Filtered by vendor Microsoft
Subscriptions
Total
22825 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-55322 | 1 Microsoft | 1 Omniparser | 2025-11-21 | 7.3 High |
| Binding to an unrestricted ip address in GitHub allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-54914 | 1 Microsoft | 2 Azure, Azure Networking | 2025-11-21 | 10 Critical |
| Azure Networking Elevation of Privilege Vulnerability | ||||
| CVE-2025-53804 | 1 Microsoft | 25 Windows, Windows 10, Windows 10 1507 and 22 more | 2025-11-21 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-53803 | 1 Microsoft | 25 Windows, Windows 10, Windows 10 1507 and 22 more | 2025-11-21 | 5.5 Medium |
| Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-59215 | 1 Microsoft | 7 Graphics Component, Windows, Windows 11 and 4 more | 2025-11-21 | 7 High |
| Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-49728 | 1 Microsoft | 1 Pc Manager | 2025-11-21 | 4 Medium |
| Cleartext storage of sensitive information in Microsoft PC Manager allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2025-47967 | 2 Google, Microsoft | 3 Android, Edge, Edge Chromium | 2025-11-21 | 4.7 Medium |
| Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-55226 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2025-11-21 | 6.7 Medium |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to execute code locally. | ||||
| CVE-2025-54906 | 1 Microsoft | 12 365 Apps, Office, Office 2016 and 9 more | 2025-11-21 | 7.8 High |
| Free of memory not on the heap in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-54897 | 1 Microsoft | 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 | 2025-11-21 | 8.8 High |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||||
| CVE-2014-0496 | 3 Adobe, Apple, Microsoft | 3 Acrobat, Mac Os X, Windows | 2025-11-21 | 8.8 High |
| Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2017-20201 | 2 Microsoft, Piriform | 2 Windows, Ccleaner | 2025-11-21 | N/A |
| CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 (32-bit builds) contained a malicious pre-entry-point loader that diverts execution from __scrt_common_main_seh into a custom loader. That loader decodes an embedded blob into shellcode, allocates executable heap memory, resolves Windows API functions at runtime, and transfers execution to an in-memory payload. The payload performs anti-analysis checks, gathers host telemetry, encodes the data with a two-stage obfuscation, and attempts HTTPS exfiltration to hard-coded C2 servers or month-based DGA domains. Potential impacts include remote data collection and exfiltration, stealthy in-memory execution and persistence, and potential lateral movement. CCleaner was developed by Piriform, which was acquired by Avast in July 2017; Avast later merged with NortonLifeLock to form the parent company now known as Gen Digital. According to vendor advisories, the compromised CCleaner build was released on August 15, 2017 and remediated on September 12, 2017 with v5.34; the compromised CCleaner Cloud build was released on August 24, 2017 and remediated on September 15, 2017 with v1.07.3214. | ||||
| CVE-2025-4056 | 3 Gnome, Microsoft, Redhat | 3 Glib, Windows, Enterprise Linux | 2025-11-21 | 3.7 Low |
| A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to spawn a program using long command lines. | ||||
| CVE-2025-50165 | 1 Microsoft | 6 Server, Windows, Windows 11 24h2 and 3 more | 2025-11-21 | 9.8 Critical |
| Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2013-10047 | 3 Microsoft, Miniweb2, Miniweb Http Server Project | 3 Windows, Miniweb, Miniweb Http Server | 2025-11-20 | N/A |
| An unrestricted file upload vulnerability exists in MiniWeb HTTP Server <= Build 300 that allows unauthenticated remote attackers to upload arbitrary files to the server’s filesystem. By abusing the upload handler and crafting a traversal path, an attacker can place a malicious .exe in system32, followed by a .mof file in the WMI directory. This triggers execution of the payload with SYSTEM privileges via the Windows Management Instrumentation service. The exploit is only viable on Windows versions prior to Vista. | ||||
| CVE-2025-59220 | 1 Microsoft | 19 Windows, Windows 10, Windows 10 21h2 and 16 more | 2025-11-20 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59216 | 1 Microsoft | 6 Windows, Windows 11, Windows 11 24h2 and 3 more | 2025-11-20 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55244 | 1 Microsoft | 3 Azure, Azure Ai Bot Service, Azure Bot Service | 2025-11-20 | 9 Critical |
| Azure Bot Service Elevation of Privilege Vulnerability | ||||
| CVE-2025-55238 | 1 Microsoft | 3 365, Dynamics 365, Dynamics 365 Fasttrack Implementation | 2025-11-20 | 7.5 High |
| Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability | ||||
| CVE-2025-55242 | 1 Microsoft | 1 Xbox Gaming Services | 2025-11-20 | 6.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Xbox allows an unauthorized attacker to disclose information over a network. | ||||