Latest CVE Feed
-
7.8
HIGHCVE-2025-54244
Substance3D - Viewer versions 0.25.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vi... Read more
Affected Products : substance_3d_viewer- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-54243
Substance3D - Viewer versions 0.25.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim m... Read more
Affected Products : substance_3d_viewer- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-55227
Improper neutralization of special elements used in a command ('command injection') in SQL Server allows an authorized attacker to elevate privileges over a network.... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.5
HIGHCVE-2025-54919
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 +1 more products- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
8.4
HIGHCVE-2025-54910
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.8
HIGHCVE-2025-54908
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps powerpoint office_long_term_servicing_channel office_2024 office_2021 office_2019 powerpoint_2016- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.8
HIGHCVE-2025-54907
Heap-based buffer overflow in Microsoft Office Visio allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps office_long_term_servicing_channel office_2024 office_2021 office_2019- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.1
HIGHCVE-2025-54905
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to disclose information locally.... Read more
Affected Products : sharepoint_enterprise_server office word sharepoint_server 365_apps office_long_term_servicing_channel office_macos_2024 office_macos_2021 sharepoint_server_2016 word_2016 +4 more products- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.8
HIGHCVE-2025-54904
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.8
HIGHCVE-2025-54903
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.8
HIGHCVE-2025-54900
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.8
HIGHCVE-2025-54906
Free of memory not on the heap in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office sharepoint_server 365_apps office_long_term_servicing_channel office_macos_2024 office_macos_2021 sharepoint_server_2016 office_2016 sharepoint_server_2019 office_2024 +2 more products- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
6.5
MEDIUMCVE-2025-47997
Concurrent execution using shared resource with improper synchronization ('race condition') in SQL Server allows an authorized attacker to disclose information over a network.... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.8
HIGHCVE-2025-54896
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
8.8
HIGHCVE-2025-54897
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.8
HIGHCVE-2025-54898
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.8
HIGHCVE-2025-54899
Free of memory not on the heap in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.8
HIGHCVE-2025-58322
NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM by invoking arbitrary DLLs due to improper privilege checks.... Read more
- Published: Aug. 28, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Authorization
-
8.8
HIGHCVE-2025-9580
A security vulnerability has been detected in LB-LINK BL-X26 1.2.8. This affects an unknown function of the file /goform/set_blacklist of the component HTTP Handler. Such manipulation of the argument mac leads to os command injection. The attack can be la... Read more
- Published: Aug. 28, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-10233
A security vulnerability has been detected in kalcaddle kodbox 1.61. This affects the function fileGet/fileSave of the file app/controller/explorer/editor.class.php. The manipulation of the argument path leads to path traversal. The attack can be initiate... Read more
Affected Products : kodbox- Published: Sep. 10, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Path Traversal