products : bagisto- Published: Oct. 10, 2025
- Modified: Oct. 17, 2025
- Vuln Type: Cross-Site Scripting
-
6.8
MEDIUMCVE-2025-55320
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to elevate privileges over an adjacent network.... Read more
Affected Products : configuration_manager_2503 configuration_manager_2409 configuration_manager_2403- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
9.6
CRITICALCVE-2025-9804
An improper access control vulnerability exists in multiple WSO2 products due to insufficient permission enforcement in certain internal SOAP Admin Services and System REST APIs. A low-privileged user may exploit this flaw to perform unauthorized operatio... Read more
- Published: Oct. 16, 2025
- Modified: Oct. 17, 2025
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2025-57389
A reflected cross-site scripting (XSS) vulnerability in the /admin/system/packages endpoint of Luci OpenWRT v18.06.2 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload. This vulnerability was fixed in... Read more
Affected Products :- Published: Oct. 01, 2025
- Modified: Oct. 17, 2025
- Vuln Type: Cross-Site Scripting
-
7.0
HIGHCVE-2025-59261
Time-of-check time-of-use (toctou) race condition in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
6.5
MEDIUMCVE-2025-59252
M365 Copilot Spoofing Vulnerability... Read more
Affected Products : 365_word_copilot- Published: Oct. 09, 2025
- Modified: Oct. 17, 2025
-
8.7
HIGH- Published: Oct. 09, 2025
- Modified: Oct. 17, 2025
-
6.5
MEDIUM- Published: Oct. 09, 2025
- Modified: Oct. 17, 2025
-
7.3
HIGHCVE-2025-55240
Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
6.5
MEDIUM- Published: Oct. 09, 2025
- Modified: Oct. 17, 2025
-
8.4
HIGHCVE-2025-59213
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an unauthorized attacker to elevate privileges locally.... Read more
Affected Products : configuration_manager_2503 configuration_manager_2409 configuration_manager_2403- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
7.8
HIGHCVE-2025-59281
Improper link resolution before file access ('link following') in XBox Gaming Services allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : xbox_gaming_services- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
8.2
HIGHCVE-2025-59291
External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : azure_compute_gallery- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
8.2
HIGHCVE-2025-59292
External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : azure_compute_gallery- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
8.8
HIGHCVE-2025-59295
Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
7.7
HIGHCVE-2025-59200
Concurrent execution using shared resource with improper synchronization ('race condition') in Data Sharing Service Client allows an unauthorized attacker to perform spoofing locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +6 more products- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
7.8
HIGHCVE-2025-59201
Improper access control in Network Connection Status Indicator (NCSI) allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +11 more products- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
7.0
HIGHCVE-2025-59202
Use after free in Windows Remote Desktop Services allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 +7 more products- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025