Skip to main content
CVE-2025-48385 HIGH PATCH This Week

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When cloning a repository Git knows to optionally fetch a bundle advertised by the remote server, which allows the server-side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection. This protocol injection can cause the client to write the fetched bundle to a location controlled by the adversary. The fetched content is fully controlled by the server, which can in the worst case lead to arbitrary code execution. The use of bundle URIs is not enabled by default and can be controlled by the bundle.heuristic config option. Some cases of the vulnerability require that the adversary is in control of where a repository will be cloned to. This either requires social engineering or a recursive clone with submodules. These cases can thus be avoided by disabling recursive clones. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.

RCE Ubuntu Debian Red Hat Suse
NVD GitHub
CVSS 4.0
8.6
EPSS
0.0%
CVE-2025-49717 HIGH PATCH This Week

Heap-based buffer overflow in SQL Server allows an authorized attacker to execute code over a network.

Heap Overflow Buffer Overflow Sql Server 2019 Sql Server 2022
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2025-53547 HIGH PATCH This Week

Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lock file when dependencies are updated and this file is written, can be crafted in a way that can cause execution if that same content were in a file that is executed (e.g., a bash.rc file or shell script). If the Chart.lock file is symlinked to one of these files updating dependencies will write the lock file content to the symlinked file. This can lead to unwanted execution. Helm warns of the symlinked file but did not stop execution due to symlinking. This issue has been resolved in Helm v3.18.4.

RCE Code Injection Kubernetes Debian Helm +2
NVD GitHub
CVSS 3.1
8.5
EPSS
0.0%
CVE-2025-49696 HIGH PATCH This Week

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.

Microsoft Heap Overflow Buffer Overflow
NVD VulDB
CVSS 3.1
8.4
EPSS
0.1%
CVE-2025-49695 HIGH PATCH This Week

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Microsoft Use After Free Memory Corruption Denial Of Service
NVD VulDB
CVSS 3.1
8.4
EPSS
0.1%
CVE-2025-25269 HIGH PATCH This Week

An unauthenticated local attacker can inject a command that is subsequently executed as root, leading to a privilege escalation.

Command Injection Privilege Escalation Charx Sec 3000 Firmware Charx Sec 3150 Firmware Charx Sec 3100 Firmware +1
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2025-49697 HIGH PATCH This Week

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Microsoft Heap Overflow Buffer Overflow
NVD VulDB
CVSS 3.1
8.4
EPSS
0.1%
CVE-2025-6996 HIGH This Week

A security vulnerability in the agent of Ivanti Endpoint Manager (CVSS 8.4) that allows a local authenticated attacker. High severity vulnerability requiring prompt remediation.

Information Disclosure Ivanti Endpoint Manager
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2025-6995 HIGH This Week

A security vulnerability in the agent of Ivanti Endpoint Manager (CVSS 8.4) that allows a local authenticated attacker. High severity vulnerability requiring prompt remediation.

Information Disclosure Ivanti Endpoint Manager
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2025-24003 HIGH This Week

An unauthenticated remote attacker can use MQTT messages to trigger out-of-bounds writes in charging stations complying with German Calibration Law, resulting in a loss of integrity for only EichrechtAgents and potential denial-of-service for these stations.

Buffer Overflow Charx Sec 3050 Firmware Charx Sec 3100 Firmware Charx Sec 3000 Firmware Charx Sec 3150 Firmware
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2025-3648 HIGH This Week

A security vulnerability in A vulnerability (CVSS 8.2) that allows unauthenticated and authenticated users. High severity vulnerability requiring prompt remediation.

Information Disclosure
NVD
CVSS 4.0
8.2
EPSS
0.1%
CVE-2025-21427 HIGH This Week

Information disclosure while decoding this RTP packet Payload when UE receives the RTP packet from the network.

Information Disclosure Buffer Overflow Wcn3610 Firmware Qam8650p Firmware Video Collaboration Vc1 Platform Firmware +166
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2025-36600 HIGH PATCH This Week

A remote code execution vulnerability in an externally developed component (CVSS 8.2). High severity vulnerability requiring prompt remediation.

