Latest CVE Feed
-
7.8
HIGHCVE-2025-32714
Improper access control in Windows Installer allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jun. 10, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-32713
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jun. 10, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-32712
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jun. 10, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Memory Corruption
-
8.1
HIGHCVE-2025-32710
Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.... Read more
- Published: Jun. 10, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Memory Corruption
-
7.2
HIGHCVE-2025-31104
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiADC 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.7, 7.1.0 through 7.1.4, 7.0 all versions, 6.2 all versions, 6.1 al... Read more
Affected Products : fortiadc- Published: Jun. 10, 2025
- Modified: Jul. 22, 2025
- Vuln Type: Injection
-
5.5
MEDIUMCVE-2025-30321
InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption in ... Read more
- Published: Jun. 10, 2025
- Modified: Jun. 16, 2025
- Vuln Type: Denial of Service
-
7.8
HIGHCVE-2025-30317
InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in tha... Read more
- Published: Jun. 10, 2025
- Modified: Jun. 16, 2025
- Vuln Type: Memory Corruption
-
8.1
HIGHCVE-2025-29828
Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network.... Read more
- Published: Jun. 10, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Memory Corruption
-
4.3
MEDIUMCVE-2025-25250
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiOS version 7.6.0, version 7.4.7 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions SSL-VPN web-mode may allow an authenticated user to access full S... Read more
- Published: Jun. 10, 2025
- Modified: Jul. 22, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-24471
An Improper Certificate Validation vulnerability [CWE-295] in FortiOS version 7.6.1 and below, version 7.4.7 and below may allow an EAP verified remote user to connect from FortiClient via revoked certificate.... Read more
- Published: Jun. 10, 2025
- Modified: Jul. 22, 2025
- Vuln Type: Misconfiguration
-
5.5
MEDIUMCVE-2025-24069
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +4 more products- Published: Jun. 10, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Information Disclosure
-
5.5
MEDIUMCVE-2025-24068
Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +4 more products- Published: Jun. 10, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Information Disclosure
-
5.5
MEDIUMCVE-2025-24065
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +4 more products- Published: Jun. 10, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Information Disclosure
-
8.8
HIGHCVE-2025-22256
A improper handling of insufficient permissions or privileges in Fortinet FortiPAM 1.4.0 through 1.4.1, 1.3.0, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSRA 1.4.0 through 1.4.1 allows attacker to improper access control via specially crafted H... Read more
- Published: Jun. 10, 2025
- Modified: Jul. 24, 2025
- Vuln Type: Authorization
-
7.2
HIGHCVE-2025-22254
An Improper Privilege Management vulnerability [CWE-269] affecting Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16 and before 6.4.15, FortiProxy version 7.6.0 through 7.6.1 and before 7.4.7 & F... Read more
- Published: Jun. 10, 2025
- Modified: Jul. 22, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-22251
An improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to inject unauthorized session... Read more
Affected Products : fortios- Published: Jun. 10, 2025
- Modified: Jul. 25, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2024-57190
Erxes <1.6.1 is vulnerable to Incorrect Access Control. An attacker can bypass authentication by providing a "User" HTTP header that contains any user, allowing them to talk to any GraphQL endpoint.... Read more
Affected Products : erxes- Published: Jun. 10, 2025
- Modified: Jun. 20, 2025
- Vuln Type: Authentication
-
5.4
MEDIUMCVE-2024-57189
In Erxes <1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler.... Read more
Affected Products : erxes- Published: Jun. 10, 2025
- Modified: Jun. 20, 2025
- Vuln Type: Path Traversal
-
5.4
MEDIUMCVE-2024-57186
In Erxes <1.6.2, an unauthenticated attacker can read arbitrary files from the system using a Path Traversal vulnerability in the /read-file endpoint handler.... Read more
Affected Products : erxes- Published: Jun. 10, 2025
- Modified: Jun. 20, 2025
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2024-54019
A improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 7.4.0, versions 7.2.0 through 7.2.6, and 7.0 all versions allow an unauthorized attacker to redirect VPN connections via DNS spoofing or another form of redirec... Read more
Affected Products : forticlient- Published: Jun. 10, 2025
- Modified: Jul. 25, 2025
- Vuln Type: Misconfiguration