Latest CVE Feed
-
6.5
MEDIUMCVE-2024-44639
PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the sub1, sub2, sub3, sub4, and course-short parameters in add-subject.php.... Read more
Affected Products : student_record_system- Published: Nov. 14, 2025
- Modified: Nov. 17, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2024-44640
PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the course-short, course-full, and cdate parameters in add-course.php.... Read more
Affected Products : student_record_system- Published: Nov. 14, 2025
- Modified: Nov. 17, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2024-55016
PHPGurukul Student Record Management System 3.20 is vulnerable to SQL Injection via the id and password parameters in login.php.... Read more
Affected Products : student_record_system- Published: Nov. 14, 2025
- Modified: Nov. 17, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-63710
The send_message.php endpoint in SourceCodester Simple Public Chat Room 1.0 is vulnerable to Cross-Site Request Forgery (CSRF). The application does not implement any CSRF-protection mechanisms such as tokens, nonces, or same-site cookie restrictions. An ... Read more
Affected Products : simple_public_chat_room- Published: Nov. 10, 2025
- Modified: Nov. 17, 2025
- Vuln Type: Cross-Site Request Forgery
-
7.1
HIGHCVE-2025-63711
A Cross-Site Request Forgery (CSRF) vulnerability in the SourceCodester Client Database Management System 1.0 allows an attacker to cause an authenticated administrative user to perform user deletion actions without their consent. The application's user d... Read more
Affected Products : client_database_management_system- Published: Nov. 10, 2025
- Modified: Nov. 17, 2025
- Vuln Type: Cross-Site Request Forgery
-
6.1
MEDIUMCVE-2025-63640
Sourcecodester Medicine Reminder App v1.0 is vulnerable to Cross-Site Scripting (XSS) in the "Medicine Name" and "Notes (Optional)" fields when creating an "Upcoming Reminder", allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript... Read more
Affected Products : medicine_reminder_app- Published: Nov. 07, 2025
- Modified: Nov. 17, 2025
- Vuln Type: Cross-Site Scripting
-
4.3
MEDIUMCVE-2025-11777
Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11 fail to properly validate team membership permissions in the Add Channel Member API which allows users from one team to access user metadata and channel membership information from other teams via ... Read more
Affected Products : mattermost_server- Published: Nov. 13, 2025
- Modified: Nov. 17, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-60727
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Nov. 11, 2025
- Modified: Nov. 17, 2025
-
4.3
MEDIUMCVE-2025-60728
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 17, 2025
-
7.8
HIGHCVE-2025-62199
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 17, 2025
-
7.8
HIGHCVE-2025-62200
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 17, 2025
-
7.8
HIGHCVE-2025-62201
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Nov. 11, 2025
- Modified: Nov. 17, 2025
-
7.1
HIGHCVE-2025-62202
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Nov. 11, 2025
- Modified: Nov. 17, 2025
-
7.8
HIGHCVE-2025-62203
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Nov. 11, 2025
- Modified: Nov. 17, 2025
-
8.0
HIGHCVE-2025-62204
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 17, 2025
-
7.8
HIGHCVE-2025-62205
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 17, 2025
-
7.8
HIGHCVE-2025-59505
Double free in Windows Smart Card allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 +5 more products- Published: Nov. 11, 2025
- Modified: Nov. 17, 2025
-
7.0
HIGHCVE-2025-59506
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 +5 more products- Published: Nov. 11, 2025
- Modified: Nov. 17, 2025
-
7.0
HIGHCVE-2025-59507
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 +3 more products- Published: Nov. 11, 2025
- Modified: Nov. 17, 2025
-
7.0
HIGHCVE-2025-59508
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 +3 more products- Published: Nov. 11, 2025
- Modified: Nov. 17, 2025