RCE Dell Latitude 12 Rugged Extreme 7214 Firmware
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-49735 HIGH PATCH This Week

Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network.

Microsoft Use After Free Memory Corruption Denial Of Service Windows Server 2025 +6
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-42959 HIGH This Week

A security vulnerability in An unauthenticated attacker may exploit a scenario where a (CVSS 8.1). High severity vulnerability requiring prompt remediation.

Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-33054 HIGH PATCH This Week

A security vulnerability in Insufficient UI warning of dangerous operations in Remote Desktop Client (CVSS 8.1) that allows an unauthorized attacker. High severity vulnerability requiring prompt remediation.

Authentication Bypass Windows 11 24h2 Windows Server 2025 Windows 11 22h2 Windows 11 23h2 +1
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-42953 HIGH This Week

CVE-2025-42953 is a security vulnerability (CVSS 8.1). High severity vulnerability requiring prompt remediation.

SAP Authentication Bypass
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2024-31854 HIGH This Week

A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.11). During establishment of a https connection to the TLS server of a managed device, the affected application doesn't check device's certificate common name against an expected value. This could allow an attacker to execute an on-path network (MitM) attack.

Information Disclosure Sicam Toolbox Ii
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2024-31853 HIGH This Week

A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.11). During establishment of a https connection to the TLS server of a managed device, the affected application doesn't check the extended key usage attribute of that device's certificate. This could allow an attacker to execute an on-path network (MitM) attack.

Information Disclosure Sicam Toolbox Ii
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-47178 HIGH PATCH This Week

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to execute code over an adjacent network.

Microsoft SQLi Configuration Manager 2503
NVD
CVSS 3.1
8.0
EPSS
0.2%
CVE-2025-49691 HIGH PATCH This Week

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over an adjacent network.

Microsoft Heap Overflow Buffer Overflow Windows 10 1607 Windows 11 22h2 +12
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-47972 HIGH PATCH This Week

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges over a network.

Microsoft Race Condition Information Disclosure Windows Server 2016 Windows Server 2022 +11
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-49537 HIGH This Week

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead to arbitrary code execution by a high-privileged attacker. Exploitation of this issue requires user interaction and scope is changed. The vulnerable component is restricted to internal IP addresses.

RCE Command Injection Coldfusion
NVD
CVSS 3.1
7.9
EPSS
0.1%
CVE-2025-49718 HIGH PATCH This Week

Use of uninitialized resource in SQL Server allows an unauthorized attacker to disclose information over a network.

Information Disclosure Sql Server 2022 Sql Server 2019
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2025-47994 HIGH PATCH This Week

Deserialization of untrusted data in Microsoft Office allows an unauthorized attacker to elevate privileges locally.

Deserialization Microsoft Office Long Term Servicing Channel Sharepoint Enterprise Server Office +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-49679 HIGH PATCH This Week

A privilege escalation vulnerability in Numeric truncation error in Windows Shell (CVSS 7.8) that allows an authorized attacker. High severity vulnerability requiring prompt remediation.

Microsoft Information Disclosure Windows 10 22h2 Windows Server 2019 Windows Server 2016 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-48815 HIGH PATCH This Week

Access of resource using incompatible type ('type confusion') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure Memory Corruption Windows 10 1607 Windows Server 2016 +14
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49703 HIGH PATCH This Week

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Microsoft Use After Free Memory Corruption Denial Of Service Office Long Term Servicing Channel +4
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-47982 HIGH PATCH This Week

Improper input validation in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure Windows 10 1607 Windows Server 2025 Windows 11 23h2 +10
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49714 HIGH PATCH This Week

A security vulnerability in Trust boundary violation in Visual Studio Code - Python extension (CVSS 7.8) that allows an unauthorized attacker. High severity vulnerability requiring prompt remediation.

