Total
166 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-29812 | 1 Microsoft | 6 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 and 3 more | 2025-07-10 | N/A | 7.8 HIGH |
| Untrusted pointer dereference in Windows Kernel Memory allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-27747 | 1 Microsoft | 6 365 Apps, Office, Office Long Term Servicing Channel and 3 more | 2025-07-09 | N/A | 7.8 HIGH |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-24084 | 1 Microsoft | 6 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 and 3 more | 2025-07-07 | N/A | 8.4 HIGH |
| Untrusted pointer dereference in Windows Subsystem for Linux allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-24083 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-07-02 | N/A | 7.8 HIGH |
| Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-21381 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-07-01 | N/A | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability | |||||
| CVE-2025-21363 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2025-07-01 | N/A | 7.8 HIGH |
| Microsoft Word Remote Code Execution Vulnerability | |||||
| CVE-2023-27342 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-20 | N/A | 7.8 HIGH |
| PDF-XChange Editor EMF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18766. | |||||
| CVE-2023-39501 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-19 | N/A | 7.8 HIGH |
| PDF-XChange Editor OXPS File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OXPS files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20034. | |||||
| CVE-2023-40471 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-19 | N/A | 7.8 HIGH |
| PDF-XChange Editor App Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of App objects. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20729. | |||||
| CVE-2023-40472 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-19 | N/A | 7.8 HIGH |
| PDF-XChange Editor JavaScript String Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of strings. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20730. | |||||
| CVE-2025-30381 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-05-19 | N/A | 7.8 HIGH |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-22464 | 1 Ivanti | 1 Endpoint Manager | 2025-05-16 | N/A | 6.1 MEDIUM |
| An untrusted pointer dereference vulnerability in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an attacker with local access to write arbitrary data into memory causing a denial-of-service condition. | |||||
| CVE-2024-53033 | 1 Qualcomm | 16 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 13 more | 2025-03-07 | N/A | 7.8 HIGH |
| Memory corruption while doing Escape call when user provides valid kernel address in the place of valid user buffer address. | |||||
| CVE-2024-53034 | 1 Qualcomm | 16 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 13 more | 2025-03-07 | N/A | 7.8 HIGH |
| Memory corruption occurs during an Escape call if an invalid Kernel Mode CPU event and sync object handle are passed with the DriverKnownEscape flag reset. | |||||
| CVE-2025-21358 | 2025-02-11 | N/A | 7.8 HIGH | ||
| Windows Core Messaging Elevation of Privileges Vulnerability | |||||
| CVE-2024-45584 | 1 Qualcomm | 248 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 245 more | 2025-02-05 | N/A | 7.8 HIGH |
| Memory corruption can occur when a compat IOCTL call is followed by a normal IOCTL call from userspace. | |||||
| CVE-2024-26252 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-08 | N/A | 6.8 MEDIUM |
| Windows rndismp6.sys Remote Code Execution Vulnerability | |||||
| CVE-2024-49090 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-08 | N/A | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||
| CVE-2024-33039 | 1 Qualcomm | 44 Qam8255p, Qam8255p Firmware, Qam8650p and 41 more | 2024-12-11 | N/A | 6.7 MEDIUM |
| Memory corruption when PAL client calls PAL service APIs by passing a random value as handle and the handle is not validated by the service. | |||||
| CVE-2024-26213 | 1 Microsoft | 1 Windows Server 2022 23h2 | 2024-12-06 | N/A | 7.0 HIGH |
| Microsoft Brokering File System Elevation of Privilege Vulnerability | |||||