CVE-2025-29809 - Windows Kerberos Sensitive Information Storage Vulnerability
CVE ID : CVE-2025-29809
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29809
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29810 - Microsoft Active Directory Domain Services Privilege Escalation Vulnerability
CVE ID : CVE-2025-29810
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29810
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29811 - Windows Mobile Broadband Privilege Escalation Vulnerability
CVE ID : CVE-2025-29811
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Improper input validation in Windows Mobile Broadband allows an authorized attacker to elevate privileges locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29811
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Improper input validation in Windows Mobile Broadband allows an authorized attacker to elevate privileges locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29812 - Microsoft Windows Kernel Untrusted Pointer Dereference Privilege Escalation
CVE ID : CVE-2025-29812
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Untrusted pointer dereference in Windows Kernel Memory allows an authorized attacker to elevate privileges locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29812
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Untrusted pointer dereference in Windows Kernel Memory allows an authorized attacker to elevate privileges locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29816 - Microsoft Office Word File Upload Bypass Vulnerability
CVE ID : CVE-2025-29816
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Improper input validation in Microsoft Office Word allows an unauthorized attacker to bypass a security feature over a network.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29816
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Improper input validation in Microsoft Office Word allows an unauthorized attacker to bypass a security feature over a network.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29819 - Azure Portal Windows Admin Center File Path Disclosure Vulnerability
CVE ID : CVE-2025-29819
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose information locally.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29819
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose information locally.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29820 - Microsoft Office Word Use-After-Free Remote Code Execution Vulnerability
CVE ID : CVE-2025-29820
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29820
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29821 - Dynamics Business Central Information Disclosure Vulnerability
CVE ID : CVE-2025-29821
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Improper input validation in Dynamics Business Central allows an authorized attacker to disclose information locally.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29821
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Improper input validation in Dynamics Business Central allows an authorized attacker to disclose information locally.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29822 - Microsoft Office OneNote Input Validation Bypass
CVE ID : CVE-2025-29822
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Incomplete list of disallowed inputs in Microsoft Office OneNote allows an unauthorized attacker to bypass a security feature locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29822
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Incomplete list of disallowed inputs in Microsoft Office OneNote allows an unauthorized attacker to bypass a security feature locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29823 - Microsoft Office Excel Use-After-Free Vulnerability Allows Local Code Execution
CVE ID : CVE-2025-29823
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29823
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29824 - Windows Common Log File System Driver Use-After-Free Privilege Escalation Vulnerability
CVE ID : CVE-2025-29824
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29824
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32035 - DotNetNuke File Upload Validation Bypass Vulnerability
CVE ID : CVE-2025-32035
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 9.13.2, when uploading files (e.g. when uploading assets), the file extension is checked to see if it's an allowed file type but the actual contents of the file aren't checked. This means that it's possible to e.g. upload an executable file renamed to be a .jpg. This file could then be executed by another security vulnerability. This vulnerability is fixed in 9.13.2.
Severity: 2.6 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32035
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 9.13.2, when uploading files (e.g. when uploading assets), the file extension is checked to see if it's an allowed file type but the actual contents of the file aren't checked. This means that it's possible to e.g. upload an executable file renamed to be a .jpg. This file could then be executed by another security vulnerability. This vulnerability is fixed in 9.13.2.
Severity: 2.6 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32036 - DNN Captcha Bypass Vulnerability
CVE ID : CVE-2025-32036
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. The algorithm used to generate the captcha image shows the least complexity of the desired image. For this reason, the created image can be easily read by OCR tools, and the intruder can send automatic requests by building a robot and using this tool. This vulnerability is fixed in 9.13.8.
Severity: 4.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32036
Published : April 8, 2025, 6:16 p.m. | 1 hour, 8 minutes ago
Description : DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. The algorithm used to generate the captcha image shows the least complexity of the desired image. For this reason, the created image can be easily read by OCR tools, and the intruder can send automatic requests by building a robot and using this tool. This vulnerability is fixed in 9.13.8.
Severity: 4.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30309 - Adobe XMP Toolkit Out-of-Bounds Read Vulnerability
CVE ID : CVE-2025-30309
Published : April 8, 2025, 7:15 p.m. | 4 hours, 9 minutes ago
Description : XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30309
Published : April 8, 2025, 7:15 p.m. | 4 hours, 9 minutes ago
Description : XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3416 - OpenSSL Use-After-Free Property Parsing Vulnerability
CVE ID : CVE-2025-3416
Published : April 8, 2025, 7:15 p.m. | 4 hours, 9 minutes ago
Description : A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3416
Published : April 8, 2025, 7:15 p.m. | 4 hours, 9 minutes ago
Description : A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-12556 - Kibana Prototype Pollution Code Execution
CVE ID : CVE-2024-12556
Published : April 8, 2025, 8:15 p.m. | 3 hours, 10 minutes ago
Description : Prototype Pollution in Kibana can lead to code injection via unrestricted file upload combined with path traversal.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-12556
Published : April 8, 2025, 8:15 p.m. | 3 hours, 10 minutes ago
Description : Prototype Pollution in Kibana can lead to code injection via unrestricted file upload combined with path traversal.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-22871 - Apache HTTP Server Chunked Encoding Request Smuggling
CVE ID : CVE-2025-22871
Published : April 8, 2025, 8:15 p.m. | 3 hours, 10 minutes ago
Description : The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-22871
Published : April 8, 2025, 8:15 p.m. | 3 hours, 10 minutes ago
Description : The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-24446 - ColdFusion Arbitrary Code Execution Vulnerability
CVE ID : CVE-2025-24446
Published : April 8, 2025, 8:15 p.m. | 3 hours, 10 minutes ago
Description : ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-24446
Published : April 8, 2025, 8:15 p.m. | 3 hours, 10 minutes ago
Description : ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-24447 - ColdFusion Deserialization of Untrusted Data Arbitrary Code Execution Vulnerability
CVE ID : CVE-2025-24447
Published : April 8, 2025, 8:15 p.m. | 3 hours, 10 minutes ago
Description : ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-24447
Published : April 8, 2025, 8:15 p.m. | 3 hours, 10 minutes ago
Description : ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30281 - Adobe ColdFusion File System Read Vulnerability
CVE ID : CVE-2025-30281
Published : April 8, 2025, 8:15 p.m. | 3 hours, 10 minutes ago
Description : ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitation of this issue does not require user interaction.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30281
Published : April 8, 2025, 8:15 p.m. | 3 hours, 10 minutes ago
Description : ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitation of this issue does not require user interaction.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30282 - Adobe ColdFusion Authentication Bypass
CVE ID : CVE-2025-30282
Published : April 8, 2025, 8:15 p.m. | 3 hours, 10 minutes ago
Description : ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could leverage this vulnerability to bypass authentication mechanisms and execute code with the privileges of the authenticated user. Exploitation of this issue requires user interaction in that a victim must be coerced into performing actions within the application.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30282
Published : April 8, 2025, 8:15 p.m. | 3 hours, 10 minutes ago
Description : ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could leverage this vulnerability to bypass authentication mechanisms and execute code with the privileges of the authenticated user. Exploitation of this issue requires user interaction in that a victim must be coerced into performing actions within the application.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...