Latest CVE Feed
-
7.8
HIGHCVE-2025-47985
Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-47984
Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Information Disclosure
-
7.8
HIGHCVE-2025-47982
Improper input validation in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 +3 more products- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-47981
Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +8 more products- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Memory Corruption
-
6.2
MEDIUMCVE-2025-47980
Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an unauthorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-47978
Out-of-bounds read in Windows Kerberos allows an authorized attacker to deny service over a network.... Read more
Affected Products : windows_server_2022 windows_server_2022_23h2 windows_server_23h2 windows_server_2025- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
-
7.8
HIGHCVE-2025-47976
Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Memory Corruption
-
7.0
HIGHCVE-2025-47975
Double free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-47973
Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
-
8.0
HIGHCVE-2025-47972
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges over a network.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +4 more products- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Race Condition
-
7.8
HIGHCVE-2025-47971
Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Memory Corruption
-
8.0
HIGHCVE-2025-47178
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to execute code over an adjacent network.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 23, 2025
- Vuln Type: Injection
-
7.8
HIGHCVE-2025-47159
Protection mechanism failure in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +4 more products- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Authorization
-
5.5
MEDIUMCVE-2025-47109
After Effects versions 25.2, 24.6.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to service... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2025-43587
After Effects versions 25.2, 24.6.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this i... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Information Disclosure
-
5.5
MEDIUMCVE-2025-43580
Audition versions 25.2, 24.6.3 and earlier are affected by an Access of Memory Location After End of Buffer vulnerability that could result in application denial-of-service. An attacker could leverage this vulnerability to crash the application or disrupt... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Memory Corruption
-
8.1
HIGHCVE-2025-33054
Insufficient UI warning of dangerous operations in Remote Desktop Client allows an unauthorized attacker to perform spoofing over a network.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Authorization
-
5.5
MEDIUMCVE-2025-26636
Processor optimization removal or modification of security-critical code in Windows Kernel allows an authorized attacker to disclose information locally.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Information Disclosure
-
6.0
MEDIUMCVE-2025-21195
Improper link resolution before file access ('link following') in Service Fabric allows an authorized attacker to elevate privileges locally.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 22, 2025
- Vuln Type: Authorization
-
5.5
MEDIUMCVE-2025-21168
Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this ... Read more
Affected Products : substance_3d_designer- Published: Jul. 08, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Information Disclosure