Latest CVE Feed
-
7.4
HIGHCVE-2025-59210
Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
5.5
MEDIUMCVE-2025-59209
Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +8 more products- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
7.1
HIGHCVE-2025-59208
Out-of-bounds read in Windows MapUrlToZone allows an unauthorized attacker to disclose information over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +11 more products- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
5.5
MEDIUMCVE-2025-59211
Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +8 more products- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
6.5
MEDIUMCVE-2025-59214
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +11 more products- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
7.8
HIGHCVE-2025-59241
Improper link resolution before file access ('link following') in Windows Health and Optimized Experiences Service allows an authorized attacker to elevate privileges locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
6.5
MEDIUMCVE-2025-59244
External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +7 more products- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
7.8
HIGHCVE-2025-59242
Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
7.8
HIGHCVE-2025-59192
Buffer over-read in Storport.sys Driver allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +6 more products- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
8.8
HIGHCVE-2025-62428
Drawing-Captcha APP provides interactive, engaging verification for Web-Based Applications. The vulnerability is a Host Header Injection in the /register and /confirm-email endpoints. It allows an attacker to manipulate the Host header in HTTP requests to... Read more
Affected Products :- Published: Oct. 16, 2025
- Modified: Oct. 17, 2025
- Vuln Type: Injection
-
6.7
MEDIUMCVE-2025-62423
ClipBucket V5 provides open source video hosting with PHP. In version5.5.2 - #140 and earlier, a Blind SQL injection vulnerability exists in the Admin Area’s “/admin_area/login_as_user.php” file. Exploiting this vulnerability requires access privileges to... Read more
Affected Products : clipbucket- Published: Oct. 16, 2025
- Modified: Oct. 17, 2025
- Vuln Type: Injection
-
6.9
MEDIUMCVE-2025-62418
Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges (e.g. admin) to upload a crafted SVG file containing embedded JavaScript. When viewed, the malici... Read more
Affected Products : bagisto- Published: Oct. 16, 2025
- Modified: Oct. 17, 2025
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-62417
Bagisto is an open source laravel eCommerce platform. When product data that begins with a spreadsheet formula character (for example =, +, -, or @) is accepted and later exported or saved into a CSV and opened in spreadsheet software, the spreadsheet wil... Read more
Affected Products : bagisto- Published: Oct. 16, 2025
- Modified: Oct. 17, 2025
- Vuln Type: Injection
-
5.1
MEDIUMCVE-2025-62416
Bagisto is an open source laravel eCommerce platform. Bagisto v2.3.7 is vulnerable to Server-Side Template Injection (SSTI) due to unsanitized user input being processed by the server-side templating engine when rendering product descriptions. This allows... Read more
Affected Products : bagisto- Published: Oct. 16, 2025
- Modified: Oct. 17, 2025
- Vuln Type: Injection
-
6.9
MEDIUMCVE-2025-62415
Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges (e.g. admin) to upload a crafted HTML file containing embedded JavaScript. When viewed, the malic... Read more
Affected Products : bagisto- Published: Oct. 16, 2025
- Modified: Oct. 17, 2025
- Vuln Type: Cross-Site Scripting
-
6.9
MEDIUMCVE-2025-62414
Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the “Create New Customer” feature (in the admin panel) is vulnerable to Cross-Site Scripting (XSS). An attacker with access to the admin create-customer form can inject malicious Jav... Read more
Affected Products : bagisto- Published: Oct. 16, 2025
- Modified: Oct. 17, 2025
- Vuln Type: Cross-Site Scripting
-
2.8
LOWCVE-2025-60361
radare2 v5.9.8 and before contains a memory leak in the function bochs_open.... Read more
Affected Products :- Published: Oct. 17, 2025
- Modified: Oct. 17, 2025
- Vuln Type: Memory Corruption
-
3.3
LOWCVE-2025-60360
radare2 v5.9.8 and before contains a memory leak in the function r2r_subprocess_init.... Read more
Affected Products :- Published: Oct. 17, 2025
- Modified: Oct. 17, 2025
- Vuln Type: Memory Corruption
-
4.0
MEDIUMCVE-2025-60359
radare2 v5.9.8 and before contains a memory leak in the function r_bin_object_new.... Read more
Affected Products :- Published: Oct. 17, 2025
- Modified: Oct. 17, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-55085
In NextX Duo before 6.4.4, in the HTTP client module, the network support code for Eclipse Foundation ThreadX, the parsing of HTTP header fields was missing bounds verification. A crafted server response could cause undefined behavior.... Read more
Affected Products :- Published: Oct. 17, 2025
- Modified: Oct. 17, 2025
- Vuln Type: Memory Corruption