Filtered by vendor Microsoft
Subscribe
Total
22989 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-49719 | 1 Microsoft | 4 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 1 more | 2025-07-17 | N/A | 7.5 HIGH |
|
Improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network.
|
|||||
| CVE-2025-49718 | 1 Microsoft | 2 Sql Server 2019, Sql Server 2022 | 2025-07-17 | N/A | 7.5 HIGH |
|
Use of uninitialized resource in SQL Server allows an unauthorized attacker to disclose information over a network.
|
|||||
| CVE-2025-49717 | 1 Microsoft | 2 Sql Server 2019, Sql Server 2022 | 2025-07-17 | N/A | 8.5 HIGH |
|
Heap-based buffer overflow in SQL Server allows an authorized attacker to execute code over a network.
|
|||||
| CVE-2025-49740 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-07-17 | N/A | 8.8 HIGH |
|
Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network.
|
|||||
| CVE-2025-49742 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-17 | N/A | 7.8 HIGH |
|
Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally.
|
|||||
| CVE-2025-49744 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-07-17 | N/A | 7.0 HIGH |
|
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-49753 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2025-07-17 | N/A | 8.8 HIGH |
|
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
|
|||||
| CVE-2022-43847 | 3 Ibm, Linux, Microsoft | 3 Aspera Console, Linux Kernel, Windows | 2025-07-17 | N/A | 5.4 MEDIUM |
|
IBM Aspera Console 3.4.0 through 3.4.4
is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
|
|||||
| CVE-2022-43850 | 3 Ibm, Linux, Microsoft | 3 Aspera Console, Linux Kernel, Windows | 2025-07-17 | N/A | 5.4 MEDIUM |
|
IBM Aspera Console 3.4.0 through 3.4.4
is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2022-43851 | 3 Ibm, Linux, Microsoft | 3 Aspera Console, Linux Kernel, Windows | 2025-07-17 | N/A | 5.9 MEDIUM |
|
IBM Aspera Console 3.4.0 through 3.4.4
uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
|
|||||
| CVE-2022-43852 | 3 Ibm, Linux, Microsoft | 3 Aspera Console, Linux Kernel, Windows | 2025-07-17 | N/A | 5.3 MEDIUM |
|
IBM Aspera Console 3.4.0 through 3.4.4 could disclose sensitive information in HTTP headers that could be used in further attacks against the system.
|
|||||
| CVE-2023-27272 | 3 Ibm, Linux, Microsoft | 3 Aspera Console, Linux Kernel, Windows | 2025-07-17 | N/A | 3.1 LOW |
|
IBM Aspera Console 3.4.0 through 3.4.4 allows passwords to be reused when a new user logs into the system.
|
|||||
| CVE-2025-47182 | 1 Microsoft | 1 Edge Chromium | 2025-07-17 | N/A | 5.6 MEDIUM |
|
Improper input validation in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally.
|
|||||
| CVE-2025-49715 | 1 Microsoft | 1 Dynamics 365 | 2025-07-17 | N/A | 7.5 HIGH |
|
Exposure of private personal information to an unauthorized actor in Dynamics 365 FastTrack Implementation Assets allows an unauthorized attacker to disclose information over a network.
|
|||||
| CVE-2025-49705 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-07-16 | N/A | 7.8 HIGH |
|
Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-49703 | 1 Microsoft | 5 365 Apps, Office, Office Long Term Servicing Channel and 2 more | 2025-07-16 | N/A | 7.8 HIGH |
|
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-49702 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-07-16 | N/A | 7.8 HIGH |
|
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-49723 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-07-16 | N/A | 8.8 HIGH |
|
Missing authorization in Windows StateRepository API allows an authorized attacker to perform tampering locally.
|
|||||
| CVE-2025-49722 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-16 | N/A | 5.7 MEDIUM |
|
Uncontrolled resource consumption in Windows Print Spooler Components allows an authorized attacker to deny service over an adjacent network.
|
|||||
| CVE-2025-49721 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-16 | N/A | 7.8 HIGH |
|
Heap-based buffer overflow in Windows Fast FAT Driver allows an unauthorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-49716 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2025-07-16 | N/A | 7.5 HIGH |
|
Uncontrolled resource consumption in Windows Netlogon allows an unauthorized attacker to deny service over a network.
|
|||||
| CVE-2025-49714 | 1 Microsoft | 1 Python | 2025-07-16 | N/A | 7.8 HIGH |
|
Trust boundary violation in Visual Studio Code - Python extension allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-49729 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2025-07-16 | N/A | 8.8 HIGH |
|
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
|
|||||
| CVE-2025-49727 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-16 | N/A | 7.0 HIGH |
|
Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-49726 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2025-07-16 | N/A | 7.8 HIGH |
|
Use after free in Windows Notification allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-49725 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2025-07-16 | N/A | 7.8 HIGH |
|
Use after free in Windows Notification allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-49724 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-07-16 | N/A | 8.8 HIGH |
|
Use after free in Windows Connected Devices Platform Service allows an unauthorized attacker to execute code over a network.
|
|||||
| CVE-2025-49760 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-07-16 | N/A | 3.5 LOW |
|
External control of file name or path in Windows Storage allows an authorized attacker to perform spoofing over a network.
|
|||||
| CVE-2025-49739 | 1 Microsoft | 4 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 1 more | 2025-07-16 | N/A | 8.8 HIGH |
|
Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.
|
|||||
| CVE-2025-49733 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-07-16 | N/A | 7.8 HIGH |
|
Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-49732 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-16 | N/A | 7.8 HIGH |
|
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-49730 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-16 | N/A | 7.8 HIGH |
|
Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2021-26700 | 1 Microsoft | 1 Npm | 2025-07-16 | 6.8 MEDIUM | 7.8 HIGH |
|
Visual Studio Code npm-script Extension Remote Code Execution Vulnerability
|
|||||
| CVE-2018-8327 | 1 Microsoft | 2 Powershell, Powershell Editor Services | 2025-07-16 | 10.0 HIGH | 9.8 CRITICAL |
|
A remote code execution vulnerability exists in PowerShell Editor Services, aka "PowerShell Editor Services Remote Code Execution Vulnerability." This affects PowerShell Editor, PowerShell Extension.
|
|||||
| CVE-2024-49050 | 1 Microsoft | 1 Python | 2025-07-15 | N/A | 8.8 HIGH |
|
Visual Studio Code Python Extension Remote Code Execution Vulnerability
|
|||||
| CVE-2020-17163 | 1 Microsoft | 1 Python | 2025-07-15 | N/A | 7.8 HIGH |
|
Visual Studio Code Python Extension Remote Code Execution Vulnerability
|
|||||
| CVE-2025-6557 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-07-15 | N/A | 5.4 MEDIUM |
|
Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2025-3619 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-07-15 | N/A | 8.8 HIGH |
|
Heap buffer overflow in Codecs in Google Chrome on Windows prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
|
|||||
| CVE-2025-49687 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-07-15 | N/A | 8.8 HIGH |
|
Out-of-bounds read in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-49688 | 1 Microsoft | 6 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 3 more | 2025-07-15 | N/A | 8.8 HIGH |
|
Double free in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
|
|||||