Latest CVE Feed
-
6.5
MEDIUMCVE-2025-24054
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Actively Exploited
- Published: Mar. 11, 2025
- Modified: May. 29, 2025
- Vuln Type: Path Traversal
-
8.8
HIGHCVE-2025-24051
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Mar. 11, 2025
- Modified: Jul. 02, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-24050
Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows windows_11_23h2 +4 more products- Published: Mar. 11, 2025
- Modified: Jul. 02, 2025
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2025-24049
Improper neutralization of special elements used in a command ('command injection') in Azure Command Line Integration (CLI) allows an unauthorized attacker to elevate privileges locally.... Read more
- Published: Mar. 11, 2025
- Modified: Jul. 02, 2025
- Vuln Type: Injection
-
7.8
HIGHCVE-2025-24048
Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows windows_11_23h2 +4 more products- Published: Mar. 11, 2025
- Modified: Jul. 02, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-24046
Use after free in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows +5 more products- Published: Mar. 11, 2025
- Modified: Jul. 02, 2025
- Vuln Type: Memory Corruption
-
8.1
HIGHCVE-2025-24045
Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.... Read more
- Published: Mar. 11, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-24044
Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +7 more products- Published: Mar. 11, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-24043
Improper verification of cryptographic signature in .NET allows an authorized attacker to execute code over a network.... Read more
Affected Products : windbg- Published: Mar. 11, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Cryptography
-
8.1
HIGHCVE-2025-24035
Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Mar. 11, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Information Disclosure
-
7.1
HIGHCVE-2025-22213
Inadequate checks in the Media Manager allowed users with "edit" privileges to change file extension to arbitrary extension, including .php and other potentially executable extensions.... Read more
Affected Products : joomla\!- Published: Mar. 11, 2025
- Modified: Mar. 11, 2025
- Vuln Type: Authentication
-
4.3
MEDIUMCVE-2025-21247
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Mar. 11, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Path Traversal
-
6.7
MEDIUMCVE-2025-21199
Improper privilege management in Azure Agent Installer allows an authorized attacker to elevate privileges locally.... Read more
- Published: Mar. 11, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-21180
Heap-based buffer overflow in Windows exFAT File System allows an unauthorized attacker to execute code locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Mar. 11, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-21169
Substance3D - Designer versions 14.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vi... Read more
Affected Products : substance_3d_designer- Published: Mar. 11, 2025
- Modified: Apr. 28, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-0149
Insufficient verification of data authenticity in some Zoom Workplace Apps may allow an unprivileged user to conduct a denial of service via network access.... Read more
- Published: Mar. 11, 2025
- Modified: Aug. 19, 2025
- Vuln Type: Denial of Service
-
7.8
HIGHCVE-2024-9157
** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability in CxUIUSvc64.exe and CxUIUSvc32.exe of Synaptics audio drivers allows a local authorized attacker to load a DLL in a privileged process. Out of an abundance of caution, this CVE ID ... Read more
Affected Products :- Published: Mar. 11, 2025
- Modified: Mar. 11, 2025
- Vuln Type: Misconfiguration
-
4.8
MEDIUMCVE-2024-56338
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended... Read more
Affected Products : sterling_b2b_integrator- Published: Mar. 11, 2025
- Modified: May. 12, 2025
- Vuln Type: Cross-Site Scripting
-
6.3
MEDIUMCVE-2025-27617
Pimcore is an open source data and experience management platform. Prior to version 11.5.4, authenticated users can craft a filter string used to cause a SQL injection. Version 11.5.4 fixes the issue.... Read more
Affected Products : pimcore- Published: Mar. 11, 2025
- Modified: Mar. 11, 2025
- Vuln Type: Injection
-
4.9
MEDIUMCVE-2025-27602
Umbraco is a free and open source .NET content management system. In versions of Umbraco's web backoffice program prior to versions 10.8.9 and 13.7.1, via manipulation of backoffice API URLs, it's possible for authenticated backoffice users to retrieve or... Read more
Affected Products : umbraco_cms- Published: Mar. 11, 2025
- Modified: Mar. 11, 2025
- Vuln Type: Authorization