Latest CVE Feed
-
5.4
MEDIUMCVE-2025-40694
Stored Cross Site Scripting in Online Fire Reporting System v1.2 by PHPGurukul, that consists in a stored authenticated XSS due to the lack of propper validation of user inputs 'fromdate' and 'todate' parameters via POST at the endpoint '/ofrs/admin/bwdat... Read more
Affected Products : online_fire_reporting_system- Published: Sep. 11, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-40695
Stored Cross Site Scripting in Online Fire Reporting System v1.2 by PHPGurukul, that consists in a stored authenticated XSS due to the lack of propper validation of user inputs 'remark', 'status' and 'takeaction' parameters via POST at the endpoint '/ofrs... Read more
Affected Products : online_fire_reporting_system- Published: Sep. 11, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-40696
Stored Cross Site Scripting in Online Fire Reporting System v1.2 by PHPGurukul, that consists in a stored authenticated XSS due to the lack of propper validation of user inputs 'fullname', 'location' and 'message' parameters via POST at the endpoint '/ofr... Read more
Affected Products : online_fire_reporting_system- Published: Sep. 11, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Cross-Site Scripting
-
7.8
HIGHCVE-2025-54258
Substance3D - Modeler versions 1.22.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must o... Read more
Affected Products : substance_3d_modeler- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-54259
Substance3D - Modeler versions 1.22.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in tha... Read more
Affected Products : substance_3d_modeler- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-54260
Substance3D - Modeler versions 1.22.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to... Read more
Affected Products : substance_3d_modeler- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Memory Corruption
-
6.7
MEDIUMCVE-2025-55226
Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to execute code locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
6.5
MEDIUMCVE-2025-55225
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.8
HIGHCVE-2025-55224
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 +1 more products- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.0
HIGHCVE-2025-55223
Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 +1 more products- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.8
HIGHCVE-2025-55317
Improper link resolution before file access ('link following') in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : autoupdate- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.8
HIGHCVE-2025-55316
External control of file name or path in Azure Arc allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : azure_connected_machine_agent- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.8
HIGHCVE-2025-55245
Improper link resolution before file access ('link following') in Xbox allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : xbox_gaming_services- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.8
HIGHCVE-2025-55236
Time-of-check time-of-use (toctou) race condition in Graphics Kernel allows an authorized attacker to execute code locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 +1 more products- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
9.8
CRITICALCVE-2025-55234
SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks. The SMB Server already ... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
5.5
MEDIUMCVE-2025-54241
After Effects versions 25.3, 24.6.7 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure, potentially disclosing sensitive information. Exploitation of this issue requires user interaction in that a victim mus... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-54240
After Effects versions 25.3, 24.6.7 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure, potentially disclosing sensitive information. Exploitation of this issue requires user interaction in that a victim mus... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-54239
After Effects versions 25.3, 24.6.7 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure, potentially disclosing sensitive information. Exploitation of this issue requires user interaction in that a victim mus... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Information Disclosure
-
4.3
MEDIUMCVE-2025-54251
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an XML Injection vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to manipulate XML queries and gain limited un... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
- Vuln Type: XML External Entity
-
4.9
MEDIUMCVE-2025-54250
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and ... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Authorization