Filtered by vendor Microsoft
Subscribe
Total
22989 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-26675 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 5 more | 2025-07-09 | N/A | 7.8 HIGH |
|
Out-of-bounds read in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-26676 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2025-07-09 | N/A | 6.5 MEDIUM |
|
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
|
|||||
| CVE-2025-26678 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-07-09 | N/A | 8.4 HIGH |
|
Improper access control in Windows Defender Application Control (WDAC) allows an unauthorized attacker to bypass a security feature locally.
|
|||||
| CVE-2025-26668 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-09 | N/A | 7.5 HIGH |
|
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
|
|||||
| CVE-2025-26669 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-09 | N/A | 8.8 HIGH |
|
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
|
|||||
| CVE-2025-26670 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-09 | N/A | 8.1 HIGH |
|
Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network.
|
|||||
| CVE-2025-26671 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2025-07-09 | N/A | 8.1 HIGH |
|
Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
|
|||||
| CVE-2025-26672 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-09 | N/A | 6.5 MEDIUM |
|
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
|
|||||
| CVE-2025-47168 | 1 Microsoft | 6 365 Apps, Office, Office Long Term Servicing Channel and 3 more | 2025-07-09 | N/A | 7.8 HIGH |
|
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-47167 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-07-09 | N/A | 8.4 HIGH |
|
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-47166 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2025-07-09 | N/A | 8.8 HIGH |
|
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
|
|||||
| CVE-2025-47165 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-07-09 | N/A | 7.8 HIGH |
|
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-47164 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-07-09 | N/A | 8.4 HIGH |
|
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-47163 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2025-07-09 | N/A | 8.8 HIGH |
|
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
|
|||||
| CVE-2025-47162 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-07-09 | N/A | 8.4 HIGH |
|
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-27747 | 1 Microsoft | 6 365 Apps, Office, Office Long Term Servicing Channel and 3 more | 2025-07-09 | N/A | 7.8 HIGH |
|
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-27746 | 1 Microsoft | 5 365 Apps, Office, Office Long Term Servicing Channel and 2 more | 2025-07-09 | N/A | 7.8 HIGH |
|
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-27745 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-07-09 | N/A | 7.8 HIGH |
|
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-27744 | 1 Microsoft | 1 Office | 2025-07-09 | N/A | 7.8 HIGH |
|
Improper access control in Microsoft Office allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-32717 | 1 Microsoft | 1 365 Apps | 2025-07-09 | N/A | 8.4 HIGH |
|
Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2024-30330 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2025-07-09 | N/A | 7.8 HIGH |
|
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Doc objects in AcroForms. The issue results from the lack of validating the existence of an object prior to performing operat ...
Show More |
|||||
| CVE-2024-30347 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2025-07-09 | N/A | 3.3 LOW |
|
Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result i ...
Show More |
|||||
| CVE-2024-30341 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2025-07-09 | N/A | 7.8 HIGH |
|
Foxit PDF Reader Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Doc objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read pas ...
Show More |
|||||
| CVE-2025-47957 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2025-07-09 | N/A | 8.4 HIGH |
|
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-47953 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-07-09 | N/A | 8.4 HIGH |
|
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-47175 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-07-09 | N/A | 7.8 HIGH |
|
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-47174 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2025-07-09 | N/A | 7.8 HIGH |
|
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-47173 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-07-09 | N/A | 7.8 HIGH |
|
Improper input validation in Microsoft Office allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-47172 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2025-07-09 | N/A | 8.8 HIGH |
|
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
|
|||||
| CVE-2025-47171 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-07-09 | N/A | 6.7 MEDIUM |
|
Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally.
|
|||||
| CVE-2025-47170 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2025-07-09 | N/A | 7.8 HIGH |
|
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-47169 | 1 Microsoft | 6 365 Apps, Office, Office Long Term Servicing Channel and 3 more | 2025-07-09 | N/A | 7.8 HIGH |
|
Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-0158 | 3 Ibm, Linux, Microsoft | 3 Entirex, Linux Kernel, Windows | 2025-07-08 | N/A | 5.5 MEDIUM |
|
IBM EntireX 11.1 could allow a local user to cause a denial of service due to an unhandled error and fault isolation.
|
|||||
| CVE-2025-0759 | 3 Ibm, Linux, Microsoft | 3 Entirex, Linux Kernel, Windows | 2025-07-08 | N/A | 3.3 LOW |
|
IBM EntireX 11.1 could allow a local user to unintentionally modify data timestamp integrity due to improper shared resource synchronization.
|
|||||
| CVE-2020-1171 | 1 Microsoft | 1 Python | 2025-07-08 | 9.3 HIGH | 8.8 HIGH |
|
A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads configuration files after opening a project, aka 'Visual Studio Code Python Extension Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1192.
|
|||||
| CVE-2020-1192 | 1 Microsoft | 1 Python | 2025-07-08 | 9.3 HIGH | 7.8 HIGH |
|
A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads workspace settings from a notebook file, aka 'Visual Studio Code Python Extension Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1171.
|
|||||
| CVE-2024-22351 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-07-08 | N/A | 6.3 MEDIUM |
|
IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
|
|||||
| CVE-2025-25045 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-07-08 | N/A | 4.3 MEDIUM |
|
IBM InfoSphere Information 11.7 Server authenticated user to obtain sensitive information when a detailed technical error message is returned in a request. This information could be used in further attacks against the system.
|
|||||
| CVE-2025-27484 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-08 | N/A | 7.5 HIGH |
|
Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over a network.
|
|||||
| CVE-2025-27483 | 1 Microsoft | 6 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 3 more | 2025-07-08 | N/A | 7.8 HIGH |
|
Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.
|
|||||