Latest CVE Feed
-
7.8
HIGHCVE-2025-30298
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that... Read more
- Published: Apr. 08, 2025
- Modified: Apr. 11, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-30297
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vict... Read more
- Published: Apr. 08, 2025
- Modified: Apr. 11, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-30296
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interac... Read more
- Published: Apr. 08, 2025
- Modified: Apr. 11, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-30295
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ... Read more
- Published: Apr. 08, 2025
- Modified: Apr. 11, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-32036
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. The algorithm used to generate the captcha image shows the least complexity of the desired image. For this reason, the created image can be easil... Read more
- Published: Apr. 08, 2025
- Modified: Aug. 26, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-32035
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 9.13.2, when uploading files (e.g. when uploading assets), the file extension is checked to see if it's an allowed file type but the act... Read more
Affected Products : dotnetnuke- Published: Apr. 08, 2025
- Modified: Aug. 26, 2025
- Vuln Type: Misconfiguration
-
7.8
HIGHCVE-2025-29824
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Actively Exploited
- Published: Apr. 08, 2025
- Modified: May. 14, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-29823
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : 365_apps- Published: Apr. 08, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-29822
Incomplete list of disallowed inputs in Microsoft Office OneNote allows an unauthorized attacker to bypass a security feature locally.... Read more
Affected Products : office 365_apps office_long_term_servicing_channel onenote onenote_for_mac onenote_2016 office_macos_2024 office_macos_2021 office_2024 office_2021 +1 more products- Published: Apr. 08, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Authorization
-
5.5
MEDIUMCVE-2025-29821
Improper input validation in Dynamics Business Central allows an authorized attacker to disclose information locally.... Read more
- Published: Apr. 08, 2025
- Modified: Aug. 12, 2025
- Vuln Type: Information Disclosure
-
7.8
HIGHCVE-2025-29820
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.... Read more
Affected Products : sharepoint_enterprise_server office 365_apps office_long_term_servicing_channel office_macos_2024 office_macos_2021 sharepoint_server_2016 office_2016 office_2024 office_2021 +1 more products- Published: Apr. 08, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Memory Corruption
-
6.2
MEDIUMCVE-2025-29819
External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose information locally.... Read more
Affected Products : windows_admin_center- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-29816
Improper input validation in Microsoft Office Word allows an unauthorized attacker to bypass a security feature over a network.... Read more
Affected Products : office word 365_apps office_long_term_servicing_channel office_macos_2024 office_macos_2021 office_2016 word_2016 office_2024 office_2021 +1 more products- Published: Apr. 08, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Authentication
-
7.8
HIGHCVE-2025-29812
Untrusted pointer dereference in Windows Kernel Memory allows an authorized attacker to elevate privileges locally.... Read more
- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-29811
Improper input validation in Windows Mobile Broadband allows an authorized attacker to elevate privileges locally.... Read more
- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-29810
Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Authorization
-
7.1
HIGHCVE-2025-29809
Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows +5 more products- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Misconfiguration
-
5.5
MEDIUMCVE-2025-29808
Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2022- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Cryptography
-
7.5
HIGHCVE-2025-29805
Exposure of sensitive information to an unauthorized actor in Outlook for Android allows an unauthorized attacker to disclose information over a network.... Read more
Affected Products : outlook- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Information Disclosure
-
7.3
HIGHCVE-2025-29804
Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.... Read more
- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Authorization