Latest CVE Feed
-
7.7
HIGHCVE-2025-55698
Null pointer dereference in Windows DirectX allows an authorized attacker to deny service over a network.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 31, 2025
-
5.5
MEDIUMCVE-2025-55699
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +6 more products- Published: Oct. 14, 2025
- Modified: Oct. 31, 2025
-
6.5
MEDIUMCVE-2025-55700
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +11 more products- Published: Oct. 14, 2025
- Modified: Oct. 31, 2025
-
0.0
NACVE-2025-63467
Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_425400 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more
Affected Products :- Published: Oct. 31, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Denial of Service
-
0.0
NACVE-2025-63466
Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the sub_426EF8 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more
Affected Products :- Published: Oct. 31, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-60749
DLL Hijacking vulnerability in Trimble SketchUp desktop 2025 via crafted libcef.dll used by sketchup_webhelper.exe.... Read more
Affected Products :- Published: Oct. 31, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Misconfiguration
-
6.9
MEDIUMCVE-2025-12554
Missing Security Headers.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.... Read more
Affected Products :- Published: Oct. 31, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Misconfiguration
-
10.0
CRITICALCVE-2025-12553
Email Server Certificate Verification Disabled.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.... Read more
Affected Products :- Published: Oct. 31, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Misconfiguration
-
6.9
MEDIUMCVE-2025-12552
Insufficient Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.... Read more
Affected Products :- Published: Oct. 31, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Authentication
-
8.4
HIGHCVE-2025-12509
On a client with an admin user, a Global_Shipping script can be implemented. The script could later be executed on the BRAIN2 server with administrator rights.... Read more
Affected Products : brain2- Published: Oct. 31, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Authentication
-
8.4
HIGHCVE-2025-12508
When using domain users as BRAIN2 users, communication with Active Directory services is unencrypted. This can lead to the interception of authentication data and compromise confidentiality.... Read more
Affected Products : brain2- Published: Oct. 31, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Cryptography
-
8.8
HIGHCVE-2025-12507
The service Bizerba Communication Server (BCS) has an unquoted service path. Due to the way Windows searches the executable for the BCS service, malicious programs can be executed.... Read more
Affected Products : _connect.brain- Published: Oct. 31, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Misconfiguration
-
8.3
HIGHCVE-2025-12357
By manipulating the Signal Level Attenuation Characterization (SLAC) protocol with spoofed measurements, an attacker can stage a man-in-the-middle attack between an electric vehicle and chargers that comply with the ISO 15118-2 part. This vulnerability... Read more
Affected Products :- Published: Oct. 31, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Misconfiguration
-
7.8
HIGHCVE-2025-55701
Improper validation of specified type of input in Microsoft Windows allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +11 more products- Published: Oct. 14, 2025
- Modified: Oct. 31, 2025
-
7.8
HIGHCVE-2025-58714
Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +11 more products- Published: Oct. 14, 2025
- Modified: Oct. 31, 2025
-
8.8
HIGHCVE-2025-58715
Integer overflow or wraparound in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +6 more products- Published: Oct. 14, 2025
- Modified: Oct. 31, 2025
-
8.8
HIGHCVE-2025-58716
Improper input validation in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +6 more products- Published: Oct. 14, 2025
- Modified: Oct. 31, 2025
-
6.5
MEDIUMCVE-2025-58717
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +11 more products- Published: Oct. 14, 2025
- Modified: Oct. 31, 2025
-
8.8
HIGHCVE-2025-58718
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +15 more products- Published: Oct. 14, 2025
- Modified: Oct. 31, 2025
-
8.3
HIGHCVE-2025-64389
The web server of the device performs exchanges of sensitive information in clear text through an insecure protocol.... Read more
Affected Products :- Published: Oct. 31, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Cryptography