Latest CVE Feed
-
6.5
MEDIUMCVE-2025-9227
Zohocorp ManageEngine OpManager versions 128609 and below are vulnerable to Stored XSS Vulnerability in the SNMP trap processor.... Read more
Affected Products : manageengine_opmanager- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Cross-Site Scripting
-
5.9
MEDIUMCVE-2025-26405
Improper control of dynamically-managed code resources for some Intel(R) NPU Drivers within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enabl... Read more
Affected Products :- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Denial of Service
-
8.8
HIGHCVE-2025-13014
Use-after-free in the Audio/Video component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, and Firefox ESR < 115.30.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Memory Corruption
-
6.8
MEDIUMCVE-2025-12944
Improper input validation in NETGEAR DGN2200v4 (N300 Wireless ADSL2+ Modem Router) allows attackers with direct network access to the device to potentially execute code on the device. Please check the firmware version and update to the latest. Fixed i... Read more
Affected Products :- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Injection
-
6.3
MEDIUMCVE-2025-24848
Protection mechanism failure for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with a privileged user combined with a high complexity at... Read more
Affected Products : computing_improvement_program- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Authorization
-
7.4
HIGHCVE-2025-35967
Out-of-bounds read for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Unprivileged software adversary with an unauthenticated user combined with a low complexity a... Read more
Affected Products :- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Denial of Service
-
2.0
LOWCVE-2025-24862
Unrestricted upload of file with dangerous type for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with a privileged user combined with a... Read more
Affected Products : computing_improvement_program- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Misconfiguration
-
7.8
HIGHCVE-2025-59505
Double free in Windows Smart Card allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +4 more products- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
7.0
HIGHCVE-2025-59506
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +4 more products- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
7.0
HIGHCVE-2025-59507
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 windows_11_24h2 +2 more products- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
7.0
HIGHCVE-2025-59508
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 windows_11_24h2 +2 more products- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
5.5
MEDIUMCVE-2025-59513
Out-of-bounds read in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 windows_server_2008_r2 +4 more products- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
9.8
CRITICALCVE-2025-8324
Zohocorp ManageEngine Analytics Plus versions 6170 and below are vulnerable to Unauthenticated SQL Injection due to the improper filter configuration.... Read more
Affected Products : manageengine_analytics_plus- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Injection
-
7.3
HIGHCVE-2025-7632
Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Public Folders report.... Read more
Affected Products : manageengine_exchange_reporter_plus- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Cross-Site Scripting
-
7.3
HIGHCVE-2025-7633
Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Custom report.... Read more
Affected Products : manageengine_exchange_reporter_plus- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Cross-Site Scripting
-
6.3
MEDIUMCVE-2025-60723
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to deny service over a network.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
7.8
HIGHCVE-2025-60713
Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_server_2022 windows_server_23h2 windows_server_2025- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
7.8
HIGHCVE-2025-60718
Untrusted search path in Windows Administrator Protection allows an authorized attacker to elevate privileges locally.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
8.7
HIGHCVE-2025-62211
Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network.... Read more
Affected Products : dynamics_365- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
0.0
NACVE-2025-40115
In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() During mpt3sas_transport_port_remove(), messages were logged with dev_printk() against &mpt3sas_port->port->dev. At... Read more
Affected Products : linux_kernel- Published: Nov. 12, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Misconfiguration