Filtered by vendor Microsoft
Subscribe
Total
24733 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-29838 | 1 Microsoft | 2 Windows 11 24h2, Windows Server 2025 | 2026-06-17 | N/A | 7.4 HIGH |
| Null pointer dereference in Windows Drivers allows an unauthorized attacker to elevate privileges locally. | |||||
| CVE-2025-29837 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2026-06-17 | N/A | 5.5 MEDIUM |
| Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to disclose information locally. | |||||
| CVE-2025-29836 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2026-06-17 | N/A | 6.5 MEDIUM |
| Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2025-29835 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2026-06-17 | N/A | 6.5 MEDIUM |
| Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2025-29834 | 1 Microsoft | 1 Edge Chromium | 2026-06-17 | N/A | 7.5 HIGH |
| Out-of-bounds read in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-29833 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2026-06-17 | N/A | 7.7 HIGH |
| Time-of-check time-of-use (toctou) race condition in Windows Virtual Machine Bus allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-29832 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2026-06-17 | N/A | 6.5 MEDIUM |
| Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2025-29831 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2026-06-17 | N/A | 7.5 HIGH |
| Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-29830 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2026-06-17 | N/A | 6.5 MEDIUM |
| Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2025-29829 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2026-06-17 | N/A | 5.5 MEDIUM |
| Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally. | |||||
| CVE-2025-29828 | 1 Microsoft | 6 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 and 3 more | 2026-06-17 | N/A | 8.1 HIGH |
| Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-29827 | 1 Microsoft | 1 Azure Automation | 2026-06-17 | N/A | 9.9 CRITICAL |
| Improper authorization in Azure Automation allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2025-29826 | 1 Microsoft | 1 Dataverse | 2026-06-17 | N/A | 7.3 HIGH |
| Improper handling of insufficient permissions or privileges in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2025-29825 | 1 Microsoft | 1 Edge Chromium | 2026-06-17 | N/A | 6.5 MEDIUM |
| User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2025-29824 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2026-06-17 | N/A | 7.8 HIGH |
| Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-29823 | 1 Microsoft | 1 365 Apps | 2026-06-17 | N/A | 7.8 HIGH |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-29822 | 1 Microsoft | 3 Office, Office Long Term Servicing Channel, Onenote | 2026-06-17 | N/A | 7.8 HIGH |
| Incomplete list of disallowed inputs in Microsoft Office OneNote allows an unauthorized attacker to bypass a security feature locally. | |||||
| CVE-2025-29821 | 1 Microsoft | 3 Dynamics 365 Business Central 2023, Dynamics 365 Business Central 2024, Dynamics 365 Business Central 2025 | 2026-06-17 | N/A | 5.5 MEDIUM |
| Improper input validation in Dynamics Business Central allows an authorized attacker to disclose information locally. | |||||
| CVE-2025-29820 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2026-06-17 | N/A | 7.8 HIGH |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-29819 | 1 Microsoft | 1 Windows Admin Center | 2026-06-17 | N/A | 6.2 MEDIUM |
| External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose information locally. | |||||