Total
33315 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-5953 | 2 Insyde, Siemens | 33 Insydeh2o, Ruggedcom Ape1808, Ruggedcom Ape1808 Firmware and 30 more | 2025-11-04 | 7.5 High |
| A vulnerability exists in System Management Interrupt (SWSMI) handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT (EFI_RUNTIME_SERVICES) pointer to call a GetVariable service, which is located outside of SMRAM. This can result in code execution in SMM (escalating privilege from ring 0 to ring -2). | ||||
| CVE-2025-59273 | 1 Microsoft | 3 Azure, Azure Event Grid, Azure Event Grid System | 2025-11-04 | 7.3 High |
| Improper access control in Azure Event Grid allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-59248 | 1 Microsoft | 3 Exchange, Exchange Server, Exchange Srv | 2025-11-04 | 7.5 High |
| Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-59198 | 1 Microsoft | 21 Windows, Windows 10, Windows 10 1507 and 18 more | 2025-11-04 | 5 Medium |
| Improper input validation in Microsoft Windows Search Component allows an authorized attacker to deny service locally. | ||||
| CVE-2025-55699 | 1 Microsoft | 18 Windows, Windows 10, Windows 10 1507 and 15 more | 2025-11-04 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-55694 | 1 Microsoft | 7 Windows, Windows 11, Windows 11 24h2 and 4 more | 2025-11-04 | 7.8 High |
| Improper access control in Windows Error Reporting allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55692 | 1 Microsoft | 19 Windows, Windows 10, Windows 10 1507 and 16 more | 2025-11-04 | 7.8 High |
| Improper input validation in Windows Error Reporting allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55683 | 1 Microsoft | 7 Windows, Windows Server, Windows Server 2016 and 4 more | 2025-11-04 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-55679 | 1 Microsoft | 15 Windows, Windows 10, Windows 10 1809 and 12 more | 2025-11-04 | 5.1 Medium |
| Improper input validation in Windows Kernel allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2025-25004 | 1 Microsoft | 21 Powershell, Windows, Windows 10 and 18 more | 2025-11-04 | 7.3 High |
| Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59494 | 1 Microsoft | 2 Azure, Azure Monitor Agent | 2025-11-04 | 7.8 High |
| Improper access control in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59294 | 1 Microsoft | 18 Windows, Windows 10, Windows 10 1507 and 15 more | 2025-11-04 | 2.1 Low |
| Exposure of sensitive information to an unauthorized actor in Windows Taskbar Live allows an unauthorized attacker to disclose information with a physical attack. | ||||
| CVE-2025-59284 | 1 Microsoft | 8 Windows, Windows 11, Windows 11 22h2 and 5 more | 2025-11-04 | 3.3 Low |
| Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing locally. | ||||
| CVE-2025-59250 | 1 Microsoft | 2 Jdbc Driver For Sql Server, Odbc Driver For Sql Server | 2025-11-04 | 8.1 High |
| Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-59249 | 1 Microsoft | 5 Exchange, Exchange Server, Exchange Server 2016 and 2 more | 2025-11-04 | 8.8 High |
| Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-59228 | 1 Microsoft | 1 Sharepoint Server | 2025-11-04 | 8.8 High |
| Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||||
| CVE-2025-59199 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 8 more | 2025-11-04 | 7.8 High |
| Improper access control in Software Protection Platform (SPP) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-58716 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-11-04 | 8.8 High |
| Improper input validation in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55336 | 1 Microsoft | 15 Windows, Windows 10, Windows 10 1809 and 12 more | 2025-11-04 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows Cloud Files Mini Filter Driver allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-53782 | 1 Microsoft | 1 Exchange Server | 2025-11-04 | 8.4 High |
| Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally. | ||||