Filtered by vendor Microsoft
Subscribe
Total
22989 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-59190 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2025-10-17 | N/A | 5.5 MEDIUM |
|
Improper input validation in Microsoft Windows Search Component allows an unauthorized attacker to deny service locally.
|
|||||
| CVE-2025-49552 | 3 Adobe, Apple, Microsoft | 3 Connect, Macos, Windows | 2025-10-17 | N/A | 7.3 HIGH |
|
Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a high-privileged attacker to execute malicious scripts in a victim's browser. Exploitation of this issue requires user interaction in that a victim must navigate to a crafted web page. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. Scope is changed.
|
|||||
| CVE-2025-49553 | 3 Adobe, Apple, Microsoft | 3 Connect, Macos, Windows | 2025-10-17 | N/A | 9.3 CRITICAL |
|
Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute malicious scripts in a victim's browser. Exploitation of this issue requires user interaction in that a victim must navigate to a crafted web page. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. Scope is changed.
|
|||||
| CVE-2025-54196 | 3 Adobe, Apple, Microsoft | 3 Connect, Macos, Windows | 2025-10-17 | N/A | 3.1 LOW |
|
Adobe Connect versions 12.9 and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction in that a victim must click on a crafted link.
|
|||||
| CVE-2025-54269 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2025-10-17 | N/A | 5.5 MEDIUM |
|
Animate versions 23.0.13, 24.0.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-54270 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2025-10-17 | N/A | 5.5 MEDIUM |
|
Animate versions 23.0.13, 24.0.10 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive memory information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-54279 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2025-10-17 | N/A | 7.8 HIGH |
|
Animate versions 23.0.13, 24.0.10 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-61804 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2025-10-17 | N/A | 7.8 HIGH |
|
Animate versions 23.0.13, 24.0.10 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-54268 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2025-10-17 | N/A | 7.8 HIGH |
|
Bridge versions 14.1.8, 15.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-54278 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2025-10-17 | N/A | 5.5 MEDIUM |
|
Bridge versions 14.1.8, 15.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-54281 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2025-10-17 | N/A | 7.8 HIGH |
|
Adobe Framemaker versions 2020.9, 2022.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-54282 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2025-10-17 | N/A | 7.8 HIGH |
|
Adobe Framemaker versions 2020.9, 2022.7 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-59238 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-10-16 | N/A | 7.8 HIGH |
|
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-59243 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2025-10-16 | N/A | 7.8 HIGH |
|
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-59221 | 1 Microsoft | 5 365 Apps, Office, Office Long Term Servicing Channel and 2 more | 2025-10-16 | N/A | 7.0 HIGH |
|
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-59222 | 1 Microsoft | 5 365 Apps, Office, Office Long Term Servicing Channel and 2 more | 2025-10-16 | N/A | 7.8 HIGH |
|
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-59232 | 1 Microsoft | 7 365 Apps, Access, Excel and 4 more | 2025-10-16 | N/A | 7.1 HIGH |
|
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
|
|||||
| CVE-2025-59235 | 1 Microsoft | 7 365 Apps, Access, Excel and 4 more | 2025-10-16 | N/A | 7.1 HIGH |
|
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
|
|||||
| CVE-2025-59218 | 1 Microsoft | 1 Entra Id | 2025-10-16 | N/A | 9.6 CRITICAL |
|
Azure Entra ID Elevation of Privilege Vulnerability
|
|||||
| CVE-2025-59246 | 1 Microsoft | 1 Entra Id | 2025-10-16 | N/A | 9.8 CRITICAL |
|
Azure Entra ID Elevation of Privilege Vulnerability
|
|||||
| CVE-2025-50175 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 8 more | 2025-10-16 | N/A | 7.8 HIGH |
|
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-59223 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-10-16 | N/A | 7.8 HIGH |
|
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-59224 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-10-16 | N/A | 7.8 HIGH |
|
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-59225 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-10-16 | N/A | 7.8 HIGH |
|
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-59226 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2025-10-16 | N/A | 7.8 HIGH |
|
Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-59227 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-10-16 | N/A | 7.8 HIGH |
|
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-58736 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2025-10-16 | N/A | 7.0 HIGH |
|
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-58735 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2025-10-16 | N/A | 7.0 HIGH |
|
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-58734 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-10-16 | N/A | 7.0 HIGH |
|
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-58733 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2025-10-16 | N/A | 7.0 HIGH |
|
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-58732 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2025-10-16 | N/A | 7.0 HIGH |
|
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-58731 | 1 Microsoft | 7 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 and 4 more | 2025-10-16 | N/A | 7.0 HIGH |
|
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-58730 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2025-10-16 | N/A | 7.0 HIGH |
|
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-58738 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1809, Windows 10 21h2 and 9 more | 2025-10-16 | N/A | 7.0 HIGH |
|
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-58737 | 1 Microsoft | 6 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 3 more | 2025-10-16 | N/A | 7.0 HIGH |
|
Use after free in Windows Remote Desktop allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-61787 | 2 Deno, Microsoft | 2 Deno, Windows | 2025-10-16 | N/A | 8.1 HIGH |
|
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions prior to 2.5.3 and 2.2.15 are vulnerable to Command Line Injection attacks on Windows when batch files are executed. In Windows, ``CreateProcess()`` always implicitly spawns ``cmd.exe`` if a batch file (.bat, .cmd, etc.) is being executed even if the application does not specify it via the command line. This makes Deno vulnerable to a command injection attack on Windows. Versions 2.5.3 and 2.2.15 fix the issue.
|
|||||
| CVE-2025-53951 | 2 Fortinet, Microsoft | 2 Fortidlp Agent, Windows | 2025-10-16 | N/A | 5.3 MEDIUM |
|
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiDLP Agent's Outlookproxy plugin for Windows 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11.1.1 through 11.1.2 and 11.0.1 and 10.5.1 and 10.4.0, and 10.3.1 may allow an authenticated attacker to escalate their privilege to LocalService via sending a crafted request to a local listening port.
|
|||||
| CVE-2025-53950 | 3 Apple, Fortinet, Microsoft | 3 Macos, Fortidlp Agent, Windows | 2025-10-16 | N/A | 5.5 MEDIUM |
|
An Exposure of Private Personal Information ('Privacy Violation') vulnerability [CWE-359] in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS and Windows 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11.1.1. through 11.1.2 and 11.0.1 and 10.5.1 and 10.4.0, and 10.3.1 may allow an authenticated administrator to collect current user's email information.
|
|||||
| CVE-2025-46752 | 2 Fortinet, Microsoft | 2 Fortidlp Agent, Windows | 2025-10-16 | N/A | 4.4 MEDIUM |
|
A insertion of sensitive information into log file in Fortinet FortiDLP 12.0.0 through 12.0.5, 11.5.1, 11.4.6, 11.4.5 allows attacker to information disclosure via re-using the enrollment code.
|
|||||
| CVE-2025-54284 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2025-10-16 | N/A | 7.8 HIGH |
|
Illustrator versions 29.7, 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||