Latest CVE Feed
-
6.8
MEDIUMCVE-2025-4663
An Improper Check for Unusual or Exceptional Conditions vulnerability in Brocade Fabric OS before 9.2.2.a could allow an authenticated, network-based attacker to cause a Denial-of-Service (DoS). The vulnerability is encountered when supportsave is inv... Read more
Affected Products :- Published: Jul. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2025-47135
Dimension versions 4.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requir... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Information Disclosure
-
7.8
HIGHCVE-2025-30312
Dimension versions 4.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a m... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-0928
In Juju versions prior to 3.6.8 and 2.9.52, any authenticated controller user was allowed to upload arbitrary agent binaries to any model or to the controller itself, without verifying model membership or requiring explicit permissions. This enabled the d... Read more
Affected Products : juju- Published: Jul. 08, 2025
- Modified: Aug. 26, 2025
- Vuln Type: Authorization
-
8.8
HIGHCVE-2025-7187
A vulnerability classified as critical has been found in code-projects Chat System 1.0. Affected is an unknown function of the file /user/fetch_member.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack rem... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-7186
A vulnerability was found in code-projects Chat System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /user/fetch_chat.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-53513
The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain acc... Read more
Affected Products : juju- Published: Jul. 08, 2025
- Modified: Aug. 26, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-53512
The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information.... Read more
Affected Products : juju- Published: Jul. 08, 2025
- Modified: Aug. 26, 2025
- Vuln Type: Authorization
-
3.5
LOWCVE-2025-49760
External control of file name or path in Windows Storage allows an authorized attacker to perform spoofing over a network.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +4 more products- Published: Jul. 08, 2025
- Modified: Jul. 16, 2025
- Vuln Type: Path Traversal
-
3.3
LOWCVE-2025-49756
Use of a broken or risky cryptographic algorithm in Office Developer Platform allows an authorized attacker to bypass a security feature locally.... Read more
Affected Products : 365_apps- Published: Jul. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Cryptography
-
8.8
HIGHCVE-2025-49753
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 17, 2025
- Vuln Type: Memory Corruption
-
7.0
HIGHCVE-2025-49744
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +4 more products- Published: Jul. 08, 2025
- Modified: Jul. 17, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-49742
Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 17, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-49740
Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +4 more products- Published: Jul. 08, 2025
- Modified: Jul. 17, 2025
- Vuln Type: Misconfiguration
-
8.8
HIGHCVE-2025-49739
Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.... Read more
Affected Products : visual_studio_2017 visual_studio_2019 visual_studio visual_studio_2022 visual_studio_2015- Published: Jul. 08, 2025
- Modified: Jul. 16, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-49738
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : pc_manager- Published: Jul. 08, 2025
- Modified: Jul. 23, 2025
- Vuln Type: Authorization
-
7.0
HIGHCVE-2025-49737
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Teams allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : teams- Published: Jul. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Race Condition
-
8.1
HIGHCVE-2025-49735
Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-49733
Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 +1 more products- Published: Jul. 08, 2025
- Modified: Jul. 16, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-49732
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 16, 2025
- Vuln Type: Memory Corruption