Latest CVE Feed
-
7.8
HIGHCVE-2025-54907
Heap-based buffer overflow in Microsoft Office Visio allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps office_long_term_servicing_channel office_2024 office_2021 office_2019- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.1
HIGHCVE-2025-54905
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to disclose information locally.... Read more
Affected Products : sharepoint_enterprise_server office word sharepoint_server 365_apps office_long_term_servicing_channel office_macos_2024 office_macos_2021 sharepoint_server_2016 word_2016 +4 more products- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.8
HIGHCVE-2025-54904
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.8
HIGHCVE-2025-54903
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.8
HIGHCVE-2025-54900
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.8
HIGHCVE-2025-54906
Free of memory not on the heap in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office sharepoint_server 365_apps office_long_term_servicing_channel office_macos_2024 office_macos_2021 sharepoint_server_2016 office_2016 sharepoint_server_2019 office_2024 +2 more products- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
6.5
MEDIUMCVE-2025-47997
Concurrent execution using shared resource with improper synchronization ('race condition') in SQL Server allows an authorized attacker to disclose information over a network.... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.8
HIGHCVE-2025-54896
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
8.8
HIGHCVE-2025-54897
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.8
HIGHCVE-2025-54898
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.8
HIGHCVE-2025-54899
Free of memory not on the heap in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.8
HIGHCVE-2025-58322
NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM by invoking arbitrary DLLs due to improper privilege checks.... Read more
- Published: Aug. 28, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Authorization
-
8.8
HIGHCVE-2025-9580
A security vulnerability has been detected in LB-LINK BL-X26 1.2.8. This affects an unknown function of the file /goform/set_blacklist of the component HTTP Handler. Such manipulation of the argument mac leads to os command injection. The attack can be la... Read more
- Published: Aug. 28, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-10233
A security vulnerability has been detected in kalcaddle kodbox 1.61. This affects the function fileGet/fileSave of the file app/controller/explorer/editor.class.php. The manipulation of the argument path leads to path traversal. The attack can be initiate... Read more
Affected Products : kodbox- Published: Sep. 10, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Path Traversal
-
9.8
CRITICALCVE-2025-40687
SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via 'mobilenumber', 'teamleadname' and 'teammember' parameters in the endpoint '/ofrs/admin/add-team.... Read more
Affected Products : online_fire_reporting_system- Published: Sep. 11, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-40689
SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via 'remark', 'status' and 'requestid' parameters in the endpoint '/ofrs/admin/request-details.php'.... Read more
Affected Products : online_fire_reporting_system- Published: Sep. 11, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-40690
SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via 'teamid' parameter in the endpoint '/ofrs/admin/edit-team.php'.... Read more
Affected Products : online_fire_reporting_system- Published: Sep. 11, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-40691
SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via 'todate' parameter in the endpoint '/ofrs/admin/bwdates-report-result.php'.... Read more
Affected Products : online_fire_reporting_system- Published: Sep. 11, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-40692
SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via 'requestid' parameter in the endpoint '/ofrs/details.php'.... Read more
Affected Products : online_fire_reporting_system- Published: Sep. 11, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Injection
-
5.4
MEDIUMCVE-2025-40693
Stored Cross Site Scripting in Online Fire Reporting System v1.2 by PHPGurukul, that consists in a reflected and stored authenticated XSS due to the lack of propper validation of user inputs 'tname' parameter via GET and, 'teamleadname', 'teammember' and ... Read more
Affected Products : online_fire_reporting_system- Published: Sep. 11, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Cross-Site Scripting