Filtered by vendor Microsoft
Subscribe
Total
21873 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-27485 | 1 Microsoft | 5 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 2 more | 2025-07-08 | N/A | 7.5 HIGH |
| Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. | |||||
| CVE-2025-32726 | 1 Microsoft | 1 Visual Studio Code | 2025-07-08 | N/A | 6.8 MEDIUM |
| Improper access control in Visual Studio Code allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-29823 | 1 Microsoft | 1 365 Apps | 2025-07-08 | N/A | 7.8 HIGH |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-29822 | 1 Microsoft | 3 Office, Office Long Term Servicing Channel, Onenote | 2025-07-08 | N/A | 7.8 HIGH |
| Incomplete list of disallowed inputs in Microsoft Office OneNote allows an unauthorized attacker to bypass a security feature locally. | |||||
| CVE-2025-29820 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-07-08 | N/A | 7.8 HIGH |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-27732 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-08 | N/A | 7.0 HIGH |
| Sensitive data storage in improperly locked memory in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-27731 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-07-08 | N/A | 7.8 HIGH |
| Improper input validation in OpenSSH for Windows allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-4540 | 2 Lodop, Microsoft | 2 C-lodop, Windows | 2025-07-08 | 6.0 MEDIUM | 7.0 HIGH |
| A vulnerability was found in MTSoftware C-Lodop 6.6.1.1 on Windows. It has been rated as critical. This issue affects some unknown processing of the component CLodopPrintService. The manipulation leads to unquoted search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 6.6.13 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2025-27730 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-07-08 | N/A | 7.8 HIGH |
| Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-27729 | 1 Microsoft | 6 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 3 more | 2025-07-08 | N/A | 7.8 HIGH |
| Use after free in Windows Shell allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-27728 | 1 Microsoft | 2 Windows 11 24h2, Windows Server 2025 | 2025-07-08 | N/A | 7.8 HIGH |
| Out-of-bounds read in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-27727 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-08 | N/A | 7.8 HIGH |
| Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-47966 | 1 Microsoft | 1 Power Automate For Desktop | 2025-07-08 | N/A | 9.8 CRITICAL |
| Exposure of sensitive information to an unauthorized actor in Power Automate allows an unauthorized attacker to elevate privileges over a network. | |||||
| CVE-2025-29817 | 1 Microsoft | 1 Power Automate For Desktop | 2025-07-08 | N/A | 5.7 MEDIUM |
| Uncontrolled search path element in Power Automate allows an authorized attacker to disclose information over a network. | |||||
| CVE-2025-49713 | 1 Microsoft | 1 Edge Chromium | 2025-07-08 | N/A | 8.8 HIGH |
| Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-29825 | 1 Microsoft | 1 Edge Chromium | 2025-07-08 | N/A | 6.5 MEDIUM |
| User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2025-29834 | 1 Microsoft | 1 Edge Chromium | 2025-07-08 | N/A | 7.5 HIGH |
| Out-of-bounds read in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-33065 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-07-08 | N/A | 5.5 MEDIUM |
| Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. | |||||
| CVE-2025-33063 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 8 more | 2025-07-08 | N/A | 5.5 MEDIUM |
| Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. | |||||
| CVE-2025-33062 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2025-07-08 | N/A | 5.5 MEDIUM |
| Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. | |||||