Latest CVE Feed
-
7.5
HIGHCVE-2025-12903
The Payment Plugins Braintree For WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wc-braintree/v1/3ds/vaulted_nonce REST API endpoint in all versions up to, and including, 3.2.78. This is due... Read more
Affected Products :- Published: Nov. 12, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Authorization
-
7.1
HIGHCVE-2025-60726
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.... Read more
Affected Products : 365_apps office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 office_2019- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
7.8
HIGHCVE-2025-62216
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
6.7
MEDIUMCVE-2025-62214
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code locally.... Read more
Affected Products : visual_studio_2022- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
8.7
HIGHCVE-2025-62211
Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network.... Read more
Affected Products : dynamics_365- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
5.5
MEDIUMCVE-2025-62209
Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 windows_server_23h2 +3 more products- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
7.8
HIGHCVE-2025-62203
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : 365_apps office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 office_2019- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
7.1
HIGHCVE-2025-40817
A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All versions), LOGO! 24CE... Read more
Affected Products :- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-60704
Missing cryptographic step in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
7.8
HIGHCVE-2025-60705
Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
5.5
MEDIUMCVE-2025-60706
Out-of-bounds read in Windows Hyper-V allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 windows_11_24h2 +2 more products- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
8.0
HIGHCVE-2025-60715
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
7.0
HIGHCVE-2025-60719
Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
9.8
CRITICALCVE-2025-60724
Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 office windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 +9 more products- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
4.3
MEDIUMCVE-2025-60728
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
7.8
HIGHCVE-2025-62199
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps office_macos_2024 office_macos_2021 office_2016 office_2024 office_2021- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
7.1
HIGHCVE-2025-62202
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.... Read more
Affected Products : 365_apps office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 office_2019- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
6.5
MEDIUMCVE-2025-62206
Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network.... Read more
Affected Products : dynamics_365- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
5.5
MEDIUMCVE-2025-62208
Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 windows_server_23h2 +3 more products- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
7.1
HIGHCVE-2025-61830
Adobe Pass versions 3.7.3 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access. Exploitation of this issue requires user... Read more
Affected Products :- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Authorization