Latest CVE Feed
-
5.9
MEDIUMCVE-2025-58984
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nanbu Welcart e-Commerce allows Stored XSS. This issue affects Welcart e-Commerce: from n/a through 2.11.20.... Read more
Affected Products : welcart_e-commerce- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Cross-Site Scripting
-
4.3
MEDIUMCVE-2025-55052
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-54096
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
8.6
HIGHCVE-2025-58430
listmonk is a standalone, self-hosted, newsletter and mailing list manager. In versions up to and including 1.1.0, every http request in addition to the session cookie `session` there included `nonce`. The value is not checked and validated by the backend... Read more
Affected Products : listmonk- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Cross-Site Request Forgery
-
7.0
HIGHCVE-2025-54099
Stack-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +7 more products- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
6.5
MEDIUMCVE-2025-54095
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
7.8
HIGHCVE-2025-53800
No cwe for this issue in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_23h2 +2 more products- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
8.8
HIGHCVE-2025-54918
Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +7 more products- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
7.8
HIGHCVE-2025-53801
Untrusted pointer dereference in Windows DWM allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +1 more products- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
7.8
HIGHCVE-2025-54916
Stack-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +7 more products- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
7.5
HIGHCVE-2025-55243
Exposure of sensitive information to an unauthorized actor in Microsoft Office Plus allows an unauthorized attacker to perform spoofing over a network.... Read more
Affected Products : officeplus- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
5.5
MEDIUMCVE-2025-54901
Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.... Read more
Affected Products : 365_apps office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 office_2019- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
9.0
HIGHCVE-2025-10170
A security vulnerability has been detected in UTT 1200GW up to 3.0.0-170831. This affects the function sub_4B48F8 of the file /goform/formApLbConfig. Such manipulation of the argument loadBalanceNameOld leads to buffer overflow. The attack may be launched... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Memory Corruption
-
8.1
HIGHCVE-2025-54709
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Sala. This issue affects Sala: from n/a through 1.1.6.... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Path Traversal
-
7.6
HIGHCVE-2025-58993
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection. This issue affects Tutor LMS: from n/a through 3.7.4.... Read more
Affected Products : tutor_lms- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2025-58978
Missing Authorization vulnerability in WP Swings PDF Generator for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Generator for WordPress: from n/a through 1.5.4.... Read more
Affected Products : pdf_generator_for_wordpress- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Authorization
-
7.0
HIGHCVE-2025-53807
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
5.8
MEDIUMCVE-2025-9997
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause command injection in BLMon that is executed in the operating system console when in a SSH session.... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Injection
-
6.6
MEDIUMCVE-2025-58131
Race condition in the Zoom Workplace VDI Plugin macOS Universal installer for VMware Horizon before version 6.4.10 (or before 6.2.15 and 6.3.12 in their respective tracks) may allow an authenticated user to conduct a disclosure of information via network ... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Race Condition
-
5.8
MEDIUMCVE-2025-8716
In Content Management versions 20.4- 25.3 authenticated attackers may exploit a complex cache poisoning technique to download unprotected files from the server if the filenames are known.... Read more
Affected Products :- Published: Sep. 11, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Misconfiguration