Total
252 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-62473 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2025-12-12 | N/A | 6.5 MEDIUM |
| Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2025-62467 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-12-12 | N/A | 7.8 HIGH |
| Integer overflow or wraparound in Windows Projected File System allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-62461 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-12-10 | N/A | 7.8 HIGH |
| Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-62462 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-12-10 | N/A | 7.8 HIGH |
| Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-62464 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-12-10 | N/A | 7.8 HIGH |
| Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-62560 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-12-10 | N/A | 7.8 HIGH |
| Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-12106 | 2025-12-01 | N/A | 9.1 CRITICAL | ||
| Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses | |||||
| CVE-2024-53020 | 1 Qualcomm | 468 205 Mobile Platform, 205 Mobile Platform Firmware, 215 Mobile Platform and 465 more | 2025-11-28 | N/A | 8.2 HIGH |
| Information disclosure may occur while decoding the RTP packet with invalid header extension from network. | |||||
| CVE-2025-21463 | 1 Qualcomm | 422 Ar8035, Ar8035 Firmware, Csr8811 and 419 more | 2025-11-28 | N/A | 7.5 HIGH |
| Transient DOS while processing the EHT operation IE in the received beacon frame. | |||||
| CVE-2024-53026 | 1 Qualcomm | 468 205 Mobile Platform, 205 Mobile Platform Firmware, 215 Mobile Platform and 465 more | 2025-11-28 | N/A | 8.2 HIGH |
| Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call. | |||||
| CVE-2024-53021 | 1 Qualcomm | 450 205 Mobile Platform, 205 Mobile Platform Firmware, 215 Mobile Platform and 447 more | 2025-11-28 | N/A | 8.2 HIGH |
| Information disclosure may occur while processing goodbye RTCP packet from network. | |||||
| CVE-2025-21487 | 1 Qualcomm | 454 205 Mobile Platform, 205 Mobile Platform Firmware, 215 Mobile Platform and 451 more | 2025-11-28 | N/A | 8.2 HIGH |
| Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the available buffer length. | |||||
| CVE-2025-47318 | 1 Qualcomm | 406 Apq8017, Apq8017 Firmware, Apq8064au and 403 more | 2025-11-28 | N/A | 7.5 HIGH |
| Transient DOS while parsing the EPTM test control message to get the test pattern. | |||||
| CVE-2025-21488 | 1 Qualcomm | 216 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 213 more | 2025-11-28 | N/A | 8.2 HIGH |
| Information disclosure while decoding this RTP packet headers received by UE from the network when the padding bit is set. | |||||
| CVE-2025-21484 | 1 Qualcomm | 346 Apq8064au, Apq8064au Firmware, Aqt1000 and 343 more | 2025-11-25 | N/A | 8.2 HIGH |
| Information disclosure when UE receives the RTP packet from the network, while decoding and reassembling the fragments from RTP packet. | |||||
| CVE-2025-63602 | 2025-11-19 | N/A | 7.3 HIGH | ||
| A vulnerability was discovered in Awesome Miner thru 11.2.4 that allows arbitrary read and write to kernel memory and MSRs (such as LSTAR) as an unprivileged user. This is due to the implementation of an insecure version of WinRing0 (1.2.0.5, renamed to IntelliBreeze.Maintenance.Service.sys) that lacks a properly secured DACL, allowing unprivileged users to interact with the driver and, as a result, the kernel. This can result in local privilege escalation, information disclosure, denial of service, and other unspecified impacts. | |||||
| CVE-2025-60720 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2025-11-17 | N/A | 7.8 HIGH |
| Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-12745 | 2025-11-06 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A weakness has been identified in QuickJS up to eb2c89087def1829ed99630cb14b549d7a98408c. This affects the function js_array_buffer_slice of the file quickjs.c. This manipulation causes buffer over-read. The attack is restricted to local execution. The exploit has been made available to the public and could be exploited. This product adopts a rolling release strategy to maintain continuous delivery Patch name: c6fe5a98fd3ef3b7064e6e0145dfebfe12449fea. To fix this issue, it is recommended to deploy a patch. | |||||
| CVE-2025-27041 | 1 Qualcomm | 126 Ar8035, Ar8035 Firmware, Fastconnect 6900 and 123 more | 2025-11-05 | N/A | 5.5 MEDIUM |
| Transient DOS while processing video packets received from video firmware. | |||||
| CVE-2025-27045 | 1 Qualcomm | 36 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 33 more | 2025-11-05 | N/A | 6.1 MEDIUM |
| Information disclosure while processing batch command execution in Video driver. | |||||