CVE-2025-59499

Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...

EUVD-2025-93395

Improper neutralization of special elements used in a command 'command injection' in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network...

CVE-2025-60723

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows DirectX allows an authorized attacker to deny service over a network...

EUVD-2025-93422

Heap-based buffer overflow in Windows Routing and Remote Access Service RRAS allows an authorized attacker to execute code over a network...

CVE-2025-60722

Improper limitation of a pathname to a restricted directory 'path traversal' in OneDrive for Android allows an authorized attacker to elevate privileges over a network...

CVE-2025-60704

Missing cryptographic step in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network...

EUVD-2025-93442

Missing cryptographic step in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network...

PT-2025-46484

Name of the Vulnerable Software and Affected Versions Windows DirectX affected versions not specified Description A race condition exists in Windows DirectX due to concurrent execution using a shared resource with improper synchronization. This allows an authorized attacker to cause a denial of...

PT-2025-46516

Name of the Vulnerable Software and Affected Versions Windows Routing and Remote Access Service RRAS affected versions not specified Description A heap-based buffer overflow exists in the Windows Routing and Remote Access Service RRAS. This flaw could allow an authorized attacker to execute code...

CVE-2025-45378

Dell CloudLink, versions 8.0 through 8.1.2, contain vulnerability on restricted shell. A Privileged user with known password can break into command shell of CloudLink server and gain access of shell and escalate privilege, gain unauthorized access of system. If ssh is enabled with web credentials...

CVE-2025-45378

Dell CloudLink, versions 8.0 through 8.1.2, contain vulnerability on restricted shell. A Privileged user with known password can break into command shell of CloudLink server and gain access of shell and escalate privilege, gain unauthorized access of system. If ssh is enabled with web credentials...

CVE-2025-45378

CVE-2025-45378 (Dell CloudLink) affects Dell CloudLink running versions 8.0–8.1.2, with a vulnerability in the restricted shell that allows a privileged user with a known password to break into the CloudLink server command shell and escalate privileges, gaining unauthorized system access. If SSH ...

EUVD-2025-37923

GOG Galaxy 2.0.0.2 suffers from Missing SSL Certificate Validation. An attacker who controls the local network, DNS, or a proxy can perform a man-in-the-middle MitM attack to intercept update requests and replace installer or update packages with malicious files...

CVE-2025-60711

Protection mechanism failure in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Protection mechanism failure in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

PT-2025-44670

Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description A protection mechanism failure exists in Microsoft Edge Chromium-based that could allow an unauthorized attacker to execute code over a network. The issue enables remote...

Microsoft Edge 安全漏洞

Microsoft Edge is a web browser from Microsoft Corporation USA that comes with systems after Windows 10. A security vulnerability exists in Microsoft Edge, which stems from a failure in protection mechanisms that could allow an unauthorized attacker to execute code over the network...

CVE-2025-59503

Server-side request forgery ssrf in Azure Compute Gallery allows an unauthorized attacker to elevate privileges over a network...

CVE-2025-59500

Improper access control in Azure Notification Service allows an authorized attacker to elevate privileges over a network...

Oracle Primavera P6 Enterprise Project Portfolio Management (October 2025 CPU)

The versions of Primavera P6 Enterprise Project Portfolio Management installed on the remote host are affected by a vulnerability as referenced in the October 2025 CPU advisory. - Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and...