Latest CVE Feed
-
4.3
MEDIUMCVE-2025-24055
Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to disclose information with a physical attack.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Mar. 11, 2025
- Modified: Jul. 02, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-24054
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Actively Exploited
- Published: Mar. 11, 2025
- Modified: May. 29, 2025
- Vuln Type: Path Traversal
-
8.8
HIGHCVE-2025-24051
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Mar. 11, 2025
- Modified: Jul. 02, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-24050
Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows windows_11_23h2 +4 more products- Published: Mar. 11, 2025
- Modified: Jul. 02, 2025
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2025-24049
Improper neutralization of special elements used in a command ('command injection') in Azure Command Line Integration (CLI) allows an unauthorized attacker to elevate privileges locally.... Read more
- Published: Mar. 11, 2025
- Modified: Jul. 02, 2025
- Vuln Type: Injection
-
7.8
HIGHCVE-2025-24048
Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows windows_11_23h2 +4 more products- Published: Mar. 11, 2025
- Modified: Jul. 02, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-24046
Use after free in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows +5 more products- Published: Mar. 11, 2025
- Modified: Jul. 02, 2025
- Vuln Type: Memory Corruption
-
8.1
HIGHCVE-2025-24045
Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.... Read more
- Published: Mar. 11, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-24044
Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +7 more products- Published: Mar. 11, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-24043
Improper verification of cryptographic signature in .NET allows an authorized attacker to execute code over a network.... Read more
Affected Products : windbg- Published: Mar. 11, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Cryptography
-
8.1
HIGHCVE-2025-24035
Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Mar. 11, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Information Disclosure
-
7.1
HIGHCVE-2025-22213
Inadequate checks in the Media Manager allowed users with "edit" privileges to change file extension to arbitrary extension, including .php and other potentially executable extensions.... Read more
Affected Products : joomla\!- Published: Mar. 11, 2025
- Modified: Mar. 11, 2025
- Vuln Type: Authentication
-
4.3
MEDIUMCVE-2025-21247
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Mar. 11, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Path Traversal
-
6.7
MEDIUMCVE-2025-21199
Improper privilege management in Azure Agent Installer allows an authorized attacker to elevate privileges locally.... Read more
- Published: Mar. 11, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-21180
Heap-based buffer overflow in Windows exFAT File System allows an unauthorized attacker to execute code locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Mar. 11, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-21169
Substance3D - Designer versions 14.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vi... Read more
Affected Products : substance_3d_designer- Published: Mar. 11, 2025
- Modified: Apr. 28, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-0149
Insufficient verification of data authenticity in some Zoom Workplace Apps may allow an unprivileged user to conduct a denial of service via network access.... Read more
- Published: Mar. 11, 2025
- Modified: Aug. 19, 2025
- Vuln Type: Denial of Service
-
7.8
HIGHCVE-2024-9157
** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability in CxUIUSvc64.exe and CxUIUSvc32.exe of Synaptics audio drivers allows a local authorized attacker to load a DLL in a privileged process. Out of an abundance of caution, this CVE ID ... Read more
Affected Products :- Published: Mar. 11, 2025
- Modified: Mar. 11, 2025
- Vuln Type: Misconfiguration
-
4.8
MEDIUMCVE-2024-56338
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended... Read more
Affected Products : sterling_b2b_integrator- Published: Mar. 11, 2025
- Modified: May. 12, 2025
- Vuln Type: Cross-Site Scripting
-
6.3
MEDIUMCVE-2025-27617
Pimcore is an open source data and experience management platform. Prior to version 11.5.4, authenticated users can craft a filter string used to cause a SQL injection. Version 11.5.4 fixes the issue.... Read more
Affected Products : pimcore- Published: Mar. 11, 2025
- Modified: Mar. 11, 2025
- Vuln Type: Injection