Latest CVE Feed
-
5.7
MEDIUMCVE-2025-50156
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.... Read more
- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025
-
7.8
HIGHCVE-2025-50155
Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +6 more products- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025
-
7.5
HIGHCVE-2025-50154
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025
-
7.8
HIGHCVE-2025-50153
Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +4 more products- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025
-
7.0
HIGHCVE-2025-49762
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Aug. 12, 2025
- Modified: Aug. 19, 2025
-
7.8
HIGHCVE-2025-49761
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +8 more products- Published: Aug. 12, 2025
- Modified: Aug. 19, 2025
-
8.8
HIGHCVE-2025-49759
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.... Read more
- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025
-
8.8
HIGHCVE-2025-49758
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.... Read more
- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025
-
8.8
HIGHCVE-2025-49757
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.... Read more
- Published: Aug. 12, 2025
- Modified: Aug. 19, 2025
-
4.3
MEDIUMCVE-2025-49755
User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.... Read more
Affected Products : edge- Published: Aug. 12, 2025
- Modified: Aug. 15, 2025
-
6.8
MEDIUMCVE-2025-49751
Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 +3 more products- Published: Aug. 12, 2025
- Modified: Aug. 15, 2025
-
5.4
MEDIUMCVE-2025-49745
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to perform spoofing over a network.... Read more
Affected Products : dynamics_365- Published: Aug. 12, 2025
- Modified: Aug. 15, 2025
-
6.7
MEDIUMCVE-2025-49743
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Aug. 12, 2025
- Modified: Aug. 15, 2025
-
4.3
MEDIUMCVE-2025-49736
The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.... Read more
Affected Products : edge- Published: Aug. 12, 2025
- Modified: Aug. 15, 2025
-
8.8
HIGHCVE-2025-49712
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.... Read more
- Published: Aug. 12, 2025
- Modified: Aug. 15, 2025
-
7.9
HIGHCVE-2025-49707
Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally.... Read more
- Published: Aug. 12, 2025
- Modified: Aug. 20, 2025
-
5.3
MEDIUMCVE-2025-49559
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a security feature b... Read more
- Published: Aug. 12, 2025
- Modified: Aug. 15, 2025
-
5.9
MEDIUMCVE-2025-49558
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could explo... Read more
- Published: Aug. 12, 2025
- Modified: Aug. 15, 2025
-
8.7
HIGHCVE-2025-49557
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into v... Read more
- Published: Aug. 12, 2025
- Modified: Aug. 22, 2025
-
7.5
HIGHCVE-2025-49556
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to... Read more
- Published: Aug. 12, 2025
- Modified: Aug. 15, 2025