Количество 18 001
Количество 18 001
CVE-2025-27473
HTTP.sys Denial of Service Vulnerability
CVE-2025-27472
Windows Mark of the Web Security Feature Bypass Vulnerability
CVE-2025-27471
Microsoft Streaming Service Denial of Service Vulnerability
CVE-2025-27470
Windows Standards-Based Storage Management Service Denial of Service Vulnerability
CVE-2025-27469
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
CVE-2025-27468
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVE-2025-27467
Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-27423
Improper Input Validation in Vim
CVE-2025-27363
An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.
CVE-2025-27221
In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.
CVE-2025-27220
In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.
CVE-2025-27219
In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies.
CVE-2025-27152
Possible SSRF and Credential Leakage via Absolute URL in axios Requests
CVE-2025-27151
redis-check-aof may lead to stack overflow and potential RCE
CVE-2025-27144
CVE-2025-27113
CVE-2025-26688
Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability
CVE-2025-26687
Win32k Elevation of Privilege Vulnerability
CVE-2025-26686
Windows TCP/IP Remote Code Execution Vulnerability
CVE-2025-26685
Microsoft Defender for Identity Spoofing Vulnerability
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-27473 HTTP.sys Denial of Service Vulnerability | CVSS3: 7.5 | 13% Средний | 7 месяцев назад |
| CVE-2025-27472 Windows Mark of the Web Security Feature Bypass Vulnerability | CVSS3: 5.4 | 0% Низкий | 7 месяцев назад |
| CVE-2025-27471 Microsoft Streaming Service Denial of Service Vulnerability | CVSS3: 5.9 | 0% Низкий | 7 месяцев назад |
| CVE-2025-27470 Windows Standards-Based Storage Management Service Denial of Service Vulnerability | CVSS3: 7.5 | 12% Средний | 7 месяцев назад |
| CVE-2025-27469 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | CVSS3: 7.5 | 13% Средний | 7 месяцев назад |
| CVE-2025-27468 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | CVSS3: 7 | 0% Низкий | 6 месяцев назад |
| CVE-2025-27467 Windows Digital Media Elevation of Privilege Vulnerability | CVSS3: 7.8 | 0% Низкий | 7 месяцев назад |
| CVE-2025-27423 Improper Input Validation in Vim | CVSS3: 7.1 | 0% Низкий | 8 месяцев назад |
| CVE-2025-27363 An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild. | CVSS3: 8.1 | 70% Высокий | 8 месяцев назад |
| CVE-2025-27221 In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host. | CVSS3: 3.2 | 0% Низкий | 8 месяцев назад |
| CVE-2025-27220 In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method. | CVSS3: 4 | 1% Низкий | 8 месяцев назад |
| CVE-2025-27219 In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies. | CVSS3: 5.3 | 1% Низкий | 8 месяцев назад |
| CVE-2025-27152 Possible SSRF and Credential Leakage via Absolute URL in axios Requests | 0% Низкий | 2 месяца назад | |
| CVE-2025-27151 redis-check-aof may lead to stack overflow and potential RCE | CVSS3: 4.7 | 0% Низкий | 4 месяца назад |
| 0% Низкий | 8 месяцев назад | ||
| CVSS3: 7.5 | 0% Низкий | 9 месяцев назад | |
| CVE-2025-26688 Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability | CVSS3: 7.8 | 0% Низкий | 7 месяцев назад |
| CVE-2025-26687 Win32k Elevation of Privilege Vulnerability | CVSS3: 7.5 | 0% Низкий | 7 месяцев назад |
| CVE-2025-26686 Windows TCP/IP Remote Code Execution Vulnerability | CVSS3: 7.5 | 0% Низкий | 7 месяцев назад |
| CVE-2025-26685 Microsoft Defender for Identity Spoofing Vulnerability | 0% Низкий | 6 месяцев назад |
Уязвимостей на страницу