Common Vulnerabilities and Exposures (CVE)

CVE-2025-49670

Jul 9, 2025 04:01:26 UTC

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

CVE-2025-48817

Jul 9, 2025 04:01:25 UTC

Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

CVE-2025-49737

Jul 9, 2025 04:01:24 UTC

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Teams allows an authorized attacker to elevate privileges locally.

CVE-2025-49731

Jul 9, 2025 04:01:23 UTC

Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network.

CVE-2025-47993

Jul 9, 2025 04:01:22 UTC

Improper access control in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.

CVE-2025-49738

Jul 9, 2025 04:01:21 UTC

Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.

CVE-2025-49700

Jul 9, 2025 04:01:20 UTC

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2025-49703

Jul 9, 2025 04:01:19 UTC

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2025-49699

Jul 9, 2025 04:01:17 UTC

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2025-49697

Jul 9, 2025 04:01:16 UTC

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2025-7059

Jul 9, 2025 03:22:03 UTC

The Simple Featured Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slideshow’ parameter in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it ...

CVE-2025-7213

Jul 9, 2025 03:02:05 UTC

A vulnerability classified as critical has been found in FNKvision FNK-GU2 up to 40.1.7. Affected is an unknown function of the component UART Interface. The manipulation leads to on-chip debug and test interface with improper access contro...

CVE-2025-7212

Jul 9, 2025 02:32:06 UTC

A vulnerability was found in itsourcecode Insurance Management System up to 1.0. It has been rated as critical. This issue affects some unknown processing of the file /insertAgent.php. The manipulation of the argument agent_id leads to sql ...

CVE-2025-7211

Jul 9, 2025 02:02:04 UTC

A vulnerability was found in code-projects LifeStyle Store 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /cart_add.php. The manipulation of the argument ID leads to sql injection. The attack can ...

CVE-2025-49795

Jul 9, 2025 01:56:38 UTC

A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.