Latest CVE Feed
-
5.5
MEDIUMCVE-2025-53804
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +5 more products- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
6.5
MEDIUMCVE-2025-54095
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
5.5
MEDIUMCVE-2025-53803
Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +5 more products- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
4.3
MEDIUMCVE-2025-55052
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Information Disclosure
-
5.9
MEDIUMCVE-2025-58984
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nanbu Welcart e-Commerce allows Stored XSS. This issue affects Welcart e-Commerce: from n/a through 2.11.20.... Read more
Affected Products : welcart_e-commerce- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-43781
Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.3.110 through 7.4.3.128, and Liferay DXP 2024.Q3.1 through 2024.Q3.8, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.12 allows remote attackers to inject arbitrary web sc... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Cross-Site Scripting
-
7.8
HIGHCVE-2025-54913
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows UI XAML Maps MapControlSettings allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +3 more products- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
10.0
CRITICALCVE-2025-55729
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the ac:type in the ConfluenceLayoutSection macro allows remote code execut... Read more
Affected Products : pro_macros- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-54097
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
7.8
HIGHCVE-2025-54092
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
6.5
MEDIUMCVE-2025-58989
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in silverplugins217 Dynamic Text Field For Contact Form 7 allows Stored XSS. This issue affects Dynamic Text Field For Contact Form 7: from n/a through 1.0.... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Cross-Site Scripting
-
4.3
MEDIUMCVE-2025-36011
IBM Jazz for Service Management 1.1.3.0 through 1.1.3.24 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site th... Read more
Affected Products : jazz_for_service_management- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Misconfiguration
-
7.0
HIGHCVE-2025-54099
Stack-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +7 more products- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
7.8
HIGHCVE-2025-54111
Use after free in Windows UI XAML Phone DatePickerFlyout allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +3 more products- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
7.3
HIGHCVE-2025-54116
Improper access control in Windows MultiPoint Services allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +3 more products- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
7.8
HIGHCVE-2025-54102
Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_23h2 +2 more products- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
6.7
MEDIUMCVE-2025-54094
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +7 more products- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
7.5
HIGHCVE-2025-53805
Out-of-bounds read in Windows Internet Information Services allows an unauthorized attacker to deny service over a network.... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
8.6
HIGHCVE-2025-58430
listmonk is a standalone, self-hosted, newsletter and mailing list manager. In versions up to and including 1.1.0, every http request in addition to the session cookie `session` there included `nonce`. The value is not checked and validated by the backend... Read more
Affected Products : listmonk- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Cross-Site Request Forgery
-
7.8
HIGHCVE-2025-54894
Local Security Authority Subsystem Service Elevation of Privilege Vulnerability... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +7 more products- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025