Latest CVE Feed
-
4.3
MEDIUMCVE-2025-12087
The Wishlist and Save for later for Woocommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.22 via the 'awwlm_remove_added_wishlist_page' AJAX action due to missing validation on a user ... Read more
Affected Products :- Published: Nov. 12, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-62206
Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network.... Read more
Affected Products : dynamics_365- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
4.3
MEDIUMCVE-2025-60728
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
9.8
CRITICALCVE-2025-60724
Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 office windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 +9 more products- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
7.1
HIGHCVE-2025-62202
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.... Read more
Affected Products : 365_apps office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 office_2019- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
7.0
HIGHCVE-2025-60719
Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
5.5
MEDIUMCVE-2025-60706
Out-of-bounds read in Windows Hyper-V allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 windows_11_24h2 +2 more products- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
7.5
HIGHCVE-2025-60704
Missing cryptographic step in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
7.8
HIGHCVE-2025-60705
Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
8.0
HIGHCVE-2025-60715
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
7.8
HIGHCVE-2025-62200
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
4.3
MEDIUMCVE-2025-12113
The Alt Text Generator AI – Auto Generate & Bulk Update Alt Texts For Images plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the atgai_delete_api_key() function in all versions up to, and including, 1.8... Read more
Affected Products :- Published: Nov. 12, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Authorization
-
2.1
LOWCVE-2025-3717
When using the Grafana Snowflake Datasource Plugin, if Oauth passthrough is enabled on the datasource, and multiple users are using the same datasource at the same time on a single Grafana instance, it could result in the wrong user identifier being us... Read more
Affected Products :- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Authorization
-
8.5
HIGHCVE-2024-32010
A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to extraction of database credentials via a world-readable credential file. This allows an attacker to connect to the data... Read more
Affected Products : spectrum_power_4- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Information Disclosure
-
0.0
NACVE-2025-40144
In the Linux kernel, the following vulnerability has been resolved: nvdimm: ndtest: Return -ENOMEM if devm_kcalloc() fails in ndtest_probe() devm_kcalloc() may fail. ndtest_probe() allocates three DMA address arrays (dcr_dma, label_dma, dimm_dma) and la... Read more
Affected Products : linux_kernel- Published: Nov. 12, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Memory Corruption
-
5.2
MEDIUMCVE-2025-54983
A health check port on Zscaler Client Connector on Windows, versions 4.6 < 4.6.0.216 and 4.7 < 4.7.0.47, which under specific circumstances was not released after use, allowed traffic to potentially bypass ZCC forwarding controls.... Read more
Affected Products :- Published: Nov. 12, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Misconfiguration
-
7.1
HIGHCVE-2025-40817
A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All versions), LOGO! 24CE... Read more
Affected Products :- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2025-60722
Improper limitation of a pathname to a restricted directory ('path traversal') in OneDrive for Android allows an authorized attacker to elevate privileges over a network.... Read more
Affected Products : onedrive- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
6.8
MEDIUMCVE-2025-40760
A vulnerability has been identified in Altair Grid Engine (All versions < V2026.0.0). Affected products do not properly handle error messages and discloses sensitive password hash information when processing user authentication requests. This could allow... Read more
Affected Products :- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Information Disclosure
-
0.0
NACVE-2025-40115
In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() During mpt3sas_transport_port_remove(), messages were logged with dev_printk() against &mpt3sas_port->port->dev. At... Read more
Affected Products : linux_kernel- Published: Nov. 12, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Misconfiguration