Latest CVE Feed
-
7.8
HIGHCVE-2025-53150
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 +2 more products- Published: Oct. 14, 2025
- Modified: Oct. 20, 2025
-
7.0
HIGHCVE-2025-47989
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 20, 2025
-
6.1
MEDIUMCVE-2024-44088
Malicious script injection ('Cross-site Scripting') vulnerability in Apache Geode web-api (REST). This vulnerability allows an attacker that tricks a logged-in user into clicking a specially-crafted link to execute code on the returned page, which could l... Read more
Affected Products : geode- Published: Oct. 14, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Cross-Site Scripting
-
7.8
HIGHCVE-2025-24052
Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October c... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +11 more products- Published: Oct. 14, 2025
- Modified: Oct. 20, 2025
-
7.3
HIGHCVE-2025-25004
Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +11 more products- Published: Oct. 14, 2025
- Modified: Oct. 20, 2025
-
5.5
MEDIUMCVE-2025-47979
Insertion of sensitive information into log file in Windows Failover Cluster allows an authorized attacker to disclose information locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 20, 2025
-
3.1
LOWCVE-2025-59280
Improper authentication in Windows SMB Client allows an unauthorized attacker to perform tampering over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Oct. 14, 2025
- Modified: Oct. 20, 2025
-
5.5
MEDIUMCVE-2025-59260
Exposure of sensitive information to an unauthorized actor in Microsoft Failover Cluster Virtual Driver allows an authorized attacker to disclose information locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 20, 2025
-
6.5
MEDIUMCVE-2025-59259
Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +7 more products- Published: Oct. 14, 2025
- Modified: Oct. 20, 2025
-
6.2
MEDIUMCVE-2025-59258
Insertion of sensitive information into log file in Active Directory Federation Services allows an unauthorized attacker to disclose information locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 20, 2025
-
6.5
MEDIUMCVE-2025-59257
Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.... Read more
Affected Products : windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 windows_11_25h2- Published: Oct. 14, 2025
- Modified: Oct. 20, 2025
-
5.5
MEDIUMCVE-2025-43296
A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26. An app may bypass Gatekeeper checks.... Read more
Affected Products : macos- Published: Oct. 09, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-59247
Azure PlayFab Elevation of Privilege Vulnerability... Read more
Affected Products : azure_playfab- Published: Oct. 09, 2025
- Modified: Oct. 20, 2025
-
4.0
MEDIUMCVE-2025-21057
Use of implicit intent for sensitive communication in Samsung Notes prior to version 4.4.30.63 allows local attackers to access shared notes.... Read more
Affected Products : notes- Published: Oct. 10, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Authorization
-
5.9
MEDIUMCVE-2025-61589
Cursor is a code editor built for programming with AI. In versions 1.6 and below, Mermaid (a to render diagrams) allows embedding images which then get rendered by Cursor in the chat box. An attacker can use this to exfiltrate sensitive information to a t... Read more
Affected Products : cursor- Published: Oct. 03, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Server-Side Request Forgery
-
9.2
CRITICALCVE-2025-59951
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The official Docker image for Termix versions 1.5.0 and below, due to being configured with an Nginx reverse proxy, causes the backend to retrie... Read more
Affected Products : termix- Published: Oct. 01, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-11599
A weakness has been identified in Campcodes Online Apartment Visitor Management System 1.0. This impacts an unknown function of the file /forgot-password.php. This manipulation of the argument email causes sql injection. It is possible to initiate the att... Read more
Affected Products : online_apartment_visitor_management_system- Published: Oct. 11, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Injection
-
5.4
MEDIUMCVE-2025-59428
EspoCRM is an open source customer relationship management application. In versions before 9.1.9, a vulnerability allows arbitrary user creation, including administrative accounts, through a combination of stored SVG injection and lack of CSRF protection.... Read more
Affected Products : espocrm- Published: Oct. 14, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2025-52615
HCL Unica Platform is impacted by misconfigured security related HTTP headers. This can lead to less secure browser default treatment for the policies controlled by these headers.... Read more
Affected Products : unica- Published: Oct. 12, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2025-61582
TS3 Manager is modern web interface for maintaining Teamspeak3 servers. A Denial of Dervice vulnerability has been identified in versions 2.2.1 and earlier. The vulnerability permits an unauthenticated actor to crash the application through the submission... Read more
Affected Products : ts3_manager- Published: Oct. 01, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Denial of Service