Latest CVE Feed
-
8.5
HIGHCVE-2025-7329
A Stored Cross-Site Scripting security issue exists in the affected product that could potentially allow a malicious user to view and modify sensitive data or make the webpage unavailable. The vulnerability stems from missing special character filtering a... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Cross-Site Scripting
-
7.0
HIGHCVE-2025-7330
A cross-site request forgery security issue exists in the product and version listed. The vulnerability stems from missing CSRF checks on the impacted form. This allows for unintended configuration modification if an attacker can convince a logged in admi... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Cross-Site Request Forgery
-
7.0
HIGHCVE-2025-55688
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 30, 2025
-
7.0
HIGHCVE-2025-55689
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 windows_11_25h2 +1 more products- Published: Oct. 14, 2025
- Modified: Oct. 30, 2025
-
7.0
HIGHCVE-2025-55690
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 30, 2025
-
7.0
HIGHCVE-2025-55691
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 30, 2025
-
7.8
HIGHCVE-2025-55692
Improper input validation in Windows Error Reporting allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +8 more products- Published: Oct. 14, 2025
- Modified: Oct. 30, 2025
-
7.4
HIGHCVE-2025-55693
Use after free in Windows Kernel allows an unauthorized attacker to elevate privileges locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 30, 2025
-
7.8
HIGHCVE-2025-55694
Improper access control in Windows Error Reporting allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_23h2 windows_11_24h2 windows_server_2025 windows_11_25h2 windows_11_2h2- Published: Oct. 14, 2025
- Modified: Oct. 30, 2025
-
5.5
MEDIUMCVE-2025-55695
Out-of-bounds read in Windows WLAN Auto Config Service allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +11 more products- Published: Oct. 14, 2025
- Modified: Oct. 30, 2025
-
7.8
HIGHCVE-2025-55696
Time-of-check time-of-use (toctou) race condition in NtQueryInformation Token function (ntifs.h) allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 +3 more products- Published: Oct. 14, 2025
- Modified: Oct. 30, 2025
-
7.8
HIGHCVE-2025-55697
Heap-based buffer overflow in Azure Local allows an authorized attacker to elevate privileges locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 30, 2025
-
7.5
HIGHCVE-2025-61234
Incorrect access control on Dataphone A920 v2025.07.161103 exposes a service on port 8888 by default on the local network without authentication. This allows an attacker to interact with the device via a TCP socket without credentials. Additionally, sendi... Read more
Affected Products :- Published: Oct. 29, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Authentication
-
8.2
HIGHCVE-2025-60595
SPH Engineering UgCS 5.13.0 is vulnerable to Arbitary code execution.... Read more
Affected Products :- Published: Oct. 29, 2025
- Modified: Oct. 30, 2025
-
6.5
MEDIUMCVE-2025-60542
SQL Injection vulnerability in TypeORM before 0.3.26 via crafted request to repository.save or repository.update due to the sqlstring call using stringifyObjects default to false.... Read more
Affected Products : typeorm- Published: Oct. 29, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-12309
A weakness has been identified in code-projects Nero Social Networking Site 1.0. This affects an unknown part of the file /friendprofile.php. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely... Read more
Affected Products : nero_social_networking_site- Published: Oct. 27, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Injection
-
4.8
MEDIUMCVE-2025-12311
A vulnerability was detected in PHPGurukul Curfew e-Pass Management System 1.0. This issue affects some unknown processing of the file edit-category-detail.php. The manipulation of the argument catname results in cross site scripting. The attack can be la... Read more
Affected Products : curfew_e-pass_management_system- Published: Oct. 27, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-12312
A flaw has been found in PHPGurukul Curfew e-Pass Management System 1.0. Impacted is an unknown function of the file view-pass-detail.php. This manipulation of the argument Fullname/Category causes cross site scripting. The attack may be initiated remotel... Read more
Affected Products : curfew_e-pass_management_system- Published: Oct. 27, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Cross-Site Scripting
-
9.8
CRITICALCVE-2025-12314
A vulnerability was found in code-projects Food Ordering System 1.0. The impacted element is an unknown function of the file /admin/deleteitem.php. Performing manipulation of the argument itemID results in sql injection. Remote exploitation of the attack ... Read more
Affected Products : food_ordering_system- Published: Oct. 27, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-12315
A vulnerability was determined in code-projects Food Ordering System 1.0. This affects an unknown function of the file /admin/menu.php. Executing manipulation of the argument itemPrice can lead to sql injection. The attack can be executed remotely. The ex... Read more
Affected Products : food_ordering_system- Published: Oct. 27, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Injection