Common Vulnerabilities and Exposures (CVE)

CVE-2025-13661

Dec 10, 2025 04:57:19 UTC

Path traversal in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote authenticated attacker to write arbitrary files outside of the intended directory. User interaction is required.

CVE-2025-13659

Dec 10, 2025 04:57:18 UTC

Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary files on the server, potentially leading to remote code execution. ...

CVE-2025-6218

Dec 10, 2025 04:57:13 UTC

RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerabili...

CVE-2025-42880

Dec 10, 2025 04:57:10 UTC

Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module. This could provide the attacker with full control of the system hence leading to ...

CVE-2025-42928

Dec 10, 2025 04:57:09 UTC

Under certain conditions, a high privileged user could exploit a deserialization vulnerability in SAP jConnect to launch remote code execution. The system may be vulnerable when specially crafted input is used to exploit the vulnerability r...

CVE-2025-62572

Dec 10, 2025 04:57:08 UTC

Out-of-bounds read in Application Information Services allows an authorized attacker to elevate privileges locally.

CVE-2025-64673

Dec 10, 2025 04:57:07 UTC

Improper access control in Storvsp.sys Driver allows an authorized attacker to elevate privileges locally.

CVE-2025-59517

Dec 10, 2025 04:57:06 UTC

Improper access control in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.

CVE-2025-59516

Dec 10, 2025 04:57:04 UTC

Missing authentication for critical function in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.

CVE-2025-62570

Dec 10, 2025 04:57:03 UTC

Improper access control in Windows Camera Frame Server Monitor allows an authorized attacker to disclose information locally.

CVE-2025-64680

Dec 10, 2025 04:57:01 UTC

Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

CVE-2025-64671

Dec 10, 2025 04:57:00 UTC

Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to execute code locally.

CVE-2025-64658

Dec 10, 2025 04:56:58 UTC

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally.

CVE-2025-62458

Dec 10, 2025 04:56:57 UTC

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

CVE-2025-55233

Dec 10, 2025 04:56:56 UTC

Out-of-bounds read in Windows Projected File System allows an authorized attacker to elevate privileges locally.