Latest CVE Feed
-
7.8
HIGHCVE-2025-64531
Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-62580
ASDA-Soft Stack-based Buffer Overflow Vulnerability... Read more
Affected Products : asda_soft- Published: Oct. 16, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-54658
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11... Read more
- Published: Oct. 16, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Path Traversal
-
7.8
HIGHCVE-2025-43364
A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. An app may be able to break out of its sandbox.... Read more
Affected Products : macos- Published: Nov. 04, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Race Condition
-
7.8
HIGHCVE-2025-20728
In wlan STA driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00447115;... Read more
- Published: Nov. 04, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-61839
Format Plugins versions 1.1.1 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute... Read more
Affected Products : format_plugins- Published: Nov. 11, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-61817
InCopy versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a mal... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-59505
Double free in Windows Smart Card allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +4 more products- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
7.8
HIGHCVE-2025-64343
(conda) Constructor is a tool that enables users to create installers for conda package collections. In versions 3.12.2 and below, the installation directory inherits permissions from its parent directory. Outside of restricted directories, the permissio... Read more
Affected Products :- Published: Nov. 07, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Misconfiguration
-
7.8
HIGHCVE-2025-60705
Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
7.8
HIGHCVE-2025-47360
Memory corruption while processing client message during device management.... Read more
Affected Products : qam8295p_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6145p_firmware sa6150p_firmware sa6155p_firmware sa8145p_firmware sa8150p_firmware sa8155p_firmware +60 more products- Published: Nov. 04, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-43474
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to cause unexpected system termination or read kernel memory.... Read more
Affected Products : macos- Published: Nov. 04, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-11463
Ashlar-Vellum Cobalt XE File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this... Read more
Affected Products : cobalt- Published: Oct. 29, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-23352
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause uninitialized pointer access. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privilege... Read more
- Published: Oct. 23, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-47365
Memory corruption while processing large input data from a remote source via a communication interface.... Read more
Affected Products : qam8295p_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6145p_firmware sa6150p_firmware sa6155p_firmware sa8145p_firmware sa8150p_firmware sa8155p_firmware +60 more products- Published: Nov. 04, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-59512
Improper access control in Customer Experience Improvement Program (CEIP) allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +4 more products- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
7.8
HIGHCVE-2025-59514
Improper privilege management in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
7.8
HIGHCVE-2025-62201
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : 365_apps office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 office_2019- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
7.8
HIGHCVE-2025-61826
Illustrator on iPad versions 3.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction i... Read more
Affected Products : illustrator_on_ipad- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-61834
Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Memory Corruption