Filtered by vendor Microsoft
Subscribe
Total
22625 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-6218 | 2 Microsoft, Rarlab | 2 Windows, Winrar | 2025-12-10 | N/A | 7.8 HIGH |
| RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of file paths within archive files. A crafted file path can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27198. | |||||
| CVE-2025-62221 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-12-10 | N/A | 7.8 HIGH |
| Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-62562 | 1 Microsoft | 5 365 Apps, Office, Office Long Term Servicing Channel and 2 more | 2025-12-09 | N/A | 7.8 HIGH |
| Use after free in Microsoft Office Outlook allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-62563 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-12-09 | N/A | 7.8 HIGH |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-62564 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-12-09 | N/A | 7.8 HIGH |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-62553 | 1 Microsoft | 4 365 Apps, Excel, Office and 1 more | 2025-12-09 | N/A | 7.8 HIGH |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-62552 | 1 Microsoft | 4 365 Apps, Access, Office and 1 more | 2025-12-09 | N/A | 7.8 HIGH |
| Relative path traversal in Microsoft Office Access allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-13639 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-12-08 | N/A | 8.1 HIGH |
| Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2025-13032 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2025-12-08 | N/A | 9.9 CRITICAL |
| Double fetch in sandbox kernel driver in Avast/AVG Antivirus <25.3 on windows allows local attacker to escalate privelages via pool overflow. | |||||
| CVE-2025-33202 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Triton Inference Server | 2025-12-08 | N/A | 6.5 MEDIUM |
| NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where an attacker could cause a stack overflow by sending extra-large payloads. A successful exploit of this vulnerability might lead to denial of service. | |||||
| CVE-2025-64657 | 1 Microsoft | 1 Azure Application Gateway | 2025-12-08 | N/A | 9.8 CRITICAL |
| Stack-based buffer overflow in Azure Application Gateway allows an unauthorized attacker to elevate privileges over a network. | |||||
| CVE-2025-64656 | 1 Microsoft | 1 Azure Application Gateway | 2025-12-08 | N/A | 9.4 CRITICAL |
| Out-of-bounds read in Application Gateway allows an unauthorized attacker to elevate privileges over a network. | |||||
| CVE-2025-20386 | 2 Microsoft, Splunk | 2 Windows, Splunk | 2025-12-05 | N/A | 8.0 HIGH |
| In Splunk Enterprise for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Splunk Enterprise for Windows Installation directory. This lets non-administrator users on the machine access the directory and all its contents. | |||||
| CVE-2025-61949 | 3 Linux, Microsoft, Secuavail | 3 Linux Kernel, Windows, Logstare Collector | 2025-12-05 | N/A | 5.4 MEDIUM |
| LogStare Collector contains a stored cross-site scripting vulnerability in UserManagement. If crafted user information is stored, an arbitrary script may be executed on the web browser of the user who logs in to the product's management page. | |||||
| CVE-2025-58097 | 3 Linux, Microsoft, Secuavail | 3 Linux Kernel, Windows, Logstare Collector | 2025-12-05 | N/A | 7.8 HIGH |
| The installation directory of LogStare Collector is configured with incorrect access permissions. A non-administrative user may manipulate files within the installation directory and execute arbitrary code with the administrative privilege. | |||||
| CVE-2025-13992 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-12-05 | N/A | 4.7 MEDIUM |
| Side-channel information leakage in Navigation and Loading in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2025-13630 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-12-04 | N/A | 8.8 HIGH |
| Type Confusion in V8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2025-13631 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-12-04 | N/A | 8.8 HIGH |
| Inappropriate implementation in Google Updater in Google Chrome on Mac prior to 143.0.7499.41 allowed a remote attacker to perform privilege escalation via a crafted file. (Chromium security severity: High) | |||||
| CVE-2025-13632 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-12-04 | N/A | 5.4 MEDIUM |
| Inappropriate implementation in DevTools in Google Chrome prior to 143.0.7499.41 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. (Chromium security severity: High) | |||||
| CVE-2025-13633 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-12-04 | N/A | 8.8 HIGH |
| Use after free in Digital Credentials in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||