Total 319136 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-60706 1 Microsoft 23 Hyper-v, Windows, Windows 10 and 20 more 2025-11-21 5.5 Medium
Out-of-bounds read in Windows Hyper-V allows an authorized attacker to disclose information locally.
CVE-2025-60705 1 Microsoft 27 Windows, Windows 10, Windows 10 1607 and 24 more 2025-11-21 7.8 High
Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.
CVE-2025-60704 1 Microsoft 27 Windows, Windows 10, Windows 10 1607 and 24 more 2025-11-21 7.5 High
Missing cryptographic step in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-60703 1 Microsoft 28 Remote, Remote Desktop, Windows and 25 more 2025-11-21 7.8 High
Untrusted pointer dereference in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
CVE-2025-59513 1 Microsoft 25 Windows, Windows 10, Windows 10 1607 and 22 more 2025-11-21 5.5 Medium
Out-of-bounds read in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to disclose information locally.
CVE-2025-59512 1 Microsoft 24 Windows, Windows 10, Windows 10 1607 and 21 more 2025-11-21 7.8 High
Improper access control in Customer Experience Improvement Program (CEIP) allows an authorized attacker to elevate privileges locally.
CVE-2025-59511 1 Microsoft 20 Windows, Windows 10, Windows 10 1809 and 17 more 2025-11-21 7.8 High
External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally.
CVE-2025-59510 1 Microsoft 25 Remote, Windows, Windows 10 and 22 more 2025-11-21 5.5 Medium
Improper link resolution before file access ('link following') in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to deny service locally.
CVE-2025-59509 1 Microsoft 20 Windows, Windows 10, Windows 10 1809 and 17 more 2025-11-21 5.5 Medium
Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker to disclose information locally.
CVE-2025-59508 1 Microsoft 22 Windows, Windows 10, Windows 10 1607 and 19 more 2025-11-21 7 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.
CVE-2025-59507 1 Microsoft 22 Windows, Windows 10, Windows 10 1607 and 19 more 2025-11-21 7 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.
CVE-2025-59506 1 Microsoft 24 Windows, Windows 10, Windows 10 1607 and 21 more 2025-11-21 7 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally.
CVE-2025-59505 1 Microsoft 24 Windows, Windows 10, Windows 10 1607 and 21 more 2025-11-21 7.8 High
Double free in Windows Smart Card allows an authorized attacker to elevate privileges locally.
CVE-2025-59504 1 Microsoft 2 Azure Monitor, Azure Monitor Agent 2025-11-21 7.3 High
Heap-based buffer overflow in Azure Monitor Agent allows an unauthorized attacker to execute code locally.
CVE-2025-13223 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2025-11-21 8.8 High
Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2025-58034 1 Fortinet 1 Fortiweb 2025-11-21 6.7 Medium
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands.
CVE-2025-64446 1 Fortinet 1 Fortiweb 2025-11-21 9.4 Critical
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.
CVE-2025-66112 2025-11-21 4.3 Medium
Missing Authorization vulnerability in WebToffee Accessibility Toolkit by WebYes accessibility-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility Toolkit by WebYes: from n/a through <= 2.0.4.
CVE-2025-66091 2025-11-21 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Design Stylish Cost Calculator stylish-cost-calculator allows DOM-Based XSS.This issue affects Stylish Cost Calculator: from n/a through <= 8.1.5.
CVE-2025-64483 2025-11-21 N/A
Wazuh is a security detection, visibility, and compliance open source project. From version 4.9.0 to before 4.13.0, the Wazuh API – Agent Configuration in certain configurations allows authenticated users with read-only API roles to retrieve agent enrollment credentials through the /utils/configuration endpoint. These credentials can be used to register new agents within the same Wazuh tenant without requiring elevated permissions through the UI. This issue has been patched in version 4.13.0.