Search
Search Results (314825 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-59199 | 2025-10-18 | 7.8 High | ||
| Improper access control in Software Protection Platform (SPP) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55695 | 2025-10-18 | 5.5 Medium | ||
| Out-of-bounds read in Windows WLAN Auto Config Service allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-55339 | 2025-10-18 | 7.8 High | ||
| Out-of-bounds read in Windows NDIS allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-50175 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 8 more | 2025-10-18 | 7.8 High |
| Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-58720 | 2025-10-18 | 7.8 High | ||
| Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-53139 | 2025-10-18 | 7.7 High | ||
| Cleartext transmission of sensitive information in Windows Hello allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2025-62640 | 2025-10-18 | N/A | ||
| Not used | ||||
| CVE-2025-62639 | 2025-10-18 | N/A | ||
| Not used | ||||
| CVE-2025-62638 | 2025-10-18 | N/A | ||
| Not used | ||||
| CVE-2025-62637 | 2025-10-18 | N/A | ||
| Not used | ||||
| CVE-2025-62636 | 2025-10-18 | N/A | ||
| Not used | ||||
| CVE-2025-62635 | 2025-10-18 | N/A | ||
| Not used | ||||
| CVE-2025-62634 | 2025-10-18 | N/A | ||
| Not used | ||||
| CVE-2025-62633 | 2025-10-18 | N/A | ||
| Not used | ||||
| CVE-2025-62632 | 2025-10-18 | N/A | ||
| Not used | ||||
| CVE-2025-11549 | 1 Tenda | 2 W12, W12 Firmware | 2025-10-18 | 8.8 High |
| A vulnerability has been found in Tenda W12 3.0.0.6(3948). The affected element is the function wifiMacFilterSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument mac leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-20357 | 1 Cisco | 2 Cyber Vision, Cyber Vision Center | 2025-10-18 | 5.4 Medium |
| A vulnerability in the web-based management interface of Cisco Cyber Vision Center could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid administrative credentials that allow access to the Reports page. By default, all pre-defined users have this access, as do any custom users that are configured to allow access to the Reports page. | ||||
| CVE-2025-56764 | 2 Trivision, Trivisionsecurity | 3 Nc-227wf, Trivision Nc-227wf, Trivision Nc-227wf Firmware | 2025-10-18 | 5.3 Medium |
| Trivision NC-227WF firmware 5.80 (build 20141010) login mechanism reveals whether a username exists or not by returning different error messages ("Unknown user" vs. "Wrong password"), allowing an attacker to enumerate valid usernames. | ||||
| CVE-2025-34215 | 1 Vasion | 2 Virtual Appliance Application, Virtual Appliance Host | 2025-10-18 | 9.8 Critical |
| Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1026 and Application prior to version 20.0.2702 (only VA deployments) expose an unauthenticated firmware-upload flow: a public page returns a signed token usable at va-api/v1/update, and every Docker image contains the appliance’s private GPG key and hard-coded passphrase. An attacker who extracts the key and obtains a token can decrypt, modify, re-sign, upload, and trigger malicious firmware, gaining remote code execution. This vulnerability has been identified by the vendor as: V-2024-020 — Remote Code Execution. | ||||
| CVE-2025-56676 | 1 Titansystems | 1 Zender | 2025-10-18 | 5.4 Medium |
| TitanSystems Zender v3.9.7 contains an account takeover vulnerability in its password reset functionality. A temporary password or reset token issued to one user can be used to log in as another user, due to improper validation of token-user linkage. This allows remote attackers to gain unauthorized access to any user account by exploiting the password reset mechanism. The vulnerability occurs because the reset token is not correctly bound to the requesting account and is accepted for other user emails during login, enabling privilege escalation and information disclosure. | ||||