Filtered by vendor Microsoft
Subscribe
Total
24766 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-59500 | 1 Microsoft | 1 Azure Notification Service | 2026-06-17 | N/A | 7.7 HIGH |
| Improper access control in Azure Notification Service allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2025-59499 | 1 Microsoft | 4 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 1 more | 2026-06-17 | N/A | 8.8 HIGH |
| Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2025-59497 | 1 Microsoft | 1 Defender For Endpoint | 2026-06-17 | N/A | 7.0 HIGH |
| Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Linux allows an authorized attacker to deny service locally. | |||||
| CVE-2025-59494 | 1 Microsoft | 1 Azure Monitor Agent | 2026-06-17 | N/A | 7.8 HIGH |
| Improper access control in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-59489 | 5 Apple, Google, Linux and 2 more | 5 Macos, Android, Linux Kernel and 2 more | 2026-06-17 | N/A | 7.4 HIGH |
| Unity Runtime before 2025-10-02 on Android, Windows, macOS, and Linux allows argument injection that can result in loading of library code from an unintended location. If an application was built with a version of Unity Editor that had the vulnerable Unity Runtime code, then an adversary may be able to execute code on, and exfiltrate confidential information from, the machine on which that application is running. NOTE: product status is provided for Unity Editor because that is the information available from the Supplier. However, updating Unity Editor typically does not address the effects of the vulnerability; instead, it is necessary to rebuild and redeploy all affected applications. | |||||
| CVE-2025-59295 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2026-06-17 | N/A | 8.8 HIGH |
| Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-59294 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2026-06-17 | N/A | 2.1 LOW |
| Exposure of sensitive information to an unauthorized actor in Windows Taskbar Live allows an unauthorized attacker to disclose information with a physical attack. | |||||
| CVE-2025-59292 | 1 Microsoft | 1 Azure Compute Gallery | 2026-06-17 | N/A | 8.2 HIGH |
| External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-59291 | 1 Microsoft | 1 Azure Compute Gallery | 2026-06-17 | N/A | 8.2 HIGH |
| External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-59290 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 5 more | 2026-06-17 | N/A | 7.8 HIGH |
| Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-59289 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 5 more | 2026-06-17 | N/A | 7.0 HIGH |
| Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-59288 | 1 Microsoft | 1 Playwright | 2026-06-17 | N/A | 5.3 MEDIUM |
| Improper verification of cryptographic signature in Github: Playwright allows an unauthorized attacker to perform spoofing over an adjacent network. | |||||
| CVE-2025-59287 | 1 Microsoft | 6 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 3 more | 2026-06-17 | N/A | 9.8 CRITICAL |
| Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-59286 | 1 Microsoft | 1 365 Copilot Chat | 2026-06-17 | N/A | 9.3 CRITICAL |
| Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2025-59285 | 1 Microsoft | 1 Azure Monitor Agent | 2026-06-17 | N/A | 7.0 HIGH |
| Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-59284 | 1 Microsoft | 5 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 and 2 more | 2026-06-17 | N/A | 3.3 LOW |
| Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing locally. | |||||
| CVE-2025-59282 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2026-06-17 | N/A | 7.0 HIGH |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Inbox COM Objects allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-59281 | 1 Microsoft | 1 Xbox Gaming Services | 2026-06-17 | N/A | 7.8 HIGH |
| Improper link resolution before file access ('link following') in XBox Gaming Services allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-59280 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2026-06-17 | N/A | 3.1 LOW |
| Improper authentication in Windows SMB Client allows an unauthorized attacker to perform tampering over a network. | |||||
| CVE-2025-59278 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2026-06-17 | N/A | 7.8 HIGH |
| Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. | |||||