Latest CVE Feed
-
8.8
HIGHCVE-2025-12733
The Import any XML, CSV or Excel File to WordPress (WP All Import) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.9.6. This is due to the use of eval() on unsanitized user-supplied input in the pmxi_if ... Read more
Affected Products :- Published: Nov. 13, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Injection
-
8.1
HIGHCVE-2025-59840
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 6.2.0, applications meeting 2 conditions are at risk of arbitrary JavaScript code execution, even if "safe ... Read more
Affected Products : vega- Published: Nov. 13, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Misconfiguration
-
8.6
HIGHCVE-2025-64444
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in NCP-HG100 1.4.48.16 and earlier. If exploited, a remote attacker who has obtained the authentication information to log in to the management page of... Read more
Affected Products :- Published: Nov. 14, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2025-62483
Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a disclosure of information via network access.... Read more
- Published: Nov. 13, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-12536
The SureForms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.1 via the '_srfm_email_notification' post meta registration. This is due to setting the 'auth_callback' parameter to '__return_tr... Read more
Affected Products :- Published: Nov. 13, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-64710
Bitplatform Boilerplate is a Visual studio and .NET project template. Versions prior to 9.11.3 are affected by a cross-site scripting (XSS) vulnerability in the WebInteropApp/WebAppInterop, potentially allowing attackers to inject malicious scripts that c... Read more
Affected Products :- Published: Nov. 13, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Cross-Site Scripting
-
4.3
MEDIUMCVE-2025-62482
Cross-site scripting in Zoom Workplace for Windows before version 6.5.10 may allow an unauthenticated user to impact integrity via network access.... Read more
- Published: Nov. 13, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-13120
A vulnerability has been found in mruby up to 3.4.0. This vulnerability affects the function sort_cmp of the file src/array.c. Such manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public ... Read more
Affected Products : mruby- Published: Nov. 13, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Memory Corruption
-
7.0
HIGHCVE-2025-62217
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 +8 more products- Published: Nov. 11, 2025
- Modified: Nov. 14, 2025
-
7.0
HIGHCVE-2025-62218
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 14, 2025
-
7.0
HIGHCVE-2025-62219
Double free in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 14, 2025
-
8.8
HIGHCVE-2025-62220
Heap-based buffer overflow in Windows Subsystem for Linux GUI allows an unauthorized attacker to execute code over a network.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 14, 2025
-
8.8
HIGHCVE-2025-62222
Improper neutralization of special elements used in a command ('command injection') in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 14, 2025
-
8.0
HIGHCVE-2025-62452
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 +8 more products- Published: Nov. 11, 2025
- Modified: Nov. 14, 2025
-
5.0
MEDIUMCVE-2025-62453
Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature locally.... Read more
Affected Products : visual_studio_code- Published: Nov. 11, 2025
- Modified: Nov. 14, 2025
-
6.5
MEDIUMCVE-2025-43205
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in watchOS 11.4, tvOS 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4. An app may be able to bypass ASLR.... Read more
- Published: Nov. 12, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2024-12125
A flaw was found in the 3scale Developer Portal. When creating or updating an account in the Developer Portal UI it is possible to modify fields explicitly configured as read-only or hidden, allowing an attacker to modify restricted information.... Read more
Affected Products :- Published: Nov. 06, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Cross-Site Request Forgery
-
5.3
MEDIUMCVE-2025-10259
Improper Validation of Specified Quantity in Input vulnerability in TCP Communication Function on Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote attacker to disconnect the connection by sending specially crafted TCP packets ... Read more
Affected Products : melsec_iq-fx5u-32mt\/es_firmware melsec_iq-fx5u-32mt\/ds_firmware melsec_iq-fx5u-32mt\/ess_firmware melsec_iq-fx5u-32mt\/dss_firmware melsec_iq-fx5u-32mr\/es_firmware melsec_iq-fx5u-32mr\/ds_firmware melsec_iq-fx5u-64mt\/es_firmware melsec_iq-fx5u-64mt\/ds_firmware melsec_iq-fx5u-64mt\/ess_firmware melsec_iq-fx5u-64mt\/dss_firmware +11 more products- Published: Nov. 06, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Denial of Service
-
7.0
HIGHCVE-2025-62215
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 +1 more products- Actively Exploited
- Published: Nov. 11, 2025
- Modified: Nov. 14, 2025
-
9.1
CRITICALCVE-2025-12480
Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete.... Read more
Affected Products : triofox- Actively Exploited
- Published: Nov. 10, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Authorization