Latest CVE Feed
-
7.0
HIGHCVE-2025-59515
Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
7.0
HIGHCVE-2025-62218
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 14, 2025
-
7.0
HIGHCVE-2025-60719
Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
7.0
HIGHCVE-2025-37735
Improper preservation of permissions in Elastic Defend on Windows hosts can lead to arbitrary files on the system being deleted by the Defend service running as SYSTEM. In some cases, this could result in local privilege escalation.... Read more
Affected Products : kibana- Published: Nov. 06, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Misconfiguration
-
7.0
HIGHCVE-2025-62215
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 +1 more products- Actively Exploited
- Published: Nov. 11, 2025
- Modified: Nov. 14, 2025
-
7.0
HIGHCVE-2025-62219
Double free in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 14, 2025
-
7.0
HIGHCVE-2025-60716
Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
7.0
HIGHCVE-2025-61667
The Datadog Agent collects events and metrics from hosts and sends them to Datadog. A vulnerability within the Datadog Linux Host Agent versions 7.65.0 through 7.70.2 exists due to insufficient permissions being set on the `opt/datadog-agent/python-script... Read more
Affected Products :- Published: Nov. 12, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Misconfiguration
-
7.0
HIGHCVE-2025-62217
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 +8 more products- Published: Nov. 11, 2025
- Modified: Nov. 14, 2025
-
7.0
HIGHCVE-2025-59508
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 windows_11_24h2 +2 more products- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
7.0
HIGHCVE-2025-34501
Deck Mate 2 is distributed with static, hard-coded credentials for the root shell and web user interface, while multiple management services (SSH, HTTP, Telnet, SMB, X11) are enabled by default. If an attacker can reach these interfaces - most often throu... Read more
Affected Products :- Published: Nov. 03, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Authentication
-
6.9
MEDIUMCVE-2025-64436
KubeVirt is a virtual machine management add-on for Kubernetes. In 1.5.0 and earlier, the permissions granted to the virt-handler service account, such as the ability to update VMI and patch nodes, could be abused to force a VMI migration to an attacker-c... Read more
Affected Products : kubevirt- Published: Nov. 07, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Authorization
-
6.9
MEDIUMCVE-2025-9316
N-central < 2025.4 can generate sessionIDs for unauthenticated users This issue affects N-central: before 2025.4.... Read more
Affected Products : n-central- Published: Nov. 12, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Authentication
-
6.9
MEDIUMCVE-2025-12365
Error Messages Wrapped In HTTP Header.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.... Read more
- Published: Oct. 27, 2025
- Modified: Nov. 10, 2025
- Vuln Type: Information Disclosure
-
6.9
MEDIUMCVE-2025-12278
Logout Functionality not Working.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.... Read more
- Published: Oct. 26, 2025
- Modified: Nov. 10, 2025
- Vuln Type: Authentication
-
6.9
MEDIUMCVE-2025-12785
Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server.... Read more
Affected Products :- Published: Nov. 13, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Information Disclosure
-
6.9
MEDIUMCVE-2025-64429
DuckDB is a SQL database management system. DuckDB implemented block-based encryption of DB on the filesystem starting with DuckDB 1.4.0. There are a few issues related to this implementation. The DuckDB can fall back to an insecure random number generato... Read more
Affected Products : duckdb- Published: Nov. 12, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Cryptography
-
6.9
MEDIUMCVE-2025-12829
An uninitialized stack read issue exists in Amazon Ion-C versions <v1.1.4 that may allow a threat actor to craft data and serialize it to Ion text in such a way that sensitive data in memory could be exposed through UTF-8 escape sequences. To mitigate thi... Read more
Affected Products :- Published: Nov. 07, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Information Disclosure
-
6.9
MEDIUMCVE-2025-13160
IQ-Support developed by IQ Service International has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access specific APIs to obtain sensitive information from the internal network.... Read more
Affected Products :- Published: Nov. 14, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Information Disclosure
-
6.9
MEDIUMCVE-2025-52662
A vulnerability in Nuxt DevTools has been fixed in version **2.6.4***. This issue may have allowed Nuxt auth token extraction via XSS under certain configurations. All users are encouraged to upgrade. More details: https://vercel.com/changelog/cve-2025... Read more
Affected Products :- Published: Nov. 07, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Cross-Site Scripting