Filtered by vendor Microsoft
Subscribe
Total
22603 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-55310 | 3 Apple, Foxit, Microsoft | 4 Macos, Pdf Editor, Pdf Reader and 1 more | 2025-12-18 | N/A | 7.3 HIGH |
| An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. An attacker able to alter or replace the static HTML files used by the StartPage feature can cause the application to load malicious or compromised content upon startup. This may result in information disclosure, unauthorized data access, or other security impacts. | |||||
| CVE-2025-55312 | 3 Apple, Foxit, Microsoft | 4 Macos, Pdf Editor, Pdf Reader and 1 more | 2025-12-18 | N/A | 7.8 HIGH |
| An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing dereference of invalid or released memory. This can lead to memory corruption, application crashes, and potentially allow an attacker to execute arbitrary code. | |||||
| CVE-2025-55313 | 3 Apple, Foxit, Microsoft | 4 Macos, Pdf Editor, Pdf Reader and 1 more | 2025-12-18 | N/A | 7.8 HIGH |
| An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. They allow potential arbitrary code execution when processing crafted PDF files. The vulnerability stems from insufficient handling of memory allocation failures after assigning an extremely large value to a form field's charLimit property via JavaScript. This can result in memory corruption and may allow an attacker to execute arbitrary code by persuading a user to open a malicious file. | |||||
| CVE-2025-55314 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2025-12-18 | N/A | 7.8 HIGH |
| An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing dereference of invalid or released memory. This can lead to memory corruption, application crashes, and potentially allow an attacker to execute arbitrary code. | |||||
| CVE-2025-59802 | 3 Apple, Foxit, Microsoft | 4 Macos, Pdf Editor, Pdf Reader and 1 more | 2025-12-18 | N/A | 7.5 HIGH |
| Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via OCG. When Optional Content Groups (OCG) are supported, the state property of an OCG is runtime-only and not included in the digital signature computation buffer. An attacker can leverage JavaScript or PDF triggers to dynamically change the visibility of OCG content after signing (Post-Sign), allowing the visual content of a signed PDF to be modified without invalidating the signature. This may result in a mismatch between the signed content and what the signer or verifier sees, undermining the trustworthiness of the digital signature. The fixed versions are 2025.2.1, 14.0.1, and 13.2.1. | |||||
| CVE-2025-14765 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-12-18 | N/A | 8.8 HIGH |
| Use after free in WebGPU in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2025-60710 | 1 Microsoft | 1 Windows 11 25h2 | 2025-12-16 | N/A | 7.8 HIGH |
| Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-60707 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-12-16 | N/A | 7.8 HIGH |
| Use after free in Multimedia Class Scheduler Service (MMCSS) allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2022-26807 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-12-16 | 4.4 MEDIUM | 7.0 HIGH |
| Windows Work Folder Service Elevation of Privilege Vulnerability | |||||
| CVE-2021-38638 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8.1 and 6 more | 2025-12-16 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | |||||
| CVE-2021-34536 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2025-12-16 | 4.6 MEDIUM | 7.8 HIGH |
| Storage Spaces Controller Elevation of Privilege Vulnerability | |||||
| CVE-2021-34487 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2025-12-16 | 4.6 MEDIUM | 7.0 HIGH |
| Windows Event Tracing Elevation of Privilege Vulnerability | |||||
| CVE-2025-62207 | 1 Microsoft | 1 Azure Monitor | 2025-12-16 | N/A | 8.6 HIGH |
| Azure Monitor Elevation of Privilege Vulnerability | |||||
| CVE-2022-4510 | 1 Microsoft | 1 Binwalk | 2025-12-16 | N/A | 7.8 HIGH |
| A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode (-e option). Remote code execution can be achieved by building a PFS filesystem that, upon extraction, would extract a malicious binwalk module into the folder .config/binwalk/plugins. This vulnerability is associated with program files src/binwalk/plugins/unpfs.py. This issue affects binwalk from 2.1.2b through 2.3.3 included. | |||||
| CVE-2024-29195 | 1 Microsoft | 1 Azure C Shared Utility | 2025-12-15 | N/A | 6.0 MEDIUM |
| The azure-c-shared-utility is a C library for AMQP/MQTT communication to Azure Cloud Services. This library may be used by the Azure IoT C SDK for communication between IoT Hub and IoT Hub devices. An attacker can cause an integer wraparound or under-allocation or heap buffer overflow due to vulnerabilities in parameter checking mechanism, by exploiting the buffer length parameter in Azure C SDK, which may lead to remote code execution. Requirements for RCE are 1. Compromised Azure account allowing malformed payloads to be sent to the device via IoT Hub service, 2. By passing IoT hub service max message payload limit of 128KB, and 3. Ability to overwrite code space with remote code. Fixed in commit https://github.com/Azure/azure-c-shared-utility/commit/1129147c38ac02ad974c4c701a1e01b2141b9fe2. | |||||
| CVE-2025-0502 | 4 Apple, Craftercms, Linux and 1 more | 4 Macos, Craftercms, Linux Kernel and 1 more | 2025-12-15 | N/A | 9.1 CRITICAL |
| Transmission of Private Resources into a New Sphere ('Resource Leak') vulnerability in CrafterCMS Engine on Linux, MacOS, x86, Windows, 64 bit, ARM allows Directory Indexing, Resource Leak Exposure.This issue affects CrafterCMS: from 4.0.0 before 4.0.8, from 4.1.0 before 4.1.6. | |||||
| CVE-2025-59803 | 3 Apple, Foxit, Microsoft | 4 Macos, Pdf Editor, Pdf Reader and 1 more | 2025-12-15 | N/A | 5.3 MEDIUM |
| Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via triggers. An attacker can embed triggers (e.g., JavaScript) in a PDF document that execute during the signing process. When a signer reviews the document, the content appears normal. However, once the signature is applied, the triggers modify content on other pages or optional content layers without explicit warning. This can cause the signed PDF to differ from what the signer saw, undermining the trustworthiness of the digital signature. The fixed versions are 2025.2.1, 14.0.1, and 13.2.1. | |||||
| CVE-2025-14174 | 4 Apple, Google, Linux and 1 more | 11 Ipados, Iphone Os, Macos and 8 more | 2025-12-15 | N/A | 8.8 HIGH |
| Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2025-62468 | 1 Microsoft | 5 Windows 11 23h2, Windows 11 24h2, Windows 11 25h2 and 2 more | 2025-12-12 | N/A | 5.5 MEDIUM |
| Out-of-bounds read in Windows Defender Firewall Service allows an authorized attacker to disclose information locally. | |||||
| CVE-2025-62474 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2025-12-12 | N/A | 7.8 HIGH |
| Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally. | |||||