Latest CVE Feed
-
9.9
CRITICALCVE-2025-55315
Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 28, 2025
-
5.7
MEDIUMCVE-2025-55248
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 linux_kernel .net_framework windows_server_2019 macos windows_10_1607 windows_10_1809 windows_10_21h2 +10 more products- Published: Oct. 14, 2025
- Modified: Oct. 23, 2025
-
7.3
HIGHCVE-2025-55247
Improper link resolution before file access ('link following') in .NET allows an authorized attacker to elevate privileges locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 23, 2025
-
7.3
HIGHCVE-2025-55240
Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
6.5
MEDIUMCVE-2025-54603
An incorrect OIDC authentication flow in Claroty Secure Access 3.3.0 through 4.0.2 can result in unauthorized user creation or impersonation of existing OIDC users.... Read more
Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Authentication
-
8.4
HIGHCVE-2025-53782
Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 27, 2025
-
7.8
HIGHCVE-2025-53768
Use after free in Xbox allows an authorized attacker to elevate privileges locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 20, 2025
-
7.0
HIGHCVE-2025-53717
Reliance on untrusted inputs in a security decision in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 20, 2025
-
7.8
HIGHCVE-2025-53150
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 +2 more products- Published: Oct. 14, 2025
- Modified: Oct. 20, 2025
-
7.7
HIGHCVE-2025-53139
Cleartext transmission of sensitive information in Windows Hello allows an unauthorized attacker to bypass a security feature locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 23, 2025
-
7.8
HIGHCVE-2025-50175
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 +3 more products- Published: Oct. 14, 2025
- Modified: Oct. 16, 2025
-
7.0
HIGHCVE-2025-50174
Use after free in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 23, 2025
-
7.8
HIGHCVE-2025-50152
Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +6 more products- Published: Oct. 14, 2025
- Modified: Oct. 23, 2025
-
9.9
CRITICALCVE-2025-49708
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges over a network.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 +2 more products- Published: Oct. 14, 2025
- Modified: Oct. 23, 2025
-
6.3
MEDIUMCVE-2025-48813
Use of a key past its expiration date in Virtual Secure Mode allows an authorized attacker to perform spoofing locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 +3 more products- Published: Oct. 14, 2025
- Modified: Oct. 23, 2025
-
7.4
HIGHCVE-2025-48004
Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 21, 2025
-
7.0
HIGHCVE-2025-47989
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 20, 2025
-
5.5
MEDIUMCVE-2025-47979
Insertion of sensitive information into log file in Windows Failover Cluster allows an authorized attacker to disclose information locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 20, 2025
-
6.5
MEDIUMCVE-2025-37148
A vulnerability in the parsing of ethernet frames in AOS-8 Instant and AOS 10 could allow an unauthenticated remote attacker to conduct a denial of service attack. Successful exploitation could allow an attacker to potentially disrupt network services and... Read more
Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Denial of Service
-
7.1
HIGHCVE-2025-37147
A Secure Boot Bypass Vulnerability exists in affected Access Points that allows an adversary to bypass the hardware root of trust verification in place to ensure only vendor-signed firmware can execute on the device. An adversary can exploit this vulnerab... Read more
Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Authentication