Latest CVE Feed
- 
                                
                                6.3MEDIUMCVE-2025-48813Use of a key past its expiration date in Virtual Secure Mode allows an authorized attacker to perform spoofing locally.... Read more Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 +3 more products- Published: Oct. 14, 2025
- Modified: Oct. 23, 2025
 
- 
                                
                                7.4HIGHCVE-2025-48004Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.... Read more - Published: Oct. 14, 2025
- Modified: Oct. 21, 2025
 
- 
                                
                                7.0HIGHCVE-2025-47989Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.... Read more - Published: Oct. 14, 2025
- Modified: Oct. 20, 2025
 
- 
                                
                                5.5MEDIUMCVE-2025-47979Insertion of sensitive information into log file in Windows Failover Cluster allows an authorized attacker to disclose information locally.... Read more - Published: Oct. 14, 2025
- Modified: Oct. 20, 2025
 
- 
                                
                                6.5MEDIUMCVE-2025-37148A vulnerability in the parsing of ethernet frames in AOS-8 Instant and AOS 10 could allow an unauthenticated remote attacker to conduct a denial of service attack. Successful exploitation could allow an attacker to potentially disrupt network services and... Read more Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Denial of Service
 
- 
                                
                                7.1HIGHCVE-2025-37147A Secure Boot Bypass Vulnerability exists in affected Access Points that allows an adversary to bypass the hardware root of trust verification in place to ensure only vendor-signed firmware can execute on the device. An adversary can exploit this vulnerab... Read more Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Authentication
 
- 
                                
                                7.2HIGHCVE-2025-37146A vulnerability in the web-based management interface of network access point configuration services could allow an authenticated remote attacker to perform remote command execution. Successful exploitation could allow an attacker to execute arbitrary com... Read more Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Injection
 
- 
                                
                                4.9MEDIUMCVE-2025-37145Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through... Read more Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 15, 2025
- Vuln Type: Path Traversal
 
- 
                                
                                4.9MEDIUMCVE-2025-37144Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through... Read more Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 15, 2025
- Vuln Type: Path Traversal
 
- 
                                
                                4.9MEDIUMCVE-2025-37143An arbitrary file download vulnerability exists in the web-based management interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated malicious actor to download arbitrary files ... Read more Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Path Traversal
 
- 
                                
                                4.9MEDIUMCVE-2025-37142Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully cons... Read more Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Path Traversal
 
- 
                                
                                4.9MEDIUMCVE-2025-37141Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully cons... Read more Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Path Traversal
 
- 
                                
                                4.9MEDIUMCVE-2025-37140Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully cons... Read more Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Path Traversal
 
- 
                                
                                6.0MEDIUMCVE-2025-37139A vulnerability in an AOS firmware binary allows an authenticated malicious actor to permanently delete necessary boot information. Successful exploitation may render the system unbootable, resulting in a Denial of Service that can only be resolved by rep... Read more Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Denial of Service
 
- 
                                
                                6.2MEDIUMCVE-2025-37138An authenticated command injection vulnerability exists in the command line interface binary of AOS-10 GW and AOS-8 Controllers/Mobility Conductor operating system. Exploitation of this vulnerability requires physical access to the hardware controllers. A... Read more Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Injection
 
- 
                                
                                6.5MEDIUMCVE-2025-37137Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary ... Read more Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Path Traversal
 
- 
                                
                                6.5MEDIUMCVE-2025-37136Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary ... Read more Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Path Traversal
 
- 
                                
                                6.5MEDIUMCVE-2025-37135Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary ... Read more Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Path Traversal
 
- 
                                
                                7.2HIGHCVE-2025-37134An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user o... Read more Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Injection
 
- 
                                
                                7.2HIGHCVE-2025-37133An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user o... Read more Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Injection
 
 
                         
                         
                         
                                             
                                            