Latest CVE Feed
-
7.0
HIGHCVE-2025-54093
Time-of-check time-of-use (toctou) race condition in Windows TCP/IP allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +7 more products- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
6.7
MEDIUMCVE-2025-53810
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +7 more products- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
5.5
MEDIUMCVE-2025-53804
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +5 more products- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
7.8
HIGHCVE-2025-54092
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
6.5
MEDIUMCVE-2025-54097
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
7.8
HIGHCVE-2025-54913
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows UI XAML Maps MapControlSettings allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +3 more products- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
5.9
MEDIUMCVE-2025-58984
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nanbu Welcart e-Commerce allows Stored XSS. This issue affects Welcart e-Commerce: from n/a through 2.11.20.... Read more
Affected Products : welcart_e-commerce- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Cross-Site Scripting
-
4.3
MEDIUMCVE-2025-55052
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Information Disclosure
-
7.8
HIGHCVE-2025-54091
Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +5 more products- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
7.5
HIGHCVE-2025-55243
Exposure of sensitive information to an unauthorized actor in Microsoft Office Plus allows an unauthorized attacker to perform spoofing over a network.... Read more
Affected Products : officeplus- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
7.0
HIGHCVE-2025-54105
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
7.8
HIGHCVE-2025-54111
Use after free in Windows UI XAML Phone DatePickerFlyout allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +3 more products- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
4.9
MEDIUMCVE-2025-58977
Server-Side Request Forgery (SSRF) vulnerability in Rhys Wynne WP eBay Product Feeds allows Server Side Request Forgery. This issue affects WP eBay Product Feeds: from n/a through 3.4.8.... Read more
Affected Products : wp_ebay_product_feeds- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Server-Side Request Forgery
-
8.6
HIGHCVE-2025-58430
listmonk is a standalone, self-hosted, newsletter and mailing list manager. In versions up to and including 1.1.0, every http request in addition to the session cookie `session` there included `nonce`. The value is not checked and validated by the backend... Read more
Affected Products : listmonk- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Cross-Site Request Forgery
-
7.8
HIGHCVE-2025-53801
Untrusted pointer dereference in Windows DWM allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +1 more products- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
9.8
CRITICALCVE-2025-55232
Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : microsoft_hpc_pack_2019- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
7.0
HIGHCVE-2025-53807
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
6.1
MEDIUMCVE-2025-55054
CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Cross-Site Scripting
-
9.8
CRITICALCVE-2025-58462
OPEXUS FOIAXpress Public Access Link (PAL) before version 11.13.1.0 allows SQL injection via SearchPopularDocs.aspx. A remote, unauthenticated attacker could read, write, or delete any content in the underlying database.... Read more
Affected Products : foiaxpress_public_access_link- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Injection
-
9.0
HIGHCVE-2025-10169
A weakness has been identified in UTT 1200GW up to 3.0.0-170831. Affected by this issue is some unknown functionality of the file /goform/ConfigWirelessBase. This manipulation of the argument ssid causes buffer overflow. The attack may be initiated remote... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Memory Corruption