Common Vulnerabilities and Exposures (CVE)
CVE-2025-49670
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-48817
Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2025-49737
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Teams allows an authorized attacker to elevate privileges locally.
CVE-2025-49731
Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network.
CVE-2025-47993
Improper access control in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
CVE-2025-49738
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
CVE-2025-49700
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-49703
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-49699
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-49697
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-7059
The Simple Featured Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slideshow’ parameter in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it ...
CVE-2025-7213
A vulnerability classified as critical has been found in FNKvision FNK-GU2 up to 40.1.7. Affected is an unknown function of the component UART Interface. The manipulation leads to on-chip debug and test interface with improper access contro...
CVE-2025-7212
A vulnerability was found in itsourcecode Insurance Management System up to 1.0. It has been rated as critical. This issue affects some unknown processing of the file /insertAgent.php. The manipulation of the argument agent_id leads to sql ...
CVE-2025-7211
A vulnerability was found in code-projects LifeStyle Store 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /cart_add.php. The manipulation of the argument ID leads to sql injection. The attack can ...
CVE-2025-49795
A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.