Latest CVE Feed
-
10.0
CRITICALCVE-2025-54261
ColdFusion versions 2025.3, 2023.15, 2021.21 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary code execution by an attacker. Scope is changed.... Read more
Affected Products : coldfusion- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Path Traversal
-
9.8
CRITICALCVE-2025-9387
A vulnerability was found in DCN DCME-720 9.1.5.11. This affects an unknown function of the file /usr/local/www/function/audit/newstatistics/ip_block.php of the component Web Management Backend. Performing manipulation of the argument ip results in os com... Read more
- Published: Aug. 24, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Injection
-
5.5
MEDIUMCVE-2025-9389
A vulnerability was identified in vim 9.1.0000. Affected is the function __memmove_avx_unaligned_erms of the file memmove-vec-unaligned-erms.S. The manipulation leads to memory corruption. The attack needs to be performed locally. The exploit is publicly ... Read more
Affected Products : vim- Published: Aug. 24, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-9390
A security flaw has been discovered in vim up to 9.1.1615. Affected by this vulnerability is the function main of the file src/xxd/xxd.c of the component xxd. The manipulation results in buffer overflow. The attack requires a local approach. The exploit h... Read more
Affected Products : vim- Published: Aug. 24, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-54245
Substance3D - Viewer versions 0.25.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim m... Read more
Affected Products : substance_3d_viewer- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-54244
Substance3D - Viewer versions 0.25.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vi... Read more
Affected Products : substance_3d_viewer- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-54243
Substance3D - Viewer versions 0.25.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim m... Read more
Affected Products : substance_3d_viewer- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-9391
A weakness has been identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this issue is the function getFieldValue of the component com.artery.workflow.ServiceImpl. This manipulation of the argument sql causes sql injection. The attack may be initiated ... Read more
Affected Products : zhiyou_erp- Published: Aug. 24, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-55227
Improper neutralization of special elements used in a command ('command injection') in SQL Server allows an authorized attacker to elevate privileges over a network.... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.5
HIGHCVE-2025-54919
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 +1 more products- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
8.4
HIGHCVE-2025-54910
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.8
HIGHCVE-2025-54908
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps powerpoint office_long_term_servicing_channel office_2024 office_2021 office_2019 powerpoint_2016- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.8
HIGHCVE-2025-54907
Heap-based buffer overflow in Microsoft Office Visio allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps office_long_term_servicing_channel office_2024 office_2021 office_2019- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.1
HIGHCVE-2025-54905
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to disclose information locally.... Read more
Affected Products : sharepoint_enterprise_server office word sharepoint_server 365_apps office_long_term_servicing_channel office_macos_2024 office_macos_2021 sharepoint_server_2016 word_2016 +4 more products- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.8
HIGHCVE-2025-54904
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.8
HIGHCVE-2025-54903
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.8
HIGHCVE-2025-54900
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.8
HIGHCVE-2025-54906
Free of memory not on the heap in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office sharepoint_server 365_apps office_long_term_servicing_channel office_macos_2024 office_macos_2021 sharepoint_server_2016 office_2016 sharepoint_server_2019 office_2024 +2 more products- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
6.5
MEDIUMCVE-2025-47997
Concurrent execution using shared resource with improper synchronization ('race condition') in SQL Server allows an authorized attacker to disclose information over a network.... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.8
HIGHCVE-2025-54896
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025