Latest CVE Feed
-
8.8
HIGHCVE-2025-21222
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Apr. 08, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2024-46535
Jepaas v7.2.8 was discovered to contain a SQL injection vulnerability via the orderSQL parameter at /homePortal/loadUserMsg.... Read more
Affected Products : jepaas- Published: Oct. 14, 2024
- Modified: Jul. 03, 2025
-
7.8
HIGHCVE-2025-24060
Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 +2 more products- Published: Apr. 08, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-24062
Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.... Read more
- Published: Apr. 08, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-24073
Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows +5 more products- Published: Apr. 08, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Authorization
-
4.8
MEDIUMCVE-2024-42901
A CSV injection vulnerability in Lime Survey v6.5.12 allows attackers to execute arbitrary code via uploading a crafted CSV file.... Read more
Affected Products : limesurvey- Published: Sep. 03, 2024
- Modified: Jul. 03, 2025
-
6.8
MEDIUMCVE-2025-26637
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +7 more products- Published: Apr. 08, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Authentication
-
7.8
HIGHCVE-2025-24074
Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 +2 more products- Published: Apr. 08, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-26635
Weak authentication in Windows Hello allows an authorized attacker to bypass a security feature over a network.... Read more
- Published: Apr. 08, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Authentication
-
8.8
HIGHCVE-2024-42902
An issue in the js_localize.php function of LimeSurvey v6.6.2 and before allows attackers to execute arbitrary code via injecting a crafted payload into the lng parameter of the js_localize.php function... Read more
Affected Products : limesurvey- Published: Sep. 03, 2024
- Modified: Jul. 03, 2025
-
7.5
HIGHCVE-2024-41435
YugabyteDB v2.21.1.0 was discovered to contain a buffer overflow via the "insert into" parameter.... Read more
Affected Products : yugabytedb- Published: Sep. 03, 2024
- Modified: Jul. 03, 2025
-
7.5
HIGHCVE-2024-41436
ClickHouse v24.3.3.102 was discovered to contain a buffer overflow via the component DB::evaluateConstantExpressionImpl.... Read more
Affected Products : clickhouse- Published: Sep. 03, 2024
- Modified: Jul. 03, 2025
-
7.8
HIGHCVE-2025-26639
Integer overflow or wraparound in Windows USB Print Driver allows an authorized attacker to elevate privileges locally.... Read more
- Published: Apr. 08, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Authorization
-
9.1
CRITICALCVE-2024-42885
SQL Injection vulnerability in ESAFENET CDG 5.6 and before allows an attacker to execute arbitrary code via the id parameter of the data.jsp page.... Read more
Affected Products : cdg- Published: Sep. 05, 2024
- Modified: Jul. 03, 2025
-
6.3
MEDIUMCVE-2024-42759
An issue in Ellevo v.6.2.0.38160 allows a remote attacker to escalate privileges via the /api/usuario/cadastrodesuplente endpoint.... Read more
Affected Products : ellevo- Published: Sep. 09, 2024
- Modified: Jul. 03, 2025
-
6.1
MEDIUMCVE-2024-44085
ONLYOFFICE Docs before 8.1.0 allows XSS via a GeneratorFunction Object attack against a macro. This is related to use of an immediately-invoked function expression (IIFE) for a macro. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446 ... Read more
Affected Products : onlyoffice- Published: Sep. 09, 2024
- Modified: Jul. 03, 2025
-
8.8
HIGH- Published: Sep. 10, 2024
- Modified: Jul. 03, 2025
-
9.8
CRITICALCVE-2025-39499
Deserialization of Untrusted Data vulnerability in BoldThemes Medicare allows Object Injection.This issue affects Medicare: from n/a through 2.1.0.... Read more
Affected Products :- Published: May. 23, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2024-34198
TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 is vulnerable to Buffer Overflow. The formWlEncrypt CGI handler in the boa program fails to limit the length of the wlan_ssid field from user input. This allows attackers to craft malicious HTT... Read more
- Published: Aug. 28, 2024
- Modified: Jul. 03, 2025
-
7.4
HIGHCVE-2025-21399
Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability... Read more
- Published: Jan. 17, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Authorization