Latest CVE Feed
-
5.8
MEDIUMCVE-2025-26485
A vulnerability in Beta80 Life 1st enables the retrieval of different error messages for failed authentication attempts (in case of the usage of a wrong password or a non existent user). The difference in the returned error messages could be used by att... Read more
Affected Products :- Published: Mar. 19, 2025
- Modified: Jul. 02, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2023-40735
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cavo – Connecting for a Safer World BUTTERFLY BUTTON (Architecture flaw) allows loss of plausible deniability and confidentiality.This issue affects BUTTERFLY BUTTON: As of 2023-0... Read more
Affected Products : butterfly_button- Published: Aug. 21, 2023
- Modified: Jul. 02, 2025
-
9.8
CRITICALCVE-2023-32002
The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x... Read more
Affected Products : node.js- Published: Aug. 21, 2023
- Modified: Jul. 02, 2025
-
6.5
MEDIUMCVE-2022-37050
In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerabili... Read more
- Published: Aug. 22, 2023
- Modified: Jul. 02, 2025
-
5.3
MEDIUMCVE-2025-48941
MyBB is free and open source forum software. Prior to version 1.8.39, the search component does not validate permissions correctly, which allows attackers to determine the existence of hidden (draft, unapproved, or soft-deleted) threads containing specifi... Read more
Affected Products : mybb- Published: Jun. 02, 2025
- Modified: Jul. 02, 2025
- Vuln Type: Authorization
-
8.1
HIGHCVE-2025-24064
Use after free in DNS Server allows an unauthorized attacker to execute code over a network.... Read more
- Published: Mar. 11, 2025
- Modified: Jul. 02, 2025
-
7.8
HIGHCVE-2024-36486
A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parallels Desktop for Mac version 20.1.1 (55740). When an archived virtual machine is restored, the prl_vmarchiver tool decompresses the file and write... Read more
Affected Products : parallels_desktop- Published: Jun. 03, 2025
- Modified: Jul. 02, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-24066
Heap-based buffer overflow in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows +5 more products- Published: Mar. 11, 2025
- Modified: Jul. 02, 2025
-
7.8
HIGHCVE-2025-24081
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Mar. 11, 2025
- Modified: Jul. 02, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-24075
Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Mar. 11, 2025
- Modified: Jul. 02, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-24083
Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more
- Published: Mar. 11, 2025
- Modified: Jul. 02, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-24080
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps office_long_term_servicing_channel office_2016 office_2024 office_2021 office_2019- Published: Mar. 11, 2025
- Modified: Jul. 02, 2025
-
7.8
HIGHCVE-2025-24082
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Mar. 11, 2025
- Modified: Jul. 02, 2025
-
7.8
HIGHCVE-2024-52561
A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is deleted, a root service verifies and modifies the ownership of the snapshot files.... Read more
Affected Products : parallels_desktop- Published: Jun. 03, 2025
- Modified: Jul. 02, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2024-54189
A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is taken, a root service writes to a file owned by a normal user. By using a hard lin... Read more
Affected Products : parallels_desktop- Published: Jun. 03, 2025
- Modified: Jul. 02, 2025
- Vuln Type: Authorization
-
8.8
HIGHCVE-2025-31359
A directory traversal vulnerability exists in the PVMP package unpacking functionality of Parallels Desktop for Mac version 20.2.2 (55879). This vulnerability can be exploited by an attacker to write to arbitrary files, potentially leading to privilege es... Read more
Affected Products : parallels_desktop- Published: Jun. 03, 2025
- Modified: Jul. 02, 2025
- Vuln Type: Path Traversal
-
6.8
MEDIUMCVE-2025-5382
Improper access control in users MFA feature in Devolutions Server 2025.1.7.0 and earlier allows a user with user management permission to remove or change administrators MFA.... Read more
Affected Products : devolutions_server- Published: Jun. 05, 2025
- Modified: Jul. 02, 2025
- Vuln Type: Authorization
-
7.0
HIGHCVE-2025-24078
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.... Read more
- Published: Mar. 11, 2025
- Modified: Jul. 02, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-24077
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps office_long_term_servicing_channel office_macos_2024 office_macos_2021 office_2024- Published: Mar. 11, 2025
- Modified: Jul. 02, 2025
-
9.8
CRITICALCVE-2025-5493
A vulnerability was found in Baison Channel Middleware Product 2.0.1 and classified as critical. Affected by this issue is some unknown functionality of the file /e3api/api/main/ToJsonByControlName. The manipulation of the argument data leads to sql injec... Read more
Affected Products : channel_middleware_product- Published: Jun. 03, 2025
- Modified: Jul. 02, 2025
- Vuln Type: Injection