Filtered by vendor Microsoft
Subscribe
Total
22989 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-27369 | 3 Ibm, Linux, Microsoft | 3 Openpages With Watson, Linux Kernel, Windows | 2025-07-14 | N/A | 4.3 MEDIUM |
|
IBM OpenPages with Watson 8.3 and 9.0
is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used for the administration of OpenPages. An authenticated user is able to obtain certain information about system configuration and internal state which is only intended for administrators of the system.
|
|||||
| CVE-2025-47993 | 1 Microsoft | 3 Windows 11 24h2, Windows Server 2022 23h2, Windows Server 2025 | 2025-07-14 | N/A | 7.8 HIGH |
|
Improper access control in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-47991 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2025-07-14 | N/A | 7.8 HIGH |
|
Use after free in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-47987 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-14 | N/A | 7.8 HIGH |
|
Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-47986 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-14 | N/A | 8.8 HIGH |
|
Use after free in Universal Print Management Service allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-47985 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-14 | N/A | 7.8 HIGH |
|
Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-47984 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-14 | N/A | 7.5 HIGH |
|
Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.
|
|||||
| CVE-2025-47982 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2025-07-14 | N/A | 7.8 HIGH |
|
Improper input validation in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-47980 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-14 | N/A | 6.2 MEDIUM |
|
Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an unauthorized attacker to disclose information locally.
|
|||||
| CVE-2025-47978 | 1 Microsoft | 3 Windows Server 2022, Windows Server 2022 23h2, Windows Server 2025 | 2025-07-14 | N/A | 6.5 MEDIUM |
|
Out-of-bounds read in Windows Kerberos allows an authorized attacker to deny service over a network.
|
|||||
| CVE-2025-47159 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-07-14 | N/A | 7.8 HIGH |
|
Protection mechanism failure in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-47975 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-14 | N/A | 7.0 HIGH |
|
Double free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-47973 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-14 | N/A | 7.8 HIGH |
|
Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-47971 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-14 | N/A | 7.8 HIGH |
|
Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-47976 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-14 | N/A | 7.8 HIGH |
|
Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-30327 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2025-07-14 | N/A | 7.8 HIGH |
|
InCopy versions 20.2, 19.5.3 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-47972 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-07-14 | N/A | 8.0 HIGH |
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges over a network.
|
|||||
| CVE-2025-47109 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2025-07-14 | N/A | 5.5 MEDIUM |
|
After Effects versions 25.2, 24.6.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-43587 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2025-07-14 | N/A | 5.5 MEDIUM |
|
After Effects versions 25.2, 24.6.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-33054 | 1 Microsoft | 4 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 and 1 more | 2025-07-14 | N/A | 8.1 HIGH |
|
Insufficient UI warning of dangerous operations in Remote Desktop Client allows an unauthorized attacker to perform spoofing over a network.
|
|||||
| CVE-2025-26636 | 1 Microsoft | 2 Windows 11 24h2, Windows Server 2025 | 2025-07-14 | N/A | 5.5 MEDIUM |
|
Processor optimization removal or modification of security-critical code in Windows Kernel allows an authorized attacker to disclose information locally.
|
|||||
| CVE-2024-11364 | 2 Microsoft, Rockwellautomation | 2 Windows, Arena | 2025-07-11 | N/A | 7.3 HIGH |
|
Another “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable prior to it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.
|
|||||
| CVE-2025-30312 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2025-07-11 | N/A | 7.8 HIGH |
|
Dimension versions 4.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-47097 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2025-07-11 | N/A | 7.8 HIGH |
|
InCopy versions 20.3, 19.5.3 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-47098 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2025-07-11 | N/A | 7.8 HIGH |
|
InCopy versions 20.3, 19.5.3 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-47099 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2025-07-11 | N/A | 7.8 HIGH |
|
InCopy versions 20.3, 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-47135 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2025-07-11 | N/A | 5.5 MEDIUM |
|
Dimension versions 4.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-47119 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2025-07-10 | N/A | 5.5 MEDIUM |
|
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-47120 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2025-07-10 | N/A | 5.5 MEDIUM |
|
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-47121 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2025-07-10 | N/A | 7.8 HIGH |
|
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-47122 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2025-07-10 | N/A | 7.8 HIGH |
|
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-47123 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2025-07-10 | N/A | 7.8 HIGH |
|
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-47124 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2025-07-10 | N/A | 7.8 HIGH |
|
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-47125 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2025-07-10 | N/A | 7.8 HIGH |
|
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-47126 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2025-07-10 | N/A | 7.8 HIGH |
|
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-47127 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2025-07-10 | N/A | 7.8 HIGH |
|
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-47128 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2025-07-10 | N/A | 7.8 HIGH |
|
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-47129 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2025-07-10 | N/A | 7.8 HIGH |
|
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-47130 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2025-07-10 | N/A | 7.8 HIGH |
|
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-47131 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2025-07-10 | N/A | 7.8 HIGH |
|
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||