Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows
Subscriptions
Total
9027 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-61835 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2025-12-11 | 7.8 High |
| Substance3D - Stager versions 3.1.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-53841 | 2 Akamai, Microsoft | 2 Guardicore Platform Agent, Windows | 2025-12-10 | 7.8 High |
| The GC-AGENTS-SERVICE running as part of Akamai´s Guardicore Platform Agent for Windows versions prior to v49.20.1, v50.15.0, v51.12.0, v52.2.0 is affected by a local privilege escalation vulnerability. The service will attempt to read an OpenSSL configuration file from a non-existent location that standard Windows users have default write access to. This allows an unprivileged local user to create a crafted "openssl.cnf" file in that location and, by specifying the path to a custom DLL file in a custom OpenSSL engine definition, execute arbitrary commands with the privileges of the Guardicore Agent process. Since Guardicore Agent runs with SYSTEM privileges, this permits an unprivileged user to fully elevate privileges to SYSTEM level in this manner. | ||||
| CVE-2025-66271 | 2 Elecom, Microsoft | 2 Clone For Windows, Windows | 2025-12-10 | N/A |
| Clone for Windows provided by ELECOM CO.,LTD. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege. | ||||
| CVE-2025-64894 | 3 Adobe, Apple, Microsoft | 3 Dng Software Development Kit, Macos, Windows | 2025-12-10 | 5.5 Medium |
| DNG SDK versions 1.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead to application denial-of-service. An attacker could exploit this issue to cause the application to crash or become unresponsive. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-64784 | 3 Adobe, Apple, Microsoft | 3 Dng Software Development Kit, Macos, Windows | 2025-12-10 | 7.1 High |
| DNG SDK versions 1.7.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure or application denial of service. An attacker could leverage this vulnerability to disclose sensitive memory information. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-64783 | 3 Adobe, Apple, Microsoft | 3 Dng Software Development Kit, Macos, Windows | 2025-12-10 | 7.8 High |
| DNG SDK versions 1.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-64893 | 3 Adobe, Apple, Microsoft | 3 Dng Software Development Kit, Macos, Windows | 2025-12-10 | 7.1 High |
| DNG SDK versions 1.7.0 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure or application denial of service. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-59775 | 2 Apache, Microsoft | 2 Http Server, Windows | 2025-12-10 | 7.5 High |
| Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes the issue. | ||||
| CVE-2025-6218 | 2 Microsoft, Rarlab | 2 Windows, Winrar | 2025-12-10 | N/A |
| RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of file paths within archive files. A crafted file path can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27198. | ||||
| CVE-2025-61865 | 2 Iodata, Microsoft | 2 Narsus App, Windows | 2025-12-10 | N/A |
| Multiple NAS management applications provided by I-O DATA DEVICE, INC. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege. | ||||
| CVE-2025-62209 | 1 Microsoft | 24 Windows, Windows 10, Windows 10 1507 and 21 more | 2025-12-09 | 5.5 Medium |
| Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-62208 | 1 Microsoft | 25 Windows, Windows 10, Windows 10 1507 and 22 more | 2025-12-09 | 5.5 Medium |
| Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-60723 | 1 Microsoft | 21 Directx, Windows, Windows 10 and 18 more | 2025-12-09 | 6.3 Medium |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to deny service over a network. | ||||
| CVE-2025-60708 | 1 Microsoft | 22 Windows, Windows 10, Windows 10 1607 and 19 more | 2025-12-09 | 6.5 Medium |
| Untrusted pointer dereference in Storvsp.sys Driver allows an authorized attacker to deny service locally. | ||||
| CVE-2025-60706 | 1 Microsoft | 23 Hyper-v, Windows, Windows 10 and 20 more | 2025-12-09 | 5.5 Medium |
| Out-of-bounds read in Windows Hyper-V allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-59513 | 1 Microsoft | 25 Windows, Windows 10, Windows 10 1607 and 22 more | 2025-12-09 | 5.5 Medium |
| Out-of-bounds read in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-59510 | 1 Microsoft | 25 Remote, Windows, Windows 10 and 22 more | 2025-12-09 | 5.5 Medium |
| Improper link resolution before file access ('link following') in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to deny service locally. | ||||
| CVE-2025-59509 | 1 Microsoft | 20 Windows, Windows 10, Windows 10 1809 and 17 more | 2025-12-09 | 5.5 Medium |
| Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-61940 | 2 Microsoft, Mirion Medical | 2 Windows, Nmis Biodose | 2025-12-09 | 8.3 High |
| NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the client application is restricted by a password authentication check in the client software but the underlying database connection always has access. The latest version of NMIS/BioDose introduces an option to use Windows user authentication with the database, which would restrict this database connection. | ||||
| CVE-2025-64298 | 2 Microsoft, Mirion Medical | 2 Windows, Nmis Biodose | 2025-12-09 | 8.4 High |
| NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are exposed in the Windows share accessed by clients in networked installs. By default, this directory has insecure directory paths that allow access to the SQL Server database and configuration files, which can contain sensitive data. | ||||