Security Vulnerabilities
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-05-13
Uncontrolled resource consumption in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network.
CVSS Score
7.5
EPSS Score
0.017
Published
2025-05-13
External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.
CVSS Score
6.7
EPSS Score
0.002
Published
2025-05-13
CVE-2025-4427
An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.
Known exploited
CVSS Score
5.3
EPSS Score
0.749
Published
2025-05-13
CVE-2025-4428
Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.
Known exploited
CVSS Score
7.2
EPSS Score
0.297
Published
2025-05-13
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability via the FUN_00459fdc function.
CVSS Score
9.8
EPSS Score
0.058
Published
2025-05-13
CVE-2025-32756
A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiVoice versions 7.2.0, 7.0.0 through 7.0.6, 6.4.0 through 6.4.10, FortiRecorder versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.5, 6.4.0 through 6.4.5, FortiMail versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.4, 7.2.0 through 7.2.7, 7.0.0 through 7.0.8, FortiNDR versions 7.6.0, 7.4.0 through 7.4.7, 7.2.0 through 7.2.4, 7.0.0 through 7.0.6, FortiCamera versions 2.1.0 through 2.1.3, 2.0 all versions, 1.1 all versions, allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie.
Known exploited
CVSS Score
9.8
EPSS Score
0.088
Published
2025-05-13
CVE-2025-4632
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority.
Known exploited
CVSS Score
9.8
EPSS Score
0.613
Published
2025-05-13
CVE-2025-42999
SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.
Known exploited
CVSS Score
9.1
EPSS Score
0.147
Published
2025-05-13
An information disclosure issue was addressed with improved privacy controls. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user data.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-05-12