Latest CVE Feed
-
7.0
HIGHCVE-2025-53802
Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.... Read more
- Published: Sep. 09, 2025
- Modified: Oct. 02, 2025
-
7.8
HIGHCVE-2025-53801
Untrusted pointer dereference in Windows DWM allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +2 more products- Published: Sep. 09, 2025
- Modified: Oct. 02, 2025
-
7.8
HIGHCVE-2025-53800
No cwe for this issue in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 +3 more products- Published: Sep. 09, 2025
- Modified: Oct. 02, 2025
-
9.8
CRITICALCVE-2025-10459
A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown part of the file /admin/all-appointment.php. The manipulation of the argument delid results in sql injection. The attack can be executed remote... Read more
- Published: Sep. 15, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Injection
-
5.5
MEDIUMCVE-2025-53799
Use of uninitialized resource in Windows Imaging Component allows an unauthorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 office windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 +10 more products- Published: Sep. 09, 2025
- Modified: Oct. 02, 2025
-
6.5
MEDIUMCVE-2025-53798
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more
- Published: Sep. 09, 2025
- Modified: Oct. 02, 2025
-
6.3
MEDIUMCVE-2025-49089
wangxutech MoneyPrinterTurbo 1.2.6 allows path traversal via /api/v1/download/ URIs such as /api/v1/download//etc/passwd.... Read more
- Published: Sep. 15, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Path Traversal
-
5.3
MEDIUMCVE-2025-59474
Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers without Overall/Read permission to list agent names thr... Read more
Affected Products : jenkins- Published: Sep. 17, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-59475
Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check for the authenticated user profile dropdown menu, allowing attackers without Overall/Read permission to obtain limited information about the Jenkins configuration by li... Read more
Affected Products : jenkins- Published: Sep. 17, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-53797
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more
- Published: Sep. 09, 2025
- Modified: Oct. 02, 2025
-
6.5
MEDIUMCVE-2025-53796
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more
- Published: Sep. 09, 2025
- Modified: Oct. 02, 2025
-
7.0
HIGHCVE-2025-49734
Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 powershell windows_11_23h2 +4 more products- Published: Sep. 09, 2025
- Modified: Oct. 02, 2025
-
5.3
MEDIUMCVE-2025-59476
Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not restrict or transform the characters that can be inserted from user-specified content in log messages, allowing attackers able to control log message contents to insert line break characters, fol... Read more
Affected Products : jenkins- Published: Sep. 17, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Information Disclosure
-
8.8
HIGHCVE-2025-11113
A vulnerability was detected in CodeAstro Online Leave Application 1.0. Affected is an unknown function of the file /signup.php. Performing manipulation of the argument city results in sql injection. The attack may be initiated remotely. The exploit is no... Read more
Affected Products : online_leave_application- Published: Sep. 28, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-11109
A vulnerability was identified in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/us_edit.php?action=edit. The manipulation of the argument ID leads to sql injection. It is possible to init... Read more
Affected Products : computer_sales_and_inventory_system- Published: Sep. 28, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-11110
A security flaw has been discovered in Campcodes Online Learning Management System 1.0. The impacted element is an unknown function of the file /admin/school_year.php. The manipulation of the argument school_year results in sql injection. It is possible t... Read more
Affected Products : online_learning_management_system- Published: Sep. 28, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-11111
A weakness has been identified in Campcodes Advanced Online Voting Management System 1.0. This affects an unknown function of the file /admin/candidates_edit.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remot... Read more
Affected Products : advanced_online_voting_system- Published: Sep. 28, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-11114
A flaw has been found in CodeAstro Online Leave Application 1.0. Affected by this vulnerability is an unknown functionality of the file /leaveAplicationForm.php. Executing manipulation of the argument absence[] can lead to sql injection. The attack may be... Read more
Affected Products : online_leave_application- Published: Sep. 28, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Injection
-
7.0
HIGHCVE-2025-53807
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 +1 more products- Published: Sep. 09, 2025
- Modified: Oct. 02, 2025
-
6.5
MEDIUMCVE-2025-53806
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more
- Published: Sep. 09, 2025
- Modified: Oct. 02, 2025