Latest CVE Feed
-
0.0
NACVE-2025-40112
In the Linux kernel, the following vulnerability has been resolved: sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara The referenced commit introduced exception handlers on user-space memory references in copy_from_user and copy... Read more
Affected Products : linux_kernel- Published: Nov. 12, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Memory Corruption
-
4.3
MEDIUMCVE-2025-37734
Origin Validation Error in Kibana can lead to Server-Side Request Forgery via a forged Origin HTTP header processed by the Observability AI Assistant.... Read more
Affected Products : kibana- Published: Nov. 12, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Server-Side Request Forgery
-
8.0
HIGHCVE-2025-62452
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
7.8
HIGHCVE-2025-60720
Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
6.3
MEDIUMCVE-2025-60723
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to deny service over a network.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
0.0
NACVE-2025-40116
In the Linux kernel, the following vulnerability has been resolved: usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup The kthread_run() function returns error pointers so the max3421_hcd->spi_thread pointer can be either error point... Read more
Affected Products : linux_kernel- Published: Nov. 12, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-40135
In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU in ip6_xmit() Use RCU in ip6_xmit() in order to use dst_dev_rcu() to prevent possible UAF.... Read more
Affected Products : linux_kernel- Published: Nov. 12, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-40150
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid migrating empty section It reports a bug from device w/ zufs: F2FS-fs (dm-64): Inconsistent segment (173822) type [1, 0] in SSA and SIT F2FS-fs (dm-64): Stopped file... Read more
Affected Products : linux_kernel- Published: Nov. 12, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Race Condition
-
5.0
MEDIUMCVE-2025-62453
Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature locally.... Read more
Affected Products : visual_studio_code- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
7.8
HIGHCVE-2025-60714
Heap-based buffer overflow in Windows OLE allows an unauthorized attacker to execute code locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +3 more products- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
9.8
CRITICALCVE-2025-60724
Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 office windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 +9 more products- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
0.0
NACVE-2025-40126
In the Linux kernel, the following vulnerability has been resolved: sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC The referenced commit introduced exception handlers on user-space memory references in copy_from_user and c... Read more
Affected Products : linux_kernel- Published: Nov. 12, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-40159
In the Linux kernel, the following vulnerability has been resolved: xsk: Harden userspace-supplied xdp_desc validation Turned out certain clearly invalid values passed in xdp_desc from userspace can pass xp_{,un}aligned_validate_desc() and then lead to ... Read more
Affected Products : linux_kernel- Published: Nov. 12, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Memory Corruption
-
9.4
CRITICALCVE-2025-11366
N-central < 2025.4 is vulnerable to authentication bypass via path traversal... Read more
Affected Products : n-central- Published: Nov. 12, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Path Traversal
-
5.5
MEDIUMCVE-2025-62208
Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 windows_server_23h2 +3 more products- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
0.0
NACVE-2025-40175
In the Linux kernel, the following vulnerability has been resolved: idpf: cleanup remaining SKBs in PTP flows When the driver requests Tx timestamp value, one of the first steps is to clone SKB using skb_get. It increases the reference counter for that ... Read more
Affected Products : linux_kernel- Published: Nov. 12, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-62220
Heap-based buffer overflow in Windows Subsystem for Linux GUI allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_subsystem_for_linux_gui- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
7.2
HIGHCVE-2025-11994
The Easy Email Subscription plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthe... Read more
Affected Products :- Published: Nov. 12, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Cross-Site Scripting
-
7.8
HIGHCVE-2025-60707
Use after free in Multimedia Class Scheduler Service (MMCSS) allows an authorized attacker to elevate privileges locally.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
8.7
HIGHCVE-2025-40744
A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 11). Affected applications do not properly validate client certificates to connect to License Service endpoint. This could allow an unauthenticated remote attacker to p... Read more
Affected Products : solid_edge_se2025- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Authentication