CVE-2025-30150 - Shopware E-Mail Account Enumeration Vulnerability
CVE ID : CVE-2025-30150
Published : April 8, 2025, 2:15 p.m. | 1 hour, 8 minutes ago
Description : Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Through the store-api it is possible as a attacker to check if a specific e-mail address has an account in the shop. Using the store-api endpoint /store-api/account/recovery-password you get the response, which indicates clearly that there is no account for this customer. In contrast you get a success response if the account was found. This vulnerability is fixed in Shopware 6.6.10.3 or 6.5.8.17. For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30150
Published : April 8, 2025, 2:15 p.m. | 1 hour, 8 minutes ago
Description : Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Through the store-api it is possible as a attacker to check if a specific e-mail address has an account in the shop. Using the store-api endpoint /store-api/account/recovery-password you get the response, which indicates clearly that there is no account for this customer. In contrast you get a success response if the account was found. This vulnerability is fixed in Shopware 6.6.10.3 or 6.5.8.17. For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30151 - Shopware Password Denial Of Service
CVE ID : CVE-2025-30151
Published : April 8, 2025, 2:15 p.m. | 1 hour, 8 minutes ago
Description : Shopware is an open commerce platform. It's possible to pass long passwords that leads to Denial Of Service via forms in Storefront forms or Store-API. This vulnerability is fixed in 6.6.10.3 or 6.5.8.17. For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30151
Published : April 8, 2025, 2:15 p.m. | 1 hour, 8 minutes ago
Description : Shopware is an open commerce platform. It's possible to pass long passwords that leads to Denial Of Service via forms in Storefront forms or Store-API. This vulnerability is fixed in 6.6.10.3 or 6.5.8.17. For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31498 - "C-ares Use-After-Free Vulnerability"
CVE ID : CVE-2025-31498
Published : April 8, 2025, 2:15 p.m. | 1 hour, 8 minutes ago
Description : c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in read_answers() when process_answer() may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed the connection immediately after a response. If there was an issue trying to put that new transaction on the wire, it would close the connection handle, but read_answers() was still expecting the connection handle to be available to possibly dequeue other responses. In theory a remote attacker might be able to trigger this by flooding the target with ICMP UNREACHABLE packets if they also control the upstream nameserver and can return a result with one of those conditions, this has been untested. Otherwise only a local attacker might be able to change system behavior to make send()/write() return a failure condition. This vulnerability is fixed in 1.34.5.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31498
Published : April 8, 2025, 2:15 p.m. | 1 hour, 8 minutes ago
Description : c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in read_answers() when process_answer() may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed the connection immediately after a response. If there was an issue trying to put that new transaction on the wire, it would close the connection handle, but read_answers() was still expecting the connection handle to be available to possibly dequeue other responses. In theory a remote attacker might be able to trigger this by flooding the target with ICMP UNREACHABLE packets if they also control the upstream nameserver and can return a result with one of those conditions, this has been untested. Otherwise only a local attacker might be able to change system behavior to make send()/write() return a failure condition. This vulnerability is fixed in 1.34.5.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27751 - Microsoft Office Excel Use-After-Free Remote Code Execution Vulnerability
CVE ID : CVE-2025-27751
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27751
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27752 - Microsoft Office Excel Heap-based Buffer Overflow Vulnerability
CVE ID : CVE-2025-27752
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27752
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29791 - Microsoft Office Type Confusion Code Execution Vulnerability
CVE ID : CVE-2025-29791
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29791
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29792 - Microsoft Office Use-After-Free Privilege Escalation Vulnerability
CVE ID : CVE-2025-29792
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29792
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29793 - Microsoft Office SharePoint Remote Code Execution Vulnerability
CVE ID : CVE-2025-29793
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29793
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29794 - Microsoft Office SharePoint Remote Code Execution Vulnerability
CVE ID : CVE-2025-29794
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29794
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29800 - Microsoft AutoUpdate Privilege Escalation Vulnerability
CVE ID : CVE-2025-29800
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Improper privilege management in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29800
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Improper privilege management in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29801 - Microsoft AutoUpdate Privilege Escalation Vulnerability
CVE ID : CVE-2025-29801
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Incorrect default permissions in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29801
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Incorrect default permissions in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29802 - Visual Studio Privilege Escalation Vulnerability
CVE ID : CVE-2025-29802
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29802
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29804 - Microsoft Visual Studio Privilege Escalation Vulnerability
CVE ID : CVE-2025-29804
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29804
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29805 - Microsoft Outlook Android Information Disclosure Vulnerability
CVE ID : CVE-2025-29805
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Exposure of sensitive information to an unauthorized actor in Outlook for Android allows an unauthorized attacker to disclose information over a network.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29805
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Exposure of sensitive information to an unauthorized actor in Outlook for Android allows an unauthorized attacker to disclose information over a network.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29808 - "Windows Cryptographic Services Cryptographic Primitive Implementation Vulnerability"
CVE ID : CVE-2025-29808
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29808
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29809 - Windows Kerberos Sensitive Information Storage Vulnerability
CVE ID : CVE-2025-29809
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29809
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29810 - Microsoft Active Directory Domain Services Privilege Escalation Vulnerability
CVE ID : CVE-2025-29810
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29810
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29811 - Windows Mobile Broadband Privilege Escalation Vulnerability
CVE ID : CVE-2025-29811
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Improper input validation in Windows Mobile Broadband allows an authorized attacker to elevate privileges locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29811
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Improper input validation in Windows Mobile Broadband allows an authorized attacker to elevate privileges locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29812 - Microsoft Windows Kernel Untrusted Pointer Dereference Privilege Escalation
CVE ID : CVE-2025-29812
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Untrusted pointer dereference in Windows Kernel Memory allows an authorized attacker to elevate privileges locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29812
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Untrusted pointer dereference in Windows Kernel Memory allows an authorized attacker to elevate privileges locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29816 - Microsoft Office Word File Upload Bypass Vulnerability
CVE ID : CVE-2025-29816
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Improper input validation in Microsoft Office Word allows an unauthorized attacker to bypass a security feature over a network.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29816
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Improper input validation in Microsoft Office Word allows an unauthorized attacker to bypass a security feature over a network.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29819 - Azure Portal Windows Admin Center File Path Disclosure Vulnerability
CVE ID : CVE-2025-29819
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose information locally.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29819
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose information locally.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...