Latest CVE Feed
-
6.5
MEDIUMCVE-2025-29835
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +8 more products- Published: May. 13, 2025
- Modified: May. 19, 2025
- Vuln Type: Information Disclosure
-
7.7
HIGHCVE-2025-29833
Time-of-check time-of-use (toctou) race condition in Windows Virtual Machine Bus allows an unauthorized attacker to execute code locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +6 more products- Published: May. 13, 2025
- Modified: May. 19, 2025
- Vuln Type: Race Condition
-
6.5
MEDIUMCVE-2025-29832
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: May. 13, 2025
- Modified: May. 19, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-29831
Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.... Read more
- Published: May. 13, 2025
- Modified: May. 19, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-29830
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: May. 13, 2025
- Modified: May. 19, 2025
- Vuln Type: Information Disclosure
-
5.5
MEDIUMCVE-2025-29829
Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +4 more products- Published: May. 13, 2025
- Modified: May. 19, 2025
- Vuln Type: Information Disclosure
-
8.8
HIGHCVE-2025-29826
Improper handling of insufficient permissions or privileges in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.... Read more
Affected Products : dataverse- Published: May. 13, 2025
- Modified: May. 19, 2025
- Vuln Type: Authorization
-
6.7
MEDIUMCVE-2025-27488
Use of hard-coded credentials in Windows Hardware Lab Kit allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_20h2 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_21h1 windows_10_2004 windows_11_24h2 +13 more products- Published: May. 13, 2025
- Modified: May. 19, 2025
- Vuln Type: Authentication
-
7.0
HIGHCVE-2025-27468
Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +6 more products- Published: May. 13, 2025
- Modified: May. 19, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-26685
Improper authentication in Microsoft Defender for Identity allows an unauthorized attacker to perform spoofing over an adjacent network.... Read more
Affected Products : defender_for_identity- Published: May. 13, 2025
- Modified: May. 19, 2025
- Vuln Type: Authentication
-
6.7
MEDIUMCVE-2025-26684
External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : defender_for_endpoint- Published: May. 13, 2025
- Modified: May. 19, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-26677
Uncontrolled resource consumption in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network.... Read more
- Published: May. 13, 2025
- Modified: May. 19, 2025
- Vuln Type: Denial of Service
-
7.8
HIGHCVE-2025-24063
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: May. 13, 2025
- Modified: May. 19, 2025
- Vuln Type: Memory Corruption
-
7.1
HIGHCVE-2025-21264
Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.... Read more
- Published: May. 13, 2025
- Modified: May. 19, 2025
- Vuln Type: Authorization
-
7.3
HIGHCVE-2025-0035
Unquoted search path within AMD Cloud Manageability Service can allow a local attacker to escalate privileges, potentially resulting in arbitrary code execution.... Read more
Affected Products :- Published: May. 13, 2025
- Modified: May. 13, 2025
- Vuln Type: Misconfiguration
-
6.9
MEDIUMCVE-2024-6364
A vulnerability in Absolute Persistence® versions before 2.8 exists when it is not activated. This may allow a skilled attacker with both physical access to the device, and full hostile network control, to initiate OS commands on the device. To remediate... Read more
Affected Products : persistence- Published: May. 13, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Misconfiguration
-
7.3
HIGHCVE-2024-36339
A DLL hijacking vulnerability in the AMD Optimizing CPU Libraries could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.... Read more
Affected Products :- Published: May. 13, 2025
- Modified: May. 13, 2025
- Vuln Type: Misconfiguration
-
7.3
HIGHCVE-2024-36321
Unquoted search path within AIM-T Manageability Service can allow a local attacker to escalate privileges, potentially resulting in arbitrary code execution.... Read more
Affected Products :- Published: May. 13, 2025
- Modified: May. 13, 2025
- Vuln Type: Misconfiguration
-
7.3
HIGHCVE-2024-21960
Incorrect default permissions in the AMD Optimizing CPU Libraries (AOCL) installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.... Read more
Affected Products :- Published: May. 13, 2025
- Modified: May. 13, 2025
- Vuln Type: Misconfiguration
-
8.8
HIGHCVE-2025-4428
Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.... Read more
Affected Products : endpoint_manager_mobile- Actively Exploited
- Published: May. 13, 2025
- Modified: May. 21, 2025
- Vuln Type: Authentication