Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows
Subscriptions
Total
8794 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-36047 | 4 Apple, Ibm, Linux and 1 more | 7 Macos, Aix, I and 4 more | 2025-11-03 | 5.3 Medium |
| IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. | ||||
| CVE-2025-1992 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2025-11-03 | 5.3 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user in federation environment, to cause a denial of service due to insufficient release of allocated memory after usage. | ||||
| CVE-2024-4577 | 4 Fedoraproject, Microsoft, Php and 1 more | 4 Fedora, Windows, Php and 1 more | 2025-11-03 | 9.8 Critical |
| In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc. | ||||
| CVE-2025-58438 | 1 Microsoft | 1 Windows | 2025-11-03 | N/A |
| internetarchive is a Python and Command-Line Interface to Archive.org In versions 5.5.0 and below, there is a directory traversal (path traversal) vulnerability in the File.download() method of the internetarchive library. The file.download() method does not properly sanitize user-supplied filenames or validate the final download path. A maliciously crafted filename could contain path traversal sequences (e.g., ../../../../windows/system32/file.txt) or illegal characters that, when processed, would cause the file to be written outside of the intended target directory. An attacker could potentially overwrite critical system files or application configuration files, leading to a denial of service, privilege escalation, or remote code execution, depending on the context in which the library is used. The vulnerability is particularly critical for users on Windows systems, but all operating systems are affected. This issue is fixed in version 5.5.1. | ||||
| CVE-2025-54257 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2025-11-03 | 7.8 High |
| Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file, and scope is unchanged. | ||||
| CVE-2025-23340 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2025-11-03 | 3.3 Low |
| NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability may lead to a partial denial of service. | ||||
| CVE-2025-23339 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2025-11-03 | 3.3 Low |
| NVIDIA CUDA Toolkit for all platforms contains a vulnerability in cuobjdump where an attacker may cause a stack-based buffer overflow by getting the user to run cuobjdump on a malicious ELF file. A successful exploit of this vulnerability may lead to arbitrary code execution at the privilege level of the user running cuobjdump. | ||||
| CVE-2025-23338 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2025-11-03 | 3.3 Low |
| NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm where a user may cause an out-of-bounds write by running nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to denial of service. | ||||
| CVE-2025-23308 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2025-11-03 | 3.3 Low |
| NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm where an attacker may cause a heap-based buffer overflow by getting the user to run nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to arbitrary code execution at the privilege level of the user running nvdisasm. | ||||
| CVE-2025-23271 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2025-11-03 | 3.3 Low |
| NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability may lead to a partial denial of service. | ||||
| CVE-2025-10199 | 2 Lizardbyte, Microsoft | 2 Sunshine, Windows | 2025-11-03 | 7.8 High |
| A local privilege escalation vulnerability exists in Sunshine for Windows (version v2025.122.141614 and likely prior versions) due to an unquoted service path. | ||||
| CVE-2025-10198 | 2 Lizardbyte, Microsoft | 2 Sunshine, Windows | 2025-11-03 | 7.8 High |
| Sunshine for Windows, version v2025.122.141614, contains a DLL search-order hijacking vulnerability, allowing attackers to insert a malicious DLL in user-writeable PATH directories. | ||||
| CVE-2025-32919 | 2 Checkmk, Microsoft | 2 Checkmk, Windows | 2025-11-03 | N/A |
| Use of an insecure temporary directory in the Windows License plugin for the Checkmk Windows Agent allows Privilege Escalation. This issue affects Checkmk: from 2.4.0 before 2.4.0p13, from 2.3.0 before 2.3.0p38, from 2.2.0 before 2.2.0p46, and all versions of 2.1.0 (EOL). | ||||
| CVE-2025-12055 | 2 Microsoft, Mpdv Mikrolab | 4 Windows, Fedra 2, Hydra X and 1 more | 2025-11-03 | 7.5 High |
| HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from an unauthenticated local file disclosure vulnerability in all releases until Maintenance Pack 36 with Servicepack 8 (week 36/2025), which allows an attacker to read arbitrary files from the Windows operating system. The "Filename" parameter of the public $SCHEMAS$ ressource is vulnerable and can be exploited easily. | ||||
| CVE-2025-10639 | 2 Efficientlab, Microsoft | 2 Workexaminer Professional, Windows | 2025-11-03 | 8.8 High |
| The WorkExaminer Professional server installation comes with an FTP server that is used to receive the client logs on TCP port 12304. An attacker with network access to this port can use weak hardcoded credentials to login to the FTP server and modify or read data, log files and gain remote code execution as NT Authority\SYSTEM on the server by exchanging accessible service binaries in the WorkExaminer installation directory (e.g. "C:\Program File (x86)\Work Examiner Professional Server"). | ||||
| CVE-2025-26498 | 4 Linux, Microsoft, Salesforce and 1 more | 4 Linux, Windows, Tableau Server and 1 more | 2025-11-03 | 7.3 High |
| Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (establish-connection-no-undo modules) allows Absolute Path Traversal.This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19. | ||||
| CVE-2020-5741 | 2 Microsoft, Plex | 2 Windows, Media Server | 2025-10-31 | 7.2 High |
| Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code. | ||||
| CVE-2025-3928 | 3 Commvault, Linux, Microsoft | 3 Commvault, Linux Kernel, Windows | 2025-10-31 | 8.8 High |
| Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms. This vulnerability was added to the CISA Known Exploited Vulnerabilities (KEV) Catalog on 2025-04-28. | ||||
| CVE-2025-52446 | 4 Linux, Microsoft, Salesforce and 1 more | 4 Linux Kernel, Windows, Tableau Server and 1 more | 2025-10-31 | 8 High |
| Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (tab-doc api modules) allows Interface Manipulation (data access to the production database cluster).This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19. | ||||
| CVE-2025-52447 | 4 Linux, Microsoft, Salesforce and 1 more | 4 Linux Kernel, Windows, Tableau Server and 1 more | 2025-10-31 | 8.1 High |
| Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (set-initial-sql tabdoc command modules) allows Interface Manipulation (data access to the production database cluster). This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19. | ||||