Latest CVE Feed
-
7.5
HIGHCVE-2025-24043
Improper verification of cryptographic signature in .NET allows an authorized attacker to execute code over a network.... Read more
Affected Products : windbg- Published: Mar. 11, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Cryptography
-
8.8
HIGHCVE-2023-4358
Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)... Read more
- Published: Aug. 15, 2023
- Modified: Jul. 03, 2025
-
5.5
MEDIUMCVE-2023-4104
An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups. *This bug only affects Mozilla VPN on Linux. Other operating systems are unaffected.* This vulnerabi... Read more
Affected Products : vpn- Published: Sep. 11, 2023
- Modified: Jul. 03, 2025
-
8.8
HIGHCVE-2023-40072
OS command injection vulnerability in ELECOM wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request.... Read more
Affected Products : wab-s600-ps_firmware wab-s300_firmware wab-i1750-ps_firmware wab-s1167-ps_firmware wab-s600-ps wab-s300- Published: Aug. 18, 2023
- Modified: Jul. 03, 2025
-
5.3
MEDIUMCVE-2023-32003
`fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass the permission model check using a path traversal attack. This flaw arises from a missing check in the fs.mkdtemp() API and the impact is a malicious actor could create an arbitrary directory. T... Read more
- Published: Aug. 15, 2023
- Modified: Jul. 03, 2025
-
5.4
MEDIUMCVE-2024-46409
A stored cross-site scripting (XSS) vulnerability in SeedDMS v6.0.28 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter in the Calendar page.... Read more
Affected Products : seeddms- Published: Oct. 04, 2024
- Modified: Jul. 03, 2025
-
8.1
HIGHCVE-2025-24035
Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Mar. 11, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2024-45919
A security flaw has been discovered in Solvait version 24.4.2 that allows an attacker to elevate their privileges. By manipulating the Request ID and Action Type parameters in /AssignToMe/SetAction, an attacker can bypass approval workflows leading to una... Read more
Affected Products : solvait- Published: Oct. 07, 2024
- Modified: Jul. 03, 2025
-
4.3
MEDIUMCVE-2025-21247
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Mar. 11, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2025-24071
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +7 more products- Published: Mar. 11, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Information Disclosure
-
8.8
HIGHCVE-2025-21222
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Apr. 08, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2024-46535
Jepaas v7.2.8 was discovered to contain a SQL injection vulnerability via the orderSQL parameter at /homePortal/loadUserMsg.... Read more
Affected Products : jepaas- Published: Oct. 14, 2024
- Modified: Jul. 03, 2025
-
7.8
HIGHCVE-2025-24060
Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 +2 more products- Published: Apr. 08, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-24062
Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.... Read more
- Published: Apr. 08, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-24073
Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows +5 more products- Published: Apr. 08, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Authorization
-
4.8
MEDIUMCVE-2024-42901
A CSV injection vulnerability in Lime Survey v6.5.12 allows attackers to execute arbitrary code via uploading a crafted CSV file.... Read more
Affected Products : limesurvey- Published: Sep. 03, 2024
- Modified: Jul. 03, 2025
-
6.8
MEDIUMCVE-2025-26637
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +7 more products- Published: Apr. 08, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Authentication
-
7.8
HIGHCVE-2025-24074
Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 +2 more products- Published: Apr. 08, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-26635
Weak authentication in Windows Hello allows an authorized attacker to bypass a security feature over a network.... Read more
- Published: Apr. 08, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Authentication
-
8.8
HIGHCVE-2024-42902
An issue in the js_localize.php function of LimeSurvey v6.6.2 and before allows attackers to execute arbitrary code via injecting a crafted payload into the lng parameter of the js_localize.php function... Read more
Affected Products : limesurvey- Published: Sep. 03, 2024
- Modified: Jul. 03, 2025