Latest CVE Feed
-
7.8
HIGHCVE-2025-47361
Memory corruption when triggering a subsystem crash with an out-of-range identifier.... Read more
Affected Products : qam8295p_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa8295p_firmware qca6595_firmware qca6698aq_firmware sa8540p_firmware sa9000p_firmware qam8255p_firmware +46 more products- Published: Nov. 04, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-64343
(conda) Constructor is a tool that enables users to create installers for conda package collections. In versions 3.12.2 and below, the installation directory inherits permissions from its parent directory. Outside of restricted directories, the permissio... Read more
Affected Products :- Published: Nov. 07, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Misconfiguration
-
7.8
HIGHCVE-2025-47353
Memory corruption while processing request sent from GVM.... Read more
Affected Products : qca6595_firmware qca6698aq_firmware sa9000p_firmware qam8255p_firmware qca6797aq_firmware sa8255p_firmware qam8650p_firmware qam8775p_firmware qca6595 sa8770p_firmware +26 more products- Published: Nov. 04, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-12205
A vulnerability was detected in Kamailio 5.5. The affected element is the function sr_push_yy_state of the file src/core/cfg.lex of the component Configuration File Handler. The manipulation results in use after free. The attack must be initiated from a l... Read more
Affected Products : kamailio- Published: Oct. 27, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-43941
Dell Unity, version(s) 5.5 and Prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability to execu... Read more
Affected Products : unity_operating_environment- Published: Oct. 30, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Injection
-
7.8
HIGHCVE-2025-58724
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 20, 2025
-
7.8
HIGHCVE-2025-47368
Memory corruption when dereferencing an invalid userspace address in a user buffer during MCDM IOCTL processing.... Read more
Affected Products : wcd9380_firmware wcd9385_firmware fastconnect_6900_firmware fastconnect_7800_firmware wsa8840_firmware wsa8845_firmware wsa8845h_firmware wcd9380 wcd9385 sc8380xp_firmware +6 more products- Published: Nov. 04, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-58720
Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 +3 more products- Published: Oct. 14, 2025
- Modified: Nov. 07, 2025
-
7.8
HIGHCVE-2025-43364
A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. An app may be able to break out of its sandbox.... Read more
Affected Products : macos- Published: Nov. 04, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Race Condition
-
7.8
HIGHCVE-2025-55694
Improper access control in Windows Error Reporting allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_23h2 windows_11_24h2 windows_server_2025 windows_11_25h2 windows_11_2h2- Published: Oct. 14, 2025
- Modified: Oct. 30, 2025
-
7.8
HIGHCVE-2025-21062
Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.67.2 allows local attackers to replace the restoring application. User interaction is required for triggering this vulnerability.... Read more
Affected Products : smart_switch- Published: Oct. 10, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Cryptography
-
7.8
HIGHCVE-2025-59278
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Oct. 14, 2025
- Modified: Oct. 27, 2025
-
7.8
HIGHCVE-2025-62579
ASDA-Soft Stack-based Buffer Overflow Vulnerability... Read more
Affected Products : asda_soft- Published: Oct. 16, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-59281
Improper link resolution before file access ('link following') in XBox Gaming Services allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : xbox_gaming_services- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
7.8
HIGHCVE-2025-43387
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.2. A malicious app may be able to gain root privileges.... Read more
Affected Products : macos- Published: Nov. 04, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-41390
An arbitrary code execution vulnerability exists in the git functionality of Truffle Security Co. TruffleHog 3.90.2. A specially crafted repository can lead to a arbitrary code execution. An attacker can provide a malicious respository to trigger this vul... Read more
Affected Products :- Published: Oct. 20, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Injection
-
7.8
HIGHCVE-2025-43472
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to gain root privileges.... Read more
Affected Products : macos- Published: Nov. 04, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-59234
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 28, 2025
-
7.8
HIGHCVE-2025-43939
Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading... Read more
Affected Products : unity_operating_environment- Published: Oct. 30, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Injection
-
7.8
HIGHCVE-2025-43940
Dell Unity, version(s) 5.5 and Prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading... Read more
Affected Products : unity_operating_environment- Published: Oct. 30, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Injection