Filtered by vendor Microsoft
Subscribe
Total
22989 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-29837 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-05-19 | N/A | 5.5 MEDIUM |
|
Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to disclose information locally.
|
|||||
| CVE-2025-29838 | 1 Microsoft | 2 Windows 11 24h2, Windows Server 2025 | 2025-05-19 | N/A | 7.4 HIGH |
|
Null pointer dereference in Windows Drivers allows an unauthorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-43571 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2025-05-19 | N/A | 7.8 HIGH |
|
Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-43551 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2025-05-19 | N/A | 5.5 MEDIUM |
|
Substance3D - Stager versions 3.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-43549 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2025-05-19 | N/A | 7.8 HIGH |
|
Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-43568 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2025-05-19 | N/A | 7.8 HIGH |
|
Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-43569 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2025-05-19 | N/A | 7.8 HIGH |
|
Substance3D - Stager versions 3.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-43570 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2025-05-19 | N/A | 7.8 HIGH |
|
Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-43548 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2025-05-19 | N/A | 7.8 HIGH |
|
Dimension versions 4.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-43572 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2025-05-19 | N/A | 7.8 HIGH |
|
Dimension versions 4.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-29977 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-05-19 | N/A | 7.8 HIGH |
|
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-29979 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-05-19 | N/A | 7.8 HIGH |
|
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-29959 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-05-19 | N/A | 6.5 MEDIUM |
|
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
|
|||||
| CVE-2025-29960 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-05-19 | N/A | 6.5 MEDIUM |
|
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
|
|||||
| CVE-2025-29961 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-05-19 | N/A | 6.5 MEDIUM |
|
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
|
|||||
| CVE-2025-29962 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-05-19 | N/A | 8.8 HIGH |
|
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
|
|||||
| CVE-2025-29963 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-05-19 | N/A | 8.8 HIGH |
|
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
|
|||||
| CVE-2025-29964 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-05-19 | N/A | 8.8 HIGH |
|
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
|
|||||
| CVE-2025-29966 | 1 Microsoft | 17 Remote Desktop, Windows 10 1507, Windows 10 1607 and 14 more | 2025-05-19 | N/A | 8.8 HIGH |
|
Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network.
|
|||||
| CVE-2025-29967 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-05-19 | N/A | 8.8 HIGH |
|
Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
|
|||||
| CVE-2025-29968 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2025-05-19 | N/A | 6.5 MEDIUM |
|
Improper input validation in Active Directory Certificate Services (AD CS) allows an authorized attacker to deny service over a network.
|
|||||
| CVE-2025-29969 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-05-19 | N/A | 7.5 HIGH |
|
Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network.
|
|||||
| CVE-2025-29970 | 1 Microsoft | 3 Windows 11 24h2, Windows Server 2022 23h2, Windows Server 2025 | 2025-05-19 | N/A | 7.8 HIGH |
|
Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-29971 | 1 Microsoft | 3 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 | 2025-05-19 | N/A | 7.5 HIGH |
|
Out-of-bounds read in Web Threat Defense (WTD.sys) allows an unauthorized attacker to deny service over a network.
|
|||||
| CVE-2025-29973 | 1 Microsoft | 1 Azure File Sync | 2025-05-19 | N/A | 7.0 HIGH |
|
Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-29974 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-05-19 | N/A | 5.7 MEDIUM |
|
Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose information over an adjacent network.
|
|||||
| CVE-2025-29975 | 1 Microsoft | 1 Pc Manager | 2025-05-19 | N/A | 7.8 HIGH |
|
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-29978 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2025-05-19 | N/A | 7.8 HIGH |
|
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-30381 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-05-19 | N/A | 7.8 HIGH |
|
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-30379 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-05-19 | N/A | 7.8 HIGH |
|
Release of invalid pointer or reference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-30377 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-05-19 | N/A | 8.4 HIGH |
|
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-30376 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-05-19 | N/A | 7.8 HIGH |
|
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-30375 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-05-19 | N/A | 7.8 HIGH |
|
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-30382 | 1 Microsoft | 1 Sharepoint Server | 2025-05-19 | N/A | 7.8 HIGH |
|
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2022-28887 | 3 Apple, F-secure, Microsoft | 8 Macos, Atlant, Elements Endpoint Detection And Response and 5 more | 2025-05-15 | N/A | 4.3 MEDIUM |
|
Multiple Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl.dll unpacker handler function crashes. This can lead to a possible scanning engine crash.
|
|||||
| CVE-2025-30328 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2025-05-15 | N/A | 7.8 HIGH |
|
Animate versions 24.0.8, 23.0.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-30329 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2025-05-15 | N/A | 5.5 MEDIUM |
|
Animate versions 24.0.8, 23.0.11 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-30330 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2025-05-15 | N/A | 7.8 HIGH |
|
Illustrator versions 29.3, 28.7.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-43545 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2025-05-15 | N/A | 7.8 HIGH |
|
Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-43546 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2025-05-15 | N/A | 7.8 HIGH |
|
Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||