Filtered by vendor Microsoft
Subscriptions
Total
22837 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-47976 | 1 Microsoft | 18 Windows, Windows 10, Windows 10 1507 and 15 more | 2025-08-23 | 7.8 High |
| Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-47972 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-08-23 | 8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-47971 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-08-23 | 7.8 High |
| Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2025-21195 | 1 Microsoft | 2 Azure Service Fabric, Service Fabric | 2025-08-23 | 6 Medium |
| Improper link resolution before file access ('link following') in Service Fabric allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-47159 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-08-23 | 7.8 High |
| Protection mechanism failure in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-33054 | 1 Microsoft | 4 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 and 1 more | 2025-08-23 | 8.1 High |
| Insufficient UI warning of dangerous operations in Remote Desktop Client allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-26636 | 1 Microsoft | 2 Windows 11 24h2, Windows Server 2025 | 2025-08-23 | 5.5 Medium |
| Processor optimization removal or modification of security-critical code in Windows Kernel allows an authorized attacker to disclose information locally. | ||||
| CVE-2024-41165 | 1 Microsoft | 1 Word | 2025-08-22 | 7.1 High |
| A library injection vulnerability exists in Microsoft Word 16.83 for macOS. A specially crafted library can leverage Word's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions. | ||||
| CVE-2024-43106 | 1 Microsoft | 1 Excel | 2025-08-22 | 7.1 High |
| A library injection vulnerability exists in Microsoft Excel 16.83 for macOS. A specially crafted library can leverage Excel's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions. | ||||
| CVE-2024-42220 | 1 Microsoft | 1 Outlook | 2025-08-22 | 7.1 High |
| A library injection vulnerability exists in Microsoft Outlook 16.83.3 for macOS. A specially crafted library can leverage Outlook's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions. | ||||
| CVE-2025-6182 | 2 Microsoft, Strongdm | 2 Windows, Sdm-cli | 2025-08-22 | N/A |
| The StrongDM Windows service incorrectly handled communication related to system certificate management. Attackers could exploit this behavior to install untrusted root certificates or remove trusted ones. | ||||
| CVE-2025-6181 | 2 Microsoft, Strongdm | 2 Windows, Sdm-cli | 2025-08-22 | N/A |
| The StrongDM Windows service incorrectly handled input validation. Authenticated attackers could potentially exploit this leading to privilege escalation. | ||||
| CVE-2024-29072 | 3 Foxit, Foxitsoftware, Microsoft | 4 Pdf Editor, Pdf Reader, Foxit Reader and 1 more | 2025-08-22 | 8.2 High |
| A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability occurs due to improper certification validation of the updater executable before executing it. A low privilege user can trigger the update action which can result in unexpected elevation of privilege. | ||||
| CVE-2018-25032 | 13 Apple, Azul, Debian and 10 more | 47 Mac Os X, Macos, Zulu and 44 more | 2025-08-21 | 7.5 High |
| zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. | ||||
| CVE-2025-9132 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-08-21 | 8.8 High |
| Out of bounds write in V8 in Google Chrome prior to 139.0.7258.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-39954 | 4 Apache, Apple, Linux and 1 more | 4 Eventmesh, Macos, Linux and 1 more | 2025-08-21 | 6.3 Medium |
| CWE-918 Server-Side Request Forgery (SSRF) in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources. Users are recommended to upgrade to version 1.12.0 or use the master branch , which fixes this issue. | ||||
| CVE-2025-54363 | 1 Microsoft | 1 Knack | 2025-08-21 | N/A |
| Microsoft Knack 0.12.0 allows Regular expression Denial of Service (ReDoS) in the knack.introspection module. extract_full_summary_from_signature employs an inefficient regular expression pattern: "\s(:param)\s+(.+?)\s:(.*)" that is susceptible to catastrophic backtracking when processing crafted docstrings containing a large volume of whitespace without a terminating colon. An attacker who can control or inject docstring content into affected applications can trigger excessive CPU consumption. This software is used by Azure CLI. | ||||
| CVE-2024-25015 | 3 Ibm, Linux, Microsoft | 5 Aix, Linux On Ibm Z, Mq and 2 more | 2025-08-21 | 7.5 High |
| IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all available resources. IBM X-Force ID: 281278. | ||||
| CVE-2025-4660 | 2 Forescout, Microsoft | 2 Secureconnector, Windows | 2025-08-21 | 9.8 Critical |
| A remote code execution vulnerability exists in the Windows agent component of SecureConnector due to improper access controls on a named pipe. The pipe is accessible to the Everyone group and does not restrict remote connections, allowing any network-based attacker to connect without authentication. By interacting with this pipe, an attacker can redirect the agent to communicate with a rogue server that can issue commands via the SecureConnector Agent. This does not impact Linux or OSX Secure Connector. | ||||
| CVE-2025-4044 | 2 Lexmark, Microsoft | 2 Universal Print Driver, Windows | 2025-08-21 | 8.2 High |
| Improper Restriction of XML External Entity Reference in various Lexmark printer drivers for Windows allows attacker to disclose sensitive information to an arbitrary URL. | ||||