Filtered by vendor Microsoft
Subscribe
Total
24766 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-55336 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 8 more | 2026-06-17 | N/A | 5.5 MEDIUM |
| Exposure of sensitive information to an unauthorized actor in Windows Cloud Files Mini Filter Driver allows an authorized attacker to disclose information locally. | |||||
| CVE-2025-55335 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2026-06-17 | N/A | 7.4 HIGH |
| Use after free in Windows NTFS allows an unauthorized attacker to elevate privileges locally. | |||||
| CVE-2025-55334 | 1 Microsoft | 4 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 and 1 more | 2026-06-17 | N/A | 6.2 MEDIUM |
| Cleartext storage of sensitive information in Windows Kernel allows an unauthorized attacker to bypass a security feature locally. | |||||
| CVE-2025-55333 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2026-06-17 | N/A | 6.1 MEDIUM |
| Incomplete comparison with missing factors in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | |||||
| CVE-2025-55332 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 8 more | 2026-06-17 | N/A | 6.1 MEDIUM |
| Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | |||||
| CVE-2025-55331 | 1 Microsoft | 9 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 6 more | 2026-06-17 | N/A | 7.0 HIGH |
| Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-55330 | 1 Microsoft | 6 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 and 3 more | 2026-06-17 | N/A | 6.1 MEDIUM |
| Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | |||||
| CVE-2025-55328 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2026-06-17 | N/A | 7.8 HIGH |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-55326 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2026-06-17 | N/A | 7.5 HIGH |
| Use after free in Connected Devices Platform Service (Cdpsvc) allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-55325 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2026-06-17 | N/A | 5.5 MEDIUM |
| Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. | |||||
| CVE-2025-55322 | 1 Microsoft | 1 Omniparser | 2026-06-17 | N/A | 7.3 HIGH |
| Binding to an unrestricted ip address in GitHub allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-55321 | 1 Microsoft | 1 Azure Monitor | 2026-06-17 | N/A | 9.3 CRITICAL |
| Improper neutralization of input during web page generation ('cross-site scripting') in Azure Monitor allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2025-55320 | 1 Microsoft | 3 Configuration Manager 2403, Configuration Manager 2409, Configuration Manager 2503 | 2026-06-17 | N/A | 6.8 MEDIUM |
| Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to elevate privileges over an adjacent network. | |||||
| CVE-2025-55319 | 1 Microsoft | 1 Visual Studio Code | 2026-06-17 | N/A | 8.8 HIGH |
| Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-55317 | 1 Microsoft | 1 Autoupdate | 2026-06-17 | N/A | 7.8 HIGH |
| Improper link resolution before file access ('link following') in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-55316 | 1 Microsoft | 1 Azure Connected Machine Agent | 2026-06-17 | N/A | 7.8 HIGH |
| External control of file name or path in Azure Arc allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-55315 | 1 Microsoft | 2 Asp.net Core, Visual Studio 2022 | 2026-06-17 | N/A | 9.9 CRITICAL |
| Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network. | |||||
| CVE-2025-55314 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2026-06-17 | N/A | 7.8 HIGH |
| An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing dereference of invalid or released memory. This can lead to memory corruption, application crashes, and potentially allow an attacker to execute arbitrary code. | |||||
| CVE-2025-55313 | 3 Apple, Foxit, Microsoft | 4 Macos, Pdf Editor, Pdf Reader and 1 more | 2026-06-17 | N/A | 7.8 HIGH |
| An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. They allow potential arbitrary code execution when processing crafted PDF files. The vulnerability stems from insufficient handling of memory allocation failures after assigning an extremely large value to a form field's charLimit property via JavaScript. This can result in memory corruption and may allow an attacker to execute arbitrary code by persuading a user to open a malicious file. | |||||
| CVE-2025-55312 | 3 Apple, Foxit, Microsoft | 4 Macos, Pdf Editor, Pdf Reader and 1 more | 2026-06-17 | N/A | 7.8 HIGH |
| An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing dereference of invalid or released memory. This can lead to memory corruption, application crashes, and potentially allow an attacker to execute arbitrary code. | |||||