Search
Search Results (314843 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-59192 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-10-18 | 7.8 High |
| Buffer over-read in Storport.sys Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59241 | 1 Microsoft | 2 Windows 11 24h2, Windows 11 25h2 | 2025-10-18 | 7.8 High |
| Improper link resolution before file access ('link following') in Windows Health and Optimized Experiences Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59199 | 2025-10-18 | 7.8 High | ||
| Improper access control in Software Protection Platform (SPP) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55695 | 2025-10-18 | 5.5 Medium | ||
| Out-of-bounds read in Windows WLAN Auto Config Service allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-55339 | 2025-10-18 | 7.8 High | ||
| Out-of-bounds read in Windows NDIS allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-50175 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 8 more | 2025-10-18 | 7.8 High |
| Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-58720 | 2025-10-18 | 7.8 High | ||
| Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-53139 | 2025-10-18 | 7.7 High | ||
| Cleartext transmission of sensitive information in Windows Hello allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2025-62640 | 2025-10-18 | N/A | ||
| Not used | ||||
| CVE-2025-62639 | 2025-10-18 | N/A | ||
| Not used | ||||
| CVE-2025-62638 | 2025-10-18 | N/A | ||
| Not used | ||||
| CVE-2025-62637 | 2025-10-18 | N/A | ||
| Not used | ||||
| CVE-2025-62636 | 2025-10-18 | N/A | ||
| Not used | ||||
| CVE-2025-62635 | 2025-10-18 | N/A | ||
| Not used | ||||
| CVE-2025-62634 | 2025-10-18 | N/A | ||
| Not used | ||||
| CVE-2025-62633 | 2025-10-18 | N/A | ||
| Not used | ||||
| CVE-2025-62632 | 2025-10-18 | N/A | ||
| Not used | ||||
| CVE-2025-11549 | 1 Tenda | 2 W12, W12 Firmware | 2025-10-18 | 8.8 High |
| A vulnerability has been found in Tenda W12 3.0.0.6(3948). The affected element is the function wifiMacFilterSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument mac leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-20357 | 1 Cisco | 2 Cyber Vision, Cyber Vision Center | 2025-10-18 | 5.4 Medium |
| A vulnerability in the web-based management interface of Cisco Cyber Vision Center could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid administrative credentials that allow access to the Reports page. By default, all pre-defined users have this access, as do any custom users that are configured to allow access to the Reports page. | ||||
| CVE-2025-56764 | 2 Trivision, Trivisionsecurity | 3 Nc-227wf, Trivision Nc-227wf, Trivision Nc-227wf Firmware | 2025-10-18 | 5.3 Medium |
| Trivision NC-227WF firmware 5.80 (build 20141010) login mechanism reveals whether a username exists or not by returning different error messages ("Unknown user" vs. "Wrong password"), allowing an attacker to enumerate valid usernames. | ||||