Latest CVE Feed
-
7.0
HIGHCVE-2025-47989
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 20, 2025
-
7.0
HIGHCVE-2025-55686
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 windows_11_25h2 +1 more products- Published: Oct. 14, 2025
- Modified: Oct. 27, 2025
-
7.0
HIGHCVE-2025-58731
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 16, 2025
-
7.0
HIGHCVE-2025-55689
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 windows_11_25h2 +1 more products- Published: Oct. 14, 2025
- Modified: Oct. 30, 2025
-
7.0
HIGHCVE-2025-55685
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 windows_11_25h2 +1 more products- Published: Oct. 14, 2025
- Modified: Oct. 27, 2025
-
7.0
HIGHCVE-2025-62218
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
-
7.0
HIGHCVE-2025-34501
Deck Mate 2 is distributed with static, hard-coded credentials for the root shell and web user interface, while multiple management services (SSH, HTTP, Telnet, SMB, X11) are enabled by default. If an attacker can reach these interfaces - most often throu... Read more
Affected Products :- Published: Nov. 03, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Authentication
-
7.0
HIGHCVE-2025-55691
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 30, 2025
-
7.0
HIGHCVE-2025-7330
A cross-site request forgery security issue exists in the product and version listed. The vulnerability stems from missing CSRF checks on the impacted form. This allows for unintended configuration modification if an attacker can convince a logged in admi... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Cross-Site Request Forgery
-
7.0
HIGHCVE-2025-59506
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +4 more products- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
-
7.0
HIGHCVE-2025-37735
Improper preservation of permissions in Elastic Defend on Windows hosts can lead to arbitrary files on the system being deleted by the Defend service running as SYSTEM. In some cases, this could result in local privilege escalation.... Read more
Affected Products : kibana- Published: Nov. 06, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Misconfiguration
-
7.0
HIGHCVE-2025-59507
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 windows_11_24h2 +2 more products- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
-
7.0
HIGHCVE-2025-59508
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 windows_11_24h2 +2 more products- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
-
7.0
HIGHCVE-2025-60716
Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
-
7.0
HIGHCVE-2025-60719
Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
-
7.0
HIGHCVE-2025-62213
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
-
7.0
HIGHCVE-2025-62219
Double free in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
-
7.0
HIGHCVE-2025-59515
Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
-
7.0
HIGHCVE-2025-59221
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office word sharepoint_server 365_apps office_long_term_servicing_channel office_macos_2024 office_macos_2021 sharepoint_server_2016 word_2016 sharepoint_server_2019 +3 more products- Published: Oct. 14, 2025
- Modified: Oct. 16, 2025
-
7.0
HIGHCVE-2024-48891
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiSOAR 7.6.0 through 7.6.1, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an attacker who has already obtained a... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 15, 2025
- Vuln Type: Injection