Latest CVE Feed
-
6.7
MEDIUMCVE-2025-47179
Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 17, 2025
-
7.3
HIGHCVE-2025-59504
Heap-based buffer overflow in Azure Monitor Agent allows an unauthorized attacker to execute code locally.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 17, 2025
-
8.8
HIGHCVE-2025-59499
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 17, 2025
-
7.1
HIGHCVE-2025-60726
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Nov. 11, 2025
- Modified: Nov. 17, 2025
-
6.5
MEDIUMCVE-2025-60722
Improper limitation of a pathname to a restricted directory ('path traversal') in OneDrive for Android allows an authorized attacker to elevate privileges over a network.... Read more
Affected Products : onedrive- Published: Nov. 11, 2025
- Modified: Nov. 17, 2025
-
6.5
MEDIUMCVE-2024-44630
Multiple parameters in register.php in PHPGurukul Student Record System 3.20 are vulnerable to SQL injection. These include: c-full, fname, mname,lname, gname, ocp, nation, mobno, email, board1, roll1, pyear1, board2, roll2, pyear2, sub1,marks1, sub2, cou... Read more
Affected Products : student_record_system- Published: Nov. 14, 2025
- Modified: Nov. 17, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-60724
Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 office windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 +12 more products- Published: Nov. 11, 2025
- Modified: Nov. 17, 2025
-
5.5
MEDIUMCVE-2025-62208
Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +5 more products- Published: Nov. 11, 2025
- Modified: Nov. 17, 2025
-
6.3
MEDIUMCVE-2025-60723
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to deny service over a network.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 +1 more products- Published: Nov. 11, 2025
- Modified: Nov. 17, 2025
-
5.5
MEDIUMCVE-2025-62209
Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +5 more products- Published: Nov. 11, 2025
- Modified: Nov. 17, 2025
-
5.5
MEDIUMCVE-2025-59240
Exposure of sensitive information to an unauthorized actor in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.... Read more
Affected Products : office 365_apps excel office_long_term_servicing_channel excel_2016 office_2024 office_2021 office_2019- Published: Nov. 11, 2025
- Modified: Nov. 17, 2025
-
6.5
MEDIUMCVE-2024-44632
PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the id and emailid parameters in password-recovery.php.... Read more
Affected Products : student_record_system- Published: Nov. 14, 2025
- Modified: Nov. 17, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2024-44633
PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the currentpassword parameter in change-password.php.... Read more
Affected Products : student_record_system- Published: Nov. 14, 2025
- Modified: Nov. 17, 2025
- Vuln Type: Injection
-
7.0
HIGHCVE-2025-62213
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 +8 more products- Published: Nov. 11, 2025
- Modified: Nov. 17, 2025
-
0.0
NACVE-2025-63918
PDFPatcher executable does not validate user-supplied file paths, allowing directory traversal attacks allowing attackers to upload arbitrary files to arbitrary locations.... Read more
Affected Products :- Published: Nov. 17, 2025
- Modified: Nov. 17, 2025
- Vuln Type: Path Traversal
-
0.0
NACVE-2025-63917
PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functionality does not restrict XML external entity (XXE) references. The application uses .NET's XmlDocument class without disabling external entity resolution, enabling attackers to: Read arbit... Read more
Affected Products :- Published: Nov. 17, 2025
- Modified: Nov. 17, 2025
- Vuln Type: XML External Entity
-
6.5
MEDIUMCVE-2025-63916
MyScreenTools v2.2.1.0 contains a critical OS command injection vulnerability in the GIF compression tool. The application fails to properly sanitize user-supplied file paths before passing them to cmd.exe, allowing attackers to execute arbitrary system c... Read more
Affected Products :- Published: Nov. 17, 2025
- Modified: Nov. 17, 2025
- Vuln Type: Injection
-
6.1
MEDIUMCVE-2025-63708
Cross-Site Scripting (XSS) vulnerability exists in SourceCodester AI Font Matcher (nid=18425, 2025-10-10) that allows remote attackers to execute arbitrary JavaScript in victims' browsers. The vulnerability occurs in the webfonts API handling mechanism wh... Read more
Affected Products :- Published: Nov. 17, 2025
- Modified: Nov. 17, 2025
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-62876
A Execution with Unnecessary Privileges vulnerability in lightdm-kde-greeter allows escalation from the service user to root.This issue affects lightdm-kde-greeter. before 6.0.4.... Read more
Affected Products : opensuse- Published: Nov. 12, 2025
- Modified: Nov. 17, 2025
- Vuln Type: Authorization
-
7.2
HIGHCVE-2025-62519
phpMyFAQ is an open source FAQ web application. Prior to version 4.0.14, an authenticated SQL injection vulnerability in the main configuration update functionality of phpMyFAQ allows a privileged user with 'Configuration Edit' permissions to execute arbi... Read more
Affected Products :- Published: Nov. 17, 2025
- Modified: Nov. 17, 2025
- Vuln Type: Injection