Latest CVE Feed
-
7.8
HIGHCVE-2025-60703
Untrusted pointer dereference in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
-
7.0
HIGHCVE-2025-59515
Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
-
7.8
HIGHCVE-2025-59514
Improper privilege management in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
-
5.5
MEDIUMCVE-2025-59513
Out-of-bounds read in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 windows_server_2008_r2 +4 more products- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
-
7.8
HIGHCVE-2025-59512
Improper access control in Customer Experience Improvement Program (CEIP) allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +4 more products- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
-
7.8
HIGHCVE-2025-59511
External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
-
5.5
MEDIUMCVE-2025-59510
Improper link resolution before file access ('link following') in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to deny service locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 windows_server_2012_r2 +3 more products- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
-
5.5
MEDIUMCVE-2025-59509
Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker to disclose information locally.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
-
7.0
HIGHCVE-2025-59508
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 windows_11_24h2 +2 more products- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
-
7.0
HIGHCVE-2025-59507
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 windows_11_24h2 +2 more products- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
-
7.0
HIGHCVE-2025-59506
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +4 more products- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
-
7.8
HIGHCVE-2025-59505
Double free in Windows Smart Card allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +4 more products- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
-
7.3
HIGHCVE-2025-59504
Heap-based buffer overflow in Azure Monitor Agent allows an unauthorized attacker to execute code locally.... Read more
Affected Products : azure_monitor- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
-
8.8
HIGHCVE-2025-59499
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
-
5.5
MEDIUMCVE-2025-59240
Exposure of sensitive information to an unauthorized actor in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
-
6.7
MEDIUMCVE-2025-47179
Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
-
6.3
MEDIUMCVE-2025-43079
The Qualys Cloud Agent included a bundled uninstall script (qagent_uninstall.sh), specific to Linux supported versions that invoked multiple system commands without using absolute paths and without sanitizing the $PATH environment. If the uninstall script... Read more
Affected Products :- Published: Nov. 10, 2025
- Modified: Nov. 11, 2025
- Vuln Type: Misconfiguration
-
8.1
HIGHCVE-2025-30398
Missing authorization in Nuance PowerScribe allows an unauthorized attacker to disclose information over a network.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
-
4.8
MEDIUMCVE-2025-12942
Improper Input Validation vulnerability in NETGEAR R6260 and NETGEAR R6850 allows unauthenticated attackers connected to LAN with ability to perform MiTM attacks and control over DNS Server to perform command execution.This issue affects R6260: through 1.... Read more
Affected Products : r6260_firmware- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
- Vuln Type: Injection
-
7.8
HIGHCVE-2025-61832
InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a ... Read more
Affected Products : indesign- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
- Vuln Type: Memory Corruption