Latest CVE Feed
-
6.5
MEDIUMCVE-2024-56340
IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local file inclusion vulnerability, allowing an attacker to access sensitive files by inserting path traversal payloads inside the deficon parameter.... Read more
Affected Products : cognos_analytics- Published: Feb. 28, 2025
- Modified: Jul. 02, 2025
- Vuln Type: Path Traversal
-
7.1
HIGHCVE-2024-49352
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose s... Read more
Affected Products : cognos_analytics- Published: Feb. 05, 2025
- Modified: Jul. 02, 2025
- Vuln Type: XML External Entity
-
9.0
CRITICALCVE-2024-51466
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language (EL) Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources,... Read more
Affected Products : cognos_analytics- Published: Dec. 20, 2024
- Modified: Jul. 02, 2025
-
5.4
MEDIUMCVE-2025-29744
pg-promise before 11.5.5 is vulnerable to SQL Injection due to improper handling of negative numbers.... Read more
Affected Products : pg-promise- Published: Jun. 12, 2025
- Modified: Jul. 02, 2025
- Vuln Type: Injection
-
4.3
MEDIUMCVE-2025-24055
Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to disclose information with a physical attack.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Mar. 11, 2025
- Modified: Jul. 02, 2025
- Vuln Type: Information Disclosure
-
8.0
HIGHCVE-2024-40695
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload maliciou... Read more
Affected Products : cognos_analytics- Published: Dec. 20, 2024
- Modified: Jul. 02, 2025
-
7.8
HIGHCVE-2025-24057
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more
- Published: Mar. 11, 2025
- Modified: Jul. 02, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-24050
Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows windows_11_23h2 +4 more products- Published: Mar. 11, 2025
- Modified: Jul. 02, 2025
- Vuln Type: Memory Corruption
-
5.4
MEDIUMCVE-2025-44091
yangyouwang crud v1.0.0 is vulnerable to Cross Site Scripting (XSS) via the role management function.... Read more
Affected Products : crud- Published: Jun. 12, 2025
- Modified: Jul. 02, 2025
- Vuln Type: Cross-Site Scripting
-
8.8
HIGHCVE-2025-24051
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Mar. 11, 2025
- Modified: Jul. 02, 2025
- Vuln Type: Memory Corruption
-
8.1
HIGHCVE-2025-48474
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application incorrectly checks user access rights for conversations. Users with show_only_assigned_conversations enabled can assign themselves to an arbitrary conv... Read more
Affected Products : freescout- Published: May. 29, 2025
- Modified: Jul. 02, 2025
- Vuln Type: Authorization
-
8.8
HIGHCVE-2025-24056
Heap-based buffer overflow in Windows Telephony Server allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Mar. 11, 2025
- Modified: Jul. 02, 2025
- Vuln Type: Memory Corruption
-
8.1
HIGHCVE-2025-48475
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the System does not provide a check on which "clients" of the System an authorized user can view and edit, and which ones they cannot. As a result, an authorized user ... Read more
Affected Products : freescout- Published: May. 29, 2025
- Modified: Jul. 02, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-24059
Incorrect conversion between numeric types in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Mar. 11, 2025
- Modified: Jul. 02, 2025
- Vuln Type: Authorization
-
8.8
HIGHCVE-2025-4433
Improper access control in user group management in Devolutions Server 2025.1.7.0 and earlier allows a non-administrative user with both "User Management" and "User Group Management" permissions to perform privilege escalation by adding users to groups wi... Read more
Affected Products : devolutions_server- Published: May. 30, 2025
- Modified: Jul. 02, 2025
- Vuln Type: Authorization
-
9.1
CRITICALCVE-2025-40908
YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified... Read more
Affected Products : yaml-libyaml- Published: Jun. 01, 2025
- Modified: Jul. 02, 2025
- Vuln Type: Misconfiguration
-
8.6
HIGHCVE-2024-25047
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided data. This could lead to further attacks against the system. IBM X-Force ID: 282956.... Read more
- Published: May. 02, 2024
- Modified: Jul. 02, 2025
-
9.8
CRITICALCVE-2025-20672
In Bluetooth driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00412257... Read more
Affected Products : mt7902_firmware mt7921_firmware mt7902 mt7921 mt7927 mt7922 mt7925 mt7922_firmware mt7925_firmware mt7927_firmware- Published: Jun. 02, 2025
- Modified: Jul. 02, 2025
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-20673
In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413200; Issue ID: MSV-33... Read more
Affected Products : mt7902_firmware mt7921_firmware mt7902 mt7921 mt7927 mt7922 mt7925 mt7922_firmware mt7925_firmware mt7927_firmware- Published: Jun. 02, 2025
- Modified: Jul. 02, 2025
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2025-20675
In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413201; Issue ID: MSV-33... Read more
Affected Products : mt7902_firmware mt7921_firmware mt7902 mt7921 mt7927 mt7922 mt7925 mt7922_firmware mt7925_firmware mt7927_firmware- Published: Jun. 02, 2025
- Modified: Jul. 02, 2025
- Vuln Type: Denial of Service