Python Authentication Bypass
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49702 HIGH PATCH This Week

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

Microsoft Memory Corruption Authentication Bypass
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-47987 HIGH POC PATCH This Week

Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally.

Microsoft Heap Overflow Buffer Overflow Windows Server 2012 Windows Server 2019 +14
NVD Exploit-DB VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49742 HIGH PATCH This Week

Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally.

Microsoft Heap Overflow Buffer Overflow Windows 10 21h2 Windows Server 2008 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-48816 HIGH PATCH This Week

Integer overflow or wraparound in HID class driver allows an authorized attacker to elevate privileges locally.

Information Disclosure Buffer Overflow Windows 11 22h2 Windows Server 2022 23h2 Windows 10 22h2 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-47996 HIGH PATCH This Week

Integer underflow (wrap or wraparound) in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure Buffer Overflow Windows Server 2016 Windows 10 1507 +14
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49689 HIGH PATCH This Week

Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.

Information Disclosure Buffer Overflow Windows Server 2022 23h2 Windows Server 2019 Windows 10 22h2 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49738 HIGH PATCH This Week

Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure Pc Manager
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-48820 HIGH PATCH This Week

Improper link resolution before file access ('link following') in Windows AppX Deployment Service allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure Windows 11 22h2 Windows Server 2019 Windows 11 24h2 +11
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49667 HIGH PATCH This Week

A privilege escalation vulnerability in Double free in Windows Win32K - ICOMP (CVSS 7.8) that allows an authorized attacker. High severity vulnerability requiring prompt remediation.

Microsoft Information Disclosure Windows Server 2025 Windows 10 1809 Windows Server 2012 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49694 HIGH PATCH This Week

Null pointer dereference in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.

Microsoft Null Pointer Dereference Denial Of Service Windows 11 24h2 Windows Server 2022 23h2 +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49686 HIGH PATCH This Week

Null pointer dereference in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

Microsoft Null Pointer Dereference Denial Of Service Windows Server 2022 Windows Server 2019 +14
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-47159 HIGH PATCH This Week

Protection mechanism failure in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure Windows 11 22h2 Windows 10 1507 Windows 10 22h2 +11
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49733 HIGH PATCH This Week

Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

Microsoft Use After Free Memory Corruption Denial Of Service Windows 11 23h2 +10
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49732 HIGH PATCH This Week

Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Microsoft Heap Overflow Buffer Overflow Windows 10 1809 Windows 10 22h2 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49726 HIGH PATCH This Week

Use after free in Windows Notification allows an authorized attacker to elevate privileges locally.

Microsoft Use After Free Memory Corruption Denial Of Service Windows 10 22h2 +12
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49725 HIGH PATCH This Week

Use after free in Windows Notification allows an authorized attacker to elevate privileges locally.

Microsoft Use After Free Memory Corruption Denial Of Service Windows 10 22h2 +12
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49693 HIGH PATCH This Week

A privilege escalation vulnerability in Double free in Microsoft Brokering File System (CVSS 7.8) that allows an authorized attacker. High severity vulnerability requiring prompt remediation.

Microsoft Information Disclosure Windows 11 24h2 Windows Server 2022 23h2 Windows 11 22h2 +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49675 HIGH PATCH This Week

Use after free in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.

Use After Free Memory Corruption Denial Of Service Windows Server 2025 Windows 10 22h2 +14
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49661 HIGH PATCH This Week

A privilege escalation vulnerability in Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock (CVSS 7.8) that allows an authorized attacker. High severity vulnerability requiring prompt remediation.

Microsoft Information Disclosure Windows Server 2008 Windows Server 2022 23h2 Windows 10 1507 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49660 HIGH PATCH This Week

Use after free in Windows Event Tracing allows an authorized attacker to elevate privileges locally.

Microsoft Use After Free Memory Corruption Denial Of Service Windows 10 21h2 +14
NVD
CVSS 3.1
7.8
EPSS
0.1%
Prev Page 2 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy