CVE-2025-62217 - Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE ID : CVE-2025-62217
Published : Nov. 11, 2025, 6:15 p.m. | 36 minutes ago
Description : Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62217
Published : Nov. 11, 2025, 6:15 p.m. | 36 minutes ago
Description : Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62218 - Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability
CVE ID : CVE-2025-62218
Published : Nov. 11, 2025, 6:15 p.m. | 36 minutes ago
Description : Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62218
Published : Nov. 11, 2025, 6:15 p.m. | 36 minutes ago
Description : Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62219 - Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability
CVE ID : CVE-2025-62219
Published : Nov. 11, 2025, 6:15 p.m. | 36 minutes ago
Description : Double free in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62219
Published : Nov. 11, 2025, 6:15 p.m. | 36 minutes ago
Description : Double free in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62220 - Windows Subsystem for Linux GUI Remote Code Execution Vulnerability
CVE ID : CVE-2025-62220
Published : Nov. 11, 2025, 6:15 p.m. | 36 minutes ago
Description : Heap-based buffer overflow in Windows Subsystem for Linux GUI allows an unauthorized attacker to execute code over a network.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62220
Published : Nov. 11, 2025, 6:15 p.m. | 36 minutes ago
Description : Heap-based buffer overflow in Windows Subsystem for Linux GUI allows an unauthorized attacker to execute code over a network.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62222 - Agentic AI and Visual Studio Code Remote Code Execution Vulnerability
CVE ID : CVE-2025-62222
Published : Nov. 11, 2025, 6:15 p.m. | 36 minutes ago
Description : Improper neutralization of special elements used in a command ('command injection') in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62222
Published : Nov. 11, 2025, 6:15 p.m. | 36 minutes ago
Description : Improper neutralization of special elements used in a command ('command injection') in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62449 - Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability
CVE ID : CVE-2025-62449
Published : Nov. 11, 2025, 6:15 p.m. | 36 minutes ago
Description : Improper limitation of a pathname to a restricted directory ('path traversal') in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62449
Published : Nov. 11, 2025, 6:15 p.m. | 36 minutes ago
Description : Improper limitation of a pathname to a restricted directory ('path traversal') in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62452 - Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE ID : CVE-2025-62452
Published : Nov. 11, 2025, 6:15 p.m. | 36 minutes ago
Description : Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62452
Published : Nov. 11, 2025, 6:15 p.m. | 36 minutes ago
Description : Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62453 - GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability
CVE ID : CVE-2025-62453
Published : Nov. 11, 2025, 6:15 p.m. | 36 minutes ago
Description : Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature locally.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62453
Published : Nov. 11, 2025, 6:15 p.m. | 36 minutes ago
Description : Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature locally.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61830 - Adobe Pass | Incorrect Authorization (CWE-863)
CVE ID : CVE-2025-61830
Published : Nov. 11, 2025, 6:28 p.m. | 23 minutes ago
Description : Adobe Pass versions 3.7.3 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access. Exploitation of this issue requires user interaction in that a victim must install a malicious SDK.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61830
Published : Nov. 11, 2025, 6:28 p.m. | 23 minutes ago
Description : Adobe Pass versions 3.7.3 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access. Exploitation of this issue requires user interaction in that a victim must install a malicious SDK.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61840 - Format Plugins | Out-of-bounds Read (CWE-125)
CVE ID : CVE-2025-61840
Published : Nov. 11, 2025, 7:15 p.m. | 3 hours, 38 minutes ago
Description : Format Plugins versions 1.1.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61840
Published : Nov. 11, 2025, 7:15 p.m. | 3 hours, 38 minutes ago
Description : Format Plugins versions 1.1.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61841 - Format Plugins | Out-of-bounds Read (CWE-125)
CVE ID : CVE-2025-61841
Published : Nov. 11, 2025, 7:15 p.m. | 3 hours, 38 minutes ago
Description : Format Plugins versions 1.1.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive memory information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61841
Published : Nov. 11, 2025, 7:15 p.m. | 3 hours, 38 minutes ago
Description : Format Plugins versions 1.1.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive memory information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61842 - Format Plugins | Use After Free (CWE-416)
CVE ID : CVE-2025-61842
Published : Nov. 11, 2025, 7:15 p.m. | 3 hours, 38 minutes ago
Description : Format Plugins versions 1.1.1 and earlier are affected by a Use After Free vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61842
Published : Nov. 11, 2025, 7:15 p.m. | 3 hours, 38 minutes ago
Description : Format Plugins versions 1.1.1 and earlier are affected by a Use After Free vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61843 - Format Plugins | Out-of-bounds Read (CWE-125)
CVE ID : CVE-2025-61843
Published : Nov. 11, 2025, 7:15 p.m. | 3 hours, 38 minutes ago
Description : Format Plugins versions 1.1.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61843
Published : Nov. 11, 2025, 7:15 p.m. | 3 hours, 38 minutes ago
Description : Format Plugins versions 1.1.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61844 - Format Plugins | Out-of-bounds Read (CWE-125)
CVE ID : CVE-2025-61844
Published : Nov. 11, 2025, 7:15 p.m. | 3 hours, 38 minutes ago
Description : Format Plugins versions 1.1.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61844
Published : Nov. 11, 2025, 7:15 p.m. | 3 hours, 38 minutes ago
Description : Format Plugins versions 1.1.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61845 - Format Plugins | Out-of-bounds Read (CWE-125)
CVE ID : CVE-2025-61845
Published : Nov. 11, 2025, 7:15 p.m. | 3 hours, 38 minutes ago
Description : Format Plugins versions 1.1.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61845
Published : Nov. 11, 2025, 7:15 p.m. | 3 hours, 38 minutes ago
Description : Format Plugins versions 1.1.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12748 - Libvirt: denial of service in xml parsing
CVE ID : CVE-2025-12748
Published : Nov. 11, 2025, 8:15 p.m. | 2 hours, 38 minutes ago
Description : A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too much memory on the host. The excessive memory consumption could lead to a libvirt process crash on the host, resulting in a denial-of-service condition.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12748
Published : Nov. 11, 2025, 8:15 p.m. | 2 hours, 38 minutes ago
Description : A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too much memory on the host. The excessive memory consumption could lead to a libvirt process crash on the host, resulting in a denial-of-service condition.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-32008 - Spectrum Power 4 Local Privilege Escalation
CVE ID : CVE-2024-32008
Published : Nov. 11, 2025, 9:15 p.m. | 1 hour, 38 minutes ago
Description : A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to a local privilege escalation due to an exposed debug interface on the localhost. This allows any local user to gain code execution as administrative application user.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-32008
Published : Nov. 11, 2025, 9:15 p.m. | 1 hour, 38 minutes ago
Description : A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to a local privilege escalation due to an exposed debug interface on the localhost. This allows any local user to gain code execution as administrative application user.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-32009 - Spectrum Power Privilege Escalation Vulnerability
CVE ID : CVE-2024-32009
Published : Nov. 11, 2025, 9:15 p.m. | 1 hour, 38 minutes ago
Description : A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to a local privilege escalation due to wrongly set permissions to a binary which allows any local attacker to gain administrative privileges.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-32009
Published : Nov. 11, 2025, 9:15 p.m. | 1 hour, 38 minutes ago
Description : A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to a local privilege escalation due to wrongly set permissions to a binary which allows any local attacker to gain administrative privileges.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-32010 - Spectrum Power 4 Database Credential Extraction and Command Injection Vulnerability
CVE ID : CVE-2024-32010
Published : Nov. 11, 2025, 9:15 p.m. | 1 hour, 38 minutes ago
Description : A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to extraction of database credentials via a world-readable credential file. This allows an attacker to connect to the database as privileged application user and to run system commands via the database.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-32010
Published : Nov. 11, 2025, 9:15 p.m. | 1 hour, 38 minutes ago
Description : A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to extraction of database credentials via a world-readable credential file. This allows an attacker to connect to the database as privileged application user and to run system commands via the database.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-32011 - Spectrum Power Command Injection Vulnerability
CVE ID : CVE-2024-32011
Published : Nov. 11, 2025, 9:15 p.m. | 1 hour, 38 minutes ago
Description : A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to run arbitrary commands via the user interface. This user interface can be used via the network and allows the execution of commands as administrative application user.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-32011
Published : Nov. 11, 2025, 9:15 p.m. | 1 hour, 38 minutes ago
Description : A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to run arbitrary commands via the user interface. This user interface can be used via the network and allows the execution of commands as administrative application user.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-32014 - Spectrum Power 4 Privilege Escalation
CVE ID : CVE-2024-32014
Published : Nov. 11, 2025, 9:15 p.m. | 1 hour, 38 minutes ago
Description : A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to alter the local database which contains the application credentials. This allows an attacker to gain administrative application privileges.
Severity: 5.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-32014
Published : Nov. 11, 2025, 9:15 p.m. | 1 hour, 38 minutes ago
Description : A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to alter the local database which contains the application credentials. This allows an attacker to gain administrative application privileges.
Severity: 5.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...