Latest CVE Feed
-
8.1
HIGHCVE-2025-24035
Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Mar. 11, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2024-45919
A security flaw has been discovered in Solvait version 24.4.2 that allows an attacker to elevate their privileges. By manipulating the Request ID and Action Type parameters in /AssignToMe/SetAction, an attacker can bypass approval workflows leading to una... Read more
Affected Products : solvait- Published: Oct. 07, 2024
- Modified: Jul. 03, 2025
-
4.3
MEDIUMCVE-2025-21247
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Mar. 11, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2025-24071
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +7 more products- Published: Mar. 11, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Information Disclosure
-
8.8
HIGHCVE-2025-21222
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Apr. 08, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2024-46535
Jepaas v7.2.8 was discovered to contain a SQL injection vulnerability via the orderSQL parameter at /homePortal/loadUserMsg.... Read more
Affected Products : jepaas- Published: Oct. 14, 2024
- Modified: Jul. 03, 2025
-
7.8
HIGHCVE-2025-24060
Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 +2 more products- Published: Apr. 08, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-24062
Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.... Read more
- Published: Apr. 08, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-24073
Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows +5 more products- Published: Apr. 08, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Authorization
-
4.8
MEDIUMCVE-2024-42901
A CSV injection vulnerability in Lime Survey v6.5.12 allows attackers to execute arbitrary code via uploading a crafted CSV file.... Read more
Affected Products : limesurvey- Published: Sep. 03, 2024
- Modified: Jul. 03, 2025
-
6.8
MEDIUMCVE-2025-26637
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +7 more products- Published: Apr. 08, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Authentication
-
7.8
HIGHCVE-2025-24074
Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 +2 more products- Published: Apr. 08, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-26635
Weak authentication in Windows Hello allows an authorized attacker to bypass a security feature over a network.... Read more
- Published: Apr. 08, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Authentication
-
8.8
HIGHCVE-2024-42902
An issue in the js_localize.php function of LimeSurvey v6.6.2 and before allows attackers to execute arbitrary code via injecting a crafted payload into the lng parameter of the js_localize.php function... Read more
Affected Products : limesurvey- Published: Sep. 03, 2024
- Modified: Jul. 03, 2025
-
7.5
HIGHCVE-2024-41435
YugabyteDB v2.21.1.0 was discovered to contain a buffer overflow via the "insert into" parameter.... Read more
Affected Products : yugabytedb- Published: Sep. 03, 2024
- Modified: Jul. 03, 2025
-
7.5
HIGHCVE-2024-41436
ClickHouse v24.3.3.102 was discovered to contain a buffer overflow via the component DB::evaluateConstantExpressionImpl.... Read more
Affected Products : clickhouse- Published: Sep. 03, 2024
- Modified: Jul. 03, 2025
-
7.8
HIGHCVE-2025-26639
Integer overflow or wraparound in Windows USB Print Driver allows an authorized attacker to elevate privileges locally.... Read more
- Published: Apr. 08, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Authorization
-
9.1
CRITICALCVE-2024-42885
SQL Injection vulnerability in ESAFENET CDG 5.6 and before allows an attacker to execute arbitrary code via the id parameter of the data.jsp page.... Read more
Affected Products : cdg- Published: Sep. 05, 2024
- Modified: Jul. 03, 2025
-
6.3
MEDIUMCVE-2024-42759
An issue in Ellevo v.6.2.0.38160 allows a remote attacker to escalate privileges via the /api/usuario/cadastrodesuplente endpoint.... Read more
Affected Products : ellevo- Published: Sep. 09, 2024
- Modified: Jul. 03, 2025
-
6.1
MEDIUMCVE-2024-44085
ONLYOFFICE Docs before 8.1.0 allows XSS via a GeneratorFunction Object attack against a macro. This is related to use of an immediately-invoked function expression (IIFE) for a macro. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446 ... Read more
Affected Products : onlyoffice- Published: Sep. 09, 2024
- Modified: Jul. 03, 2025