Latest CVE Feed
-
7.0
HIGHCVE-2025-53717
Reliance on untrusted inputs in a security decision in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 20, 2025
-
7.8
HIGHCVE-2025-53150
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 +2 more products- Published: Oct. 14, 2025
- Modified: Oct. 20, 2025
-
7.0
HIGHCVE-2025-47989
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 20, 2025
-
7.8
HIGHCVE-2025-24052
Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October c... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +11 more products- Published: Oct. 14, 2025
- Modified: Oct. 20, 2025
-
7.3
HIGHCVE-2025-25004
Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +11 more products- Published: Oct. 14, 2025
- Modified: Oct. 20, 2025
-
5.5
MEDIUMCVE-2025-47979
Insertion of sensitive information into log file in Windows Failover Cluster allows an authorized attacker to disclose information locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 20, 2025
-
3.1
LOWCVE-2025-59280
Improper authentication in Windows SMB Client allows an unauthorized attacker to perform tampering over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Oct. 14, 2025
- Modified: Oct. 20, 2025
-
5.5
MEDIUMCVE-2025-59260
Exposure of sensitive information to an unauthorized actor in Microsoft Failover Cluster Virtual Driver allows an authorized attacker to disclose information locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 20, 2025
-
6.5
MEDIUMCVE-2025-59259
Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +7 more products- Published: Oct. 14, 2025
- Modified: Oct. 20, 2025
-
6.2
MEDIUMCVE-2025-59258
Insertion of sensitive information into log file in Active Directory Federation Services allows an unauthorized attacker to disclose information locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 20, 2025
-
6.5
MEDIUMCVE-2025-59257
Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.... Read more
Affected Products : windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 windows_11_25h2- Published: Oct. 14, 2025
- Modified: Oct. 20, 2025
-
5.4
MEDIUMCVE-2025-59428
EspoCRM is an open source customer relationship management application. In versions before 9.1.9, a vulnerability allows arbitrary user creation, including administrative accounts, through a combination of stored SVG injection and lack of CSRF protection.... Read more
Affected Products : espocrm- Published: Oct. 14, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Injection
-
4.8
MEDIUMCVE-2025-54266
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vul... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-54267
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-privileged attacker could leverage this vulnerability to bypass security measures and gai... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-54265
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Authorization
-
8.1
HIGHCVE-2025-54264
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Cross-Site Scripting
-
8.1
HIGHCVE-2025-54263
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-privileged attacker could leverage this vulnerability to bypass security measures and mai... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Authorization
-
5.5
MEDIUMCVE-2025-59419
Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec in Netty contains an SMTP command injection vulnerability due to insufficient input validation for Carriage Return (\r... Read more
Affected Products : netty- Published: Oct. 15, 2025
- Modified: Oct. 17, 2025
- Vuln Type: Injection
-
6.8
MEDIUMCVE-2025-55320
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to elevate privileges over an adjacent network.... Read more
Affected Products : configuration_manager_2503 configuration_manager_2409 configuration_manager_2403- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
9.6
CRITICALCVE-2025-9804
An improper access control vulnerability exists in multiple WSO2 products due to insufficient permission enforcement in certain internal SOAP Admin Services and System REST APIs. A low-privileged user may exploit this flaw to perform unauthorized operatio... Read more
- Published: Oct. 16, 2025
- Modified: Oct. 17, 2025
- Vuln Type: Authorization