Common Vulnerabilities and Exposures (CVE)

CVE-2025-62473

Dec 17, 2025 17:34:16 UTC

Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

CVE-2025-62472

Dec 17, 2025 17:34:15 UTC

Use of uninitialized resource in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.

CVE-2025-62470

Dec 17, 2025 17:34:14 UTC

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

CVE-2025-62469

Dec 17, 2025 17:34:13 UTC

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.

CVE-2025-62466

Dec 17, 2025 17:34:13 UTC

Null pointer dereference in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.

CVE-2025-62458

Dec 17, 2025 17:34:12 UTC

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

CVE-2025-62457

Dec 17, 2025 17:34:11 UTC

Out-of-bounds read in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

CVE-2025-62456

Dec 17, 2025 17:34:10 UTC

Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an authorized attacker to execute code over a network.

CVE-2025-62454

Dec 17, 2025 17:34:10 UTC

Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

CVE-2025-62223

Dec 17, 2025 17:34:08 UTC

User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network.

CVE-2025-67172

Dec 17, 2025 17:31:08 UTC

RiteCMS v3.1.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the parse_special_tags() function.

CVE-2025-65203

Dec 17, 2025 17:26:04 UTC

KeePassXC-Browser thru 1.9.9.2 autofills or prompts to fill stored credentials into documents rendered under a browser-enforced CSP directive and iframe attribute sandbox, allowing attacker-controlled script in the sandboxed document to acc...

CVE-2025-66924

Dec 17, 2025 17:18:17 UTC

A Cross-site scripting (XSS) vulnerability in Create/Update Item Kit(s) in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web script or HTML via the "name" parameter.

CVE-2025-66923

Dec 17, 2025 17:12:39 UTC

A Cross-site scripting (XSS) vulnerability in Create/Update Customer(s) in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web script or HTML via the phone_number parameter.

CVE-2025-44005

Dec 17, 2025 17:06:18 UTC

An attacker can bypass authorization checks and force a Step CA ACME or SCEP provisioner to create certificates without completing certain protocol authorization checks.