Latest CVE Feed
-
9.8
CRITICALCVE-2025-4658
Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. As OPKSSH depends on the OpenPubkey library for authentication, this vulnerability in OpenPubkey also appl... Read more
- Published: May. 13, 2025
- Modified: May. 22, 2025
- Vuln Type: Authentication
-
6.1
MEDIUMCVE-2025-47280
Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior to versions 13.4.2 and 15.1.2, the 'Send email' workflow does not HTML encode the user-provided field values in the sent email... Read more
Affected Products : umbraco_forms- Published: May. 13, 2025
- Modified: May. 22, 2025
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2025-3757
Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification.... Read more
Affected Products : openpubkey- Published: May. 13, 2025
- Modified: May. 23, 2025
- Vuln Type: Authentication
-
7.8
HIGHCVE-2025-32709
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +8 more products- Actively Exploited
- Published: May. 13, 2025
- Modified: May. 16, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-32707
Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.... Read more
- Published: May. 13, 2025
- Modified: May. 19, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-32706
Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Actively Exploited
- Published: May. 13, 2025
- Modified: May. 16, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-32705
Out-of-bounds read in Microsoft Office Outlook allows an unauthorized attacker to execute code locally.... Read more
- Published: May. 13, 2025
- Modified: May. 19, 2025
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2025-32704
Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps excel office_long_term_servicing_channel excel_2016 office_2024 office_2021 office_2019- Published: May. 13, 2025
- Modified: May. 19, 2025
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-32703
Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally.... Read more
- Published: May. 13, 2025
- Modified: May. 19, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-32702
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally.... Read more
- Published: May. 13, 2025
- Modified: May. 19, 2025
- Vuln Type: Injection
-
7.8
HIGHCVE-2025-32701
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Actively Exploited
- Published: May. 13, 2025
- Modified: May. 16, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-30400
Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 +1 more products- Actively Exploited
- Published: May. 13, 2025
- Modified: May. 16, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-30397
Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Actively Exploited
- Published: May. 13, 2025
- Modified: May. 29, 2025
- Vuln Type: Memory Corruption
-
5.9
MEDIUMCVE-2025-30394
Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network.... Read more
- Published: May. 13, 2025
- Modified: May. 19, 2025
- Vuln Type: Denial of Service
-
7.8
HIGHCVE-2025-30393
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : 365_apps office_long_term_servicing_channel office_macos_2024 office_macos_2021 office_2024 office_2021- Published: May. 13, 2025
- Modified: May. 19, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-30388
Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 office windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 +13 more products- Published: May. 13, 2025
- Modified: May. 19, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-30387
Improper limitation of a pathname to a restricted directory ('path traversal') in Azure allows an unauthorized attacker to elevate privileges over a network.... Read more
Affected Products : azure_ai_document_intelligence_studio- Published: May. 13, 2025
- Modified: May. 19, 2025
- Vuln Type: Path Traversal
-
8.4
HIGHCVE-2025-30386
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more
- Published: May. 13, 2025
- Modified: May. 19, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-30385
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: May. 13, 2025
- Modified: May. 19, 2025
- Vuln Type: Memory Corruption
-
7.4
HIGHCVE-2025-30384
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.... Read more
- Published: May. 13, 2025
- Modified: May. 19, 2025
- Vuln Type: Authentication