Latest CVE Feed
-
7.0
HIGHCVE-2025-54105
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
5.5
MEDIUMCVE-2025-53803
Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +5 more products- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
4.3
MEDIUMCVE-2025-55052
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Information Disclosure
-
5.9
MEDIUMCVE-2025-58984
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nanbu Welcart e-Commerce allows Stored XSS. This issue affects Welcart e-Commerce: from n/a through 2.11.20.... Read more
Affected Products : welcart_e-commerce- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Cross-Site Scripting
-
7.8
HIGHCVE-2025-54913
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows UI XAML Maps MapControlSettings allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +3 more products- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
6.5
MEDIUMCVE-2025-54097
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
7.8
HIGHCVE-2025-54092
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
6.7
MEDIUMCVE-2025-53810
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +7 more products- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
7.8
HIGHCVE-2025-53801
Untrusted pointer dereference in Windows DWM allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +1 more products- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
7.8
HIGHCVE-2025-55228
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
8.8
HIGHCVE-2025-54918
Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +7 more products- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
7.8
HIGHCVE-2025-54916
Stack-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +7 more products- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
7.8
HIGHCVE-2025-54098
Improper access control in Windows Hyper-V allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +6 more products- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
6.5
MEDIUMCVE-2025-54096
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
7.8
HIGHCVE-2025-53800
No cwe for this issue in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_23h2 +2 more products- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
6.4
MEDIUMCVE-2025-9861
The ThemeLoom Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'los_showposts' shortcode in all versions up to, and including, 1.8.5 due to insufficient input sanitization and output escaping on user supplied attr... Read more
Affected Products :- Published: Sep. 11, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Cross-Site Scripting
-
6.3
MEDIUMCVE-2025-36757
It is possible to bypass the administrator login screen on SolaX Cloud. An attacker could use parameter tampering to bypass the login screen and gain limited access to the system.... Read more
Affected Products :- Published: Sep. 10, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Authentication
-
4.4
MEDIUMCVE-2025-43886
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Path Traversal: '.../...//' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacke... Read more
Affected Products : powerprotect_data_manager- Published: Sep. 10, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Path Traversal
-
4.4
MEDIUMCVE-2025-59044
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Himmelblau 0.9.x derives numeric GIDs for Entra ID groups from the group display name when himmelblau.conf `id_attr_map = name` (the default configuration). Because Microsoft... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Misconfiguration
-
7.0
HIGHCVE-2025-43887
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.... Read more
Affected Products : powerprotect_data_manager- Published: Sep. 10, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Authorization