Filtered by vendor Microsoft
Subscribe
Total
22989 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-49689 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-15 | N/A | 7.8 HIGH |
|
Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-49690 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-07-15 | N/A | 7.4 HIGH |
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an unauthorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-49691 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-07-15 | N/A | 8.0 HIGH |
|
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over an adjacent network.
|
|||||
| CVE-2025-49693 | 1 Microsoft | 5 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 and 2 more | 2025-07-15 | N/A | 7.8 HIGH |
|
Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-49694 | 1 Microsoft | 3 Windows 11 24h2, Windows Server 2022 23h2, Windows Server 2025 | 2025-07-15 | N/A | 7.8 HIGH |
|
Null pointer dereference in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-47107 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2025-07-15 | N/A | 7.8 HIGH |
|
InCopy versions 20.2, 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-49686 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-15 | N/A | 7.8 HIGH |
|
Null pointer dereference in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-49685 | 1 Microsoft | 8 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 5 more | 2025-07-15 | N/A | 7.0 HIGH |
|
Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-49684 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-07-15 | N/A | 5.5 MEDIUM |
|
Buffer over-read in Storage Port Driver allows an authorized attacker to disclose information locally.
|
|||||
| CVE-2025-49676 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2025-07-15 | N/A | 8.8 HIGH |
|
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
|
|||||
| CVE-2025-49683 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-15 | N/A | 7.8 HIGH |
|
Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-49681 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2025-07-15 | N/A | 6.5 MEDIUM |
|
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
|
|||||
| CVE-2025-49680 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-07-15 | N/A | 7.3 HIGH |
|
Improper link resolution before file access ('link following') in Windows Performance Recorder allows an authorized attacker to deny service locally.
|
|||||
| CVE-2025-49679 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-15 | N/A | 7.8 HIGH |
|
Numeric truncation error in Windows Shell allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-49678 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-15 | N/A | 7.0 HIGH |
|
Null pointer dereference in Windows NTFS allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-49677 | 1 Microsoft | 1 Windows 11 22h2 | 2025-07-15 | N/A | 7.0 HIGH |
|
Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-49701 | 1 Microsoft | 1 Sharepoint Server | 2025-07-15 | N/A | 8.8 HIGH |
|
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
|
|||||
| CVE-2025-49700 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-07-15 | N/A | 7.8 HIGH |
|
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-49699 | 1 Microsoft | 6 365 Apps, Office, Office Long Term Servicing Channel and 3 more | 2025-07-15 | N/A | 7.0 HIGH |
|
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-49698 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-07-15 | N/A | 7.8 HIGH |
|
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-49697 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-07-15 | N/A | 8.4 HIGH |
|
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-49696 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-07-15 | N/A | 8.4 HIGH |
|
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-49675 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-15 | N/A | 7.8 HIGH |
|
Use after free in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-49695 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-07-15 | N/A | 8.4 HIGH |
|
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-49674 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2025-07-15 | N/A | 8.8 HIGH |
|
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
|
|||||
| CVE-2025-49673 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2025-07-15 | N/A | 8.8 HIGH |
|
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
|
|||||
| CVE-2025-49672 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2025-07-15 | N/A | 8.8 HIGH |
|
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
|
|||||
| CVE-2025-49671 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2025-07-15 | N/A | 6.5 MEDIUM |
|
Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
|
|||||
| CVE-2025-49670 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2025-07-15 | N/A | 6.5 MEDIUM |
|
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
|
|||||
| CVE-2025-49669 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2025-07-15 | N/A | 8.8 HIGH |
|
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
|
|||||
| CVE-2025-49668 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2025-07-15 | N/A | 8.8 HIGH |
|
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
|
|||||
| CVE-2025-49667 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-15 | N/A | 7.8 HIGH |
|
Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-49666 | 1 Microsoft | 5 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 2 more | 2025-07-15 | N/A | 7.2 HIGH |
|
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to execute code over a network.
|
|||||
| CVE-2025-49665 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-07-15 | N/A | 7.8 HIGH |
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Workspace Broker allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-49664 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-15 | N/A | 5.5 MEDIUM |
|
Exposure of sensitive information to an unauthorized actor in Windows User-Mode Driver Framework Host allows an authorized attacker to disclose information locally.
|
|||||
| CVE-2025-48812 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-07-15 | N/A | 5.5 MEDIUM |
|
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
|
|||||
| CVE-2025-49711 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-07-15 | N/A | 7.8 HIGH |
|
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2024-8196 | 2 Microsoft, Mintplexlabs | 2 Windows, Anythingllm Desktop | 2025-07-15 | N/A | 9.8 CRITICAL |
|
In mintplex-labs/anything-llm v1.5.11 desktop version for Windows, the application opens server port 3001 on 0.0.0.0 with no authentication by default. This vulnerability allows an attacker to gain full backend access, enabling them to perform actions such as deleting all data from the workspace.
|
|||||
| CVE-2025-49682 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 5 more | 2025-07-15 | N/A | 7.3 HIGH |
|
Use after free in Windows Media allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-48824 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2025-07-15 | N/A | 8.8 HIGH |
|
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
|
|||||