Latest CVE Feed
-
8.4
HIGHCVE-2025-24049
Improper neutralization of special elements used in a command ('command injection') in Azure Command Line Integration (CLI) allows an unauthorized attacker to elevate privileges locally.... Read more
- Published: Mar. 11, 2025
- Modified: Jul. 02, 2025
- Vuln Type: Injection
-
7.8
HIGHCVE-2025-24048
Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows windows_11_23h2 +4 more products- Published: Mar. 11, 2025
- Modified: Jul. 02, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-24046
Use after free in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows +5 more products- Published: Mar. 11, 2025
- Modified: Jul. 02, 2025
- Vuln Type: Memory Corruption
-
8.1
HIGHCVE-2025-24045
Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.... Read more
- Published: Mar. 11, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-24044
Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +7 more products- Published: Mar. 11, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-24043
Improper verification of cryptographic signature in .NET allows an authorized attacker to execute code over a network.... Read more
Affected Products : windbg- Published: Mar. 11, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Cryptography
-
8.1
HIGHCVE-2025-24035
Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Mar. 11, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Information Disclosure
-
7.1
HIGHCVE-2025-22213
Inadequate checks in the Media Manager allowed users with "edit" privileges to change file extension to arbitrary extension, including .php and other potentially executable extensions.... Read more
Affected Products : joomla\!- Published: Mar. 11, 2025
- Modified: Mar. 11, 2025
- Vuln Type: Authentication
-
4.3
MEDIUMCVE-2025-21247
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Mar. 11, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Path Traversal
-
6.7
MEDIUMCVE-2025-21199
Improper privilege management in Azure Agent Installer allows an authorized attacker to elevate privileges locally.... Read more
- Published: Mar. 11, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-21180
Heap-based buffer overflow in Windows exFAT File System allows an unauthorized attacker to execute code locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Mar. 11, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-21169
Substance3D - Designer versions 14.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vi... Read more
Affected Products : substance_3d_designer- Published: Mar. 11, 2025
- Modified: Apr. 28, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-0149
Insufficient verification of data authenticity in some Zoom Workplace Apps may allow an unprivileged user to conduct a denial of service via network access.... Read more
- Published: Mar. 11, 2025
- Modified: Aug. 19, 2025
- Vuln Type: Denial of Service
-
7.8
HIGHCVE-2024-9157
** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability in CxUIUSvc64.exe and CxUIUSvc32.exe of Synaptics audio drivers allows a local authorized attacker to load a DLL in a privileged process. Out of an abundance of caution, this CVE ID ... Read more
Affected Products :- Published: Mar. 11, 2025
- Modified: Mar. 11, 2025
- Vuln Type: Misconfiguration
-
4.8
MEDIUMCVE-2024-56338
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended... Read more
Affected Products : sterling_b2b_integrator- Published: Mar. 11, 2025
- Modified: May. 12, 2025
- Vuln Type: Cross-Site Scripting
-
6.3
MEDIUMCVE-2025-27617
Pimcore is an open source data and experience management platform. Prior to version 11.5.4, authenticated users can craft a filter string used to cause a SQL injection. Version 11.5.4 fixes the issue.... Read more
Affected Products : pimcore- Published: Mar. 11, 2025
- Modified: Mar. 11, 2025
- Vuln Type: Injection
-
4.9
MEDIUMCVE-2025-27602
Umbraco is a free and open source .NET content management system. In versions of Umbraco's web backoffice program prior to versions 10.8.9 and 13.7.1, via manipulation of backoffice API URLs, it's possible for authenticated backoffice users to retrieve or... Read more
Affected Products : umbraco_cms- Published: Mar. 11, 2025
- Modified: Mar. 11, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-27601
Umbraco is a free and open source .NET content management system. An improper API access control issue has been identified Umbraco's API management package prior to versions 15.2.3 and 14.3.3, allowing low-privilege, authenticated users to create and upda... Read more
Affected Products : umbraco_cms- Published: Mar. 11, 2025
- Modified: Mar. 11, 2025
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2025-25747
Cross Site Scripting vulnerability in DigitalDruid HotelDruid v.3.0.7 allows an attacker to execute arbitrary code and obtain sensitive information via the ripristina_backup parameter in the crea_backup.php endpoint... Read more
Affected Products : hoteldruid- Published: Mar. 11, 2025
- Modified: May. 28, 2025
- Vuln Type: Cross-Site Scripting
-
7.7
HIGHCVE-2025-25680
LSC Smart Connect LSC Indoor PTZ Camera 7.6.32 is contains a RCE vulnerability in the tuya_ipc_direct_connect function of the anyka_ipc process. The vulnerability allows arbitrary code execution through the Wi-Fi configuration process when a specially cra... Read more
- Published: Mar. 11, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Authentication