Total
285 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-46358 | 2025-07-15 | N/A | 7.7 HIGH | ||
| Emerson ValveLink products do not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. | |||||
| CVE-2025-6427 | 1 Mozilla | 1 Firefox | 2025-07-14 | N/A | 9.1 CRITICAL |
| An attacker was able to bypass the `connect-src` directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability affects Firefox < 140 and Thunderbird < 140. | |||||
| CVE-2025-47984 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-14 | N/A | 7.5 HIGH |
| Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2025-47159 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-07-14 | N/A | 7.8 HIGH |
| Protection mechanism failure in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-32725 | 1 Microsoft | 5 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 2 more | 2025-07-10 | N/A | 7.5 HIGH |
| Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network. | |||||
| CVE-2025-33050 | 1 Microsoft | 5 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 2 more | 2025-07-10 | N/A | 7.5 HIGH |
| Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network. | |||||
| CVE-2025-47160 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-07-09 | N/A | 5.4 MEDIUM |
| Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network. | |||||
| CVE-2025-27472 | 1 Microsoft | 2 Windows 10 1507, Windows Server 2012 | 2025-07-08 | N/A | 5.4 MEDIUM |
| Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network. | |||||
| CVE-2025-21384 | 1 Microsoft | 1 Azure Health Bot | 2025-07-08 | N/A | 8.3 HIGH |
| An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network. | |||||
| CVE-2025-41224 | 2025-07-08 | N/A | 8.8 HIGH | ||
| A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.10.0), RUGGEDCOM RMC8388NC V5.X (All versions < V5.10.0), RUGGEDCOM RS416NCv2 V5.X (All versions < V5.10.0), RUGGEDCOM RS416PNCv2 V5.X (All versions < V5.10.0), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.10.0), RUGGEDCOM RS416v2 V5.X (All versions < V5.10.0), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RS900GNC(32M) V5.X (All versions < V5.10.0), RUGGEDCOM RS900NC(32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2100NC(32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2100PNC (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2288 V5.X (All versions < V5.10.0), RUGGEDCOM RSG2288NC V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300 V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300NC V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300P V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300PNC V5.X (All versions < V5.10.0), RUGGEDCOM RSG2488 V5.X (All versions < V5.10.0), RUGGEDCOM RSG2488NC V5.X (All versions < V5.10.0), RUGGEDCOM RSG907R (All versions < V5.10.0), RUGGEDCOM RSG908C (All versions < V5.10.0), RUGGEDCOM RSG909R (All versions < V5.10.0), RUGGEDCOM RSG910C (All versions < V5.10.0), RUGGEDCOM RSG920P V5.X (All versions < V5.10.0), RUGGEDCOM RSG920PNC V5.X (All versions < V5.10.0), RUGGEDCOM RSL910 (All versions < V5.10.0), RUGGEDCOM RSL910NC (All versions < V5.10.0), RUGGEDCOM RST2228 (All versions < V5.10.0), RUGGEDCOM RST2228P (All versions < V5.10.0), RUGGEDCOM RST916C (All versions < V5.10.0), RUGGEDCOM RST916P (All versions < V5.10.0). The affected products do not properly enforce interface access restrictions when changing from management to non-management interface configurations until a system reboot occurs, despite configuration being saved. This could allow an attacker with network access and credentials to gain access to device through non-management and maintain SSH access to the device until reboot. | |||||
| CVE-2025-24061 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-07-03 | N/A | 7.8 HIGH |
| Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature locally. | |||||
| CVE-2025-26637 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 22h2 and 9 more | 2025-07-03 | N/A | 6.8 MEDIUM |
| Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | |||||
| CVE-2025-21346 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-07-01 | N/A | 7.1 HIGH |
| Microsoft Office Security Feature Bypass Vulnerability | |||||
| CVE-2023-51748 | 1 Scalefusion | 1 Scalefusion | 2025-06-20 | N/A | 8.8 HIGH |
| ScaleFusion 10.5.2 does not properly limit users to the Edge application because Ctrl-O and Ctrl-S can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode. | |||||
| CVE-2023-20573 | 1 Amd | 130 Epyc 7203, Epyc 7203 Firmware, Epyc 7203p and 127 more | 2025-06-20 | N/A | 3.2 LOW |
| A privileged attacker can prevent delivery of debug exceptions to SEV-SNP guests potentially resulting in guests not receiving expected debug information. | |||||
| CVE-2025-49193 | 2025-06-12 | N/A | 4.2 MEDIUM | ||
| The application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed in an iFrame (Clickjacking attacks) or not executing injected malicious JavaScript code (XSS attacks). | |||||
| CVE-2022-33631 | 1 Microsoft | 4 365 Apps, Excel, Office and 1 more | 2025-06-05 | N/A | 7.3 HIGH |
| Microsoft Excel Security Feature Bypass Vulnerability | |||||
| CVE-2020-16198 | 1 Philips | 1 Clinical Collaboration Platform | 2025-06-04 | 5.8 MEDIUM | 5.0 MEDIUM |
| When an attacker claims to have a given identity, Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not prove or insufficiently proves the claim is correct. | |||||
| CVE-2025-31189 | 1 Apple | 1 Macos | 2025-06-02 | N/A | 8.2 HIGH |
| A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to break out of its sandbox. | |||||
| CVE-2022-26774 | 1 Apple | 1 Itunes | 2025-05-30 | 4.6 MEDIUM | 7.8 HIGH |
| A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges. | |||||