Filtered by vendor Microsoft
Subscriptions
Total
22478 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-58719 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2025-11-07 | 4.7 Medium |
| Use after free in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-58720 | 1 Microsoft | 15 Windows, Windows 10, Windows 10 1809 and 12 more | 2025-11-07 | 7.8 High |
| Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-58722 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2025-11-07 | 7.8 High |
| Heap-based buffer overflow in Windows DWM allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-58725 | 1 Microsoft | 20 Windows, Windows 10, Windows 10 1507 and 17 more | 2025-11-07 | 7 High |
| Heap-based buffer overflow in Windows COM allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-58729 | 1 Microsoft | 22 Windows, Windows 10, Windows 10 1507 and 19 more | 2025-11-07 | 6.5 Medium |
| Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network. | ||||
| CVE-2025-59184 | 1 Microsoft | 6 Windows Server, Windows Server 2016, Windows Server 2019 and 3 more | 2025-11-07 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows High Availability Services allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-11212 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-11-07 | 6.3 Medium |
| Inappropriate implementation in Media in Google Chrome on Windows prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2025-64107 | 2 Cursor, Microsoft | 2 Cursor, Windows | 2025-11-07 | 8.8 High |
| Cursor is a code editor built for programming with AI. In versions 1.7.52 and below, manipulating internal settings may lead to RCE. Cursor detects path manipulation via forward slashes (./.cursor/./././././mcp.json etc.), and requires human approval to complete the operation. However, the same kind of manipulation using backslashes was not correctly detected, allowing an attacker who had already achieved prompt injection or some other level of control to overwrite sensitive editor files without approval on Windows machines. This issue is fixed in version 2.0. | ||||
| CVE-2025-37735 | 2 Elastic, Microsoft | 2 Defend, Windows | 2025-11-07 | 7 High |
| Improper preservation of permissions in Elastic Defend on Windows hosts can lead to arbitrary files on the system being deleted by the Defend service running as SYSTEM. In some cases, this could result in local privilege escalation. | ||||
| CVE-2025-58726 | 1 Microsoft | 20 Windows, Windows 10, Windows 10 1507 and 17 more | 2025-11-07 | 7.5 High |
| Improper access control in Windows SMB Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2024-41871 | 3 Adobe, Apple, Microsoft | 3 Media Encoder, Macos, Windows | 2025-11-06 | 5.5 Medium |
| Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-26497 | 4 Linux, Microsoft, Salesforce and 1 more | 5 Linux, Linux Kernel, Windows and 2 more | 2025-11-06 | 7.3 High |
| Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (Flow Editor modules) allows Absolute Path Traversal.This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19. | ||||
| CVE-2025-64458 | 2 Djangoproject, Microsoft | 2 Django, Windows | 2025-11-06 | 7.5 High |
| An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. NFKC normalization in Python is slow on Windows. As a consequence, `django.http.HttpResponseRedirect`, `django.http.HttpResponsePermanentRedirect`, and the shortcut `django.shortcuts.redirect` were subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Seokchan Yoon for reporting this issue. | ||||
| CVE-2025-23358 | 2 Microsoft, Nvidia | 2 Windows, App | 2025-11-06 | 8.2 High |
| NVIDIA NVApp for Windows contains a vulnerability in the installer, where a local attacker can cause a search path element issue. A successful exploit of this vulnerability might lead to code execution and escalation of privileges. | ||||
| CVE-2025-62225 | 2 Microsoft, Sony | 2 Windows, Optical Disc Archive Software | 2025-11-06 | N/A |
| Optical Disc Archive Software provided by Sony Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege. | ||||
| CVE-2025-64151 | 2 Microsoft, Roboticsware | 5 Windows, Ba-panel6, Fa-panel6 and 2 more | 2025-11-06 | N/A |
| Multiple Roboticsware products provided by Roboticsware PTE. LTD. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege. | ||||
| CVE-2025-59596 | 2 Absolute, Microsoft | 2 Secure Access, Windows | 2025-11-06 | N/A |
| CVE-2025-59596 is a denial-of-service vulnerability in Secure Access Windows client versions 12.0 to 14.10 that is addressed in version 14.12. If a local networking policy is active, attackers on an adjacent network may be able to send a crafted packet and cause the client system to crash. | ||||
| CVE-2025-33131 | 3 Ibm, Linux, Microsoft | 6 Aix, Db2 High Performance Unload, Db2 High Performance Unload Load and 3 more | 2025-11-06 | 6.5 Medium |
| IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, and 5.1 could allow an authenticated user to cause the program to crash due to a buffer being overwritten when it is allocated on the stack. | ||||
| CVE-2025-33132 | 3 Ibm, Linux, Microsoft | 6 Aix, Db2 High Performance Unload, Db2 High Performance Unload Load and 3 more | 2025-11-06 | 6.5 Medium |
| IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, and 5.1 could allow an authenticated user to cause the program to crash due to the incorrect calculation of the size of the data that is being pointed to. | ||||
| CVE-2025-33133 | 3 Ibm, Linux, Microsoft | 6 Aix, Db2 High Performance Unload, Db2 High Performance Unload Load and 3 more | 2025-11-06 | 6.5 Medium |
| IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, and 5.1 could allow an authenticated user to cause the program to crash due an out of bounds write. | ||||