Latest CVE Feed
-
8.8
HIGHCVE-2025-7186
A vulnerability was found in code-projects Chat System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /user/fetch_chat.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-53513
The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain acc... Read more
Affected Products : juju- Published: Jul. 08, 2025
- Modified: Aug. 26, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-53512
The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information.... Read more
Affected Products : juju- Published: Jul. 08, 2025
- Modified: Aug. 26, 2025
- Vuln Type: Authorization
-
3.5
LOWCVE-2025-49760
External control of file name or path in Windows Storage allows an authorized attacker to perform spoofing over a network.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +4 more products- Published: Jul. 08, 2025
- Modified: Jul. 16, 2025
- Vuln Type: Path Traversal
-
3.3
LOWCVE-2025-49756
Use of a broken or risky cryptographic algorithm in Office Developer Platform allows an authorized attacker to bypass a security feature locally.... Read more
Affected Products : 365_apps- Published: Jul. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Cryptography
-
8.8
HIGHCVE-2025-49753
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 17, 2025
- Vuln Type: Memory Corruption
-
7.0
HIGHCVE-2025-49744
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +4 more products- Published: Jul. 08, 2025
- Modified: Jul. 17, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-49742
Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 17, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-49740
Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +4 more products- Published: Jul. 08, 2025
- Modified: Jul. 17, 2025
- Vuln Type: Misconfiguration
-
8.8
HIGHCVE-2025-49739
Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.... Read more
Affected Products : visual_studio_2017 visual_studio_2019 visual_studio visual_studio_2022 visual_studio_2015- Published: Jul. 08, 2025
- Modified: Jul. 16, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-49738
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : pc_manager- Published: Jul. 08, 2025
- Modified: Jul. 23, 2025
- Vuln Type: Authorization
-
7.0
HIGHCVE-2025-49737
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Teams allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : teams- Published: Jul. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Race Condition
-
8.1
HIGHCVE-2025-49735
Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-49733
Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 +1 more products- Published: Jul. 08, 2025
- Modified: Jul. 16, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-49732
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 16, 2025
- Vuln Type: Memory Corruption
-
3.1
LOWCVE-2025-49731
Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network.... Read more
Affected Products : teams- Published: Jul. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-49730
Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 16, 2025
- Vuln Type: Race Condition
-
8.8
HIGHCVE-2025-49729
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 16, 2025
- Vuln Type: Memory Corruption
-
7.0
HIGHCVE-2025-49727
Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 16, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-49726
Use after free in Windows Notification allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 +3 more products- Published: Jul. 08, 2025
- Modified: Jul. 16, 2025
- Vuln Type: Memory Corruption