Filtered by vendor Microsoft
Subscribe
Total
21912 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-53149 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-09-06 | N/A | 7.8 HIGH |
| Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-32098 | 2 Microsoft, Samsung | 2 Windows, Magician | 2025-09-05 | N/A | 5.3 MEDIUM |
| An issue was discovered in Samsung Magician 6.3 through 8.3 on Windows. An attacker can achieve Elevation of Privileges to SYSTEM by exploiting insecure file delete operations during the update process. | |||||
| CVE-2024-54138 | 1 Microsoft | 1 Nugetgallery | 2025-09-05 | N/A | 6.1 MEDIUM |
| NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks. This oversight allows attackers to exploit autolinks as a vector for Cross-Site Scripting (XSS) attacks. This vulnerability is fixed in 2024.12.06. | |||||
| CVE-2024-47535 | 2 Microsoft, Netty | 2 Windows, Netty | 2025-09-05 | N/A | 5.5 MEDIUM |
| Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115. | |||||
| CVE-2024-37304 | 1 Microsoft | 1 Nugetgallery | 2025-09-04 | N/A | 6.1 MEDIUM |
| NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks. This oversight allows attackers to exploit autolinks as a vector for Cross-Site Scripting (XSS) attacks. When a user inputs a Markdown autolink such as `<javascript:alert(1)>`, the link is rendered without proper sanitization. This means that the JavaScript code within the autolink can be executed by the browser, leading to an XSS attack. Version 2024.05.28 contains a patch for this issue. | |||||
| CVE-2024-24916 | 2 Checkpoint, Microsoft | 2 Smartconsole, Windows | 2025-09-04 | N/A | 6.5 MEDIUM |
| Untrusted DLLs in the installer's directory may be loaded and executed, leading to potentially arbitrary code execution with the installer's privileges (admin). | |||||
| CVE-2024-51736 | 2 Microsoft, Sensiolabs | 2 Windows, Symfony | 2025-09-04 | N/A | N/A |
| Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named `cmd.exe` is located in the current working directory it will be called by the `Process` class when preparing command arguments, leading to possible hijacking. This issue has been addressed in release versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2025-9491 | 1 Microsoft | 1 Windows 11 23h2 | 2025-09-03 | N/A | 7.8 HIGH |
| Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of .LNK files. Crafted data in an .LNK file can cause hazardous content in the file to be invisible to a user who inspects the file via the Windows-provided user interface. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25373. | |||||
| CVE-2024-24915 | 2 Checkpoint, Microsoft | 2 Smartconsole, Windows | 2025-09-03 | N/A | 6.1 MEDIUM |
| Credentials are not cleared from memory after being used. A user with Administrator permissions can execute memory dump for SmartConsole process and fetch them. | |||||
| CVE-2025-25007 | 1 Microsoft | 1 Exchange Server | 2025-09-03 | N/A | 5.3 MEDIUM |
| Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2025-25006 | 1 Microsoft | 1 Exchange Server | 2025-09-03 | N/A | 5.3 MEDIUM |
| Improper handling of additional special element in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2025-53783 | 1 Microsoft | 5 Dynamics 365 Guides, Dynamics 365 Remote Assist, Teams and 2 more | 2025-09-03 | N/A | 7.5 HIGH |
| Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-33051 | 1 Microsoft | 1 Exchange Server | 2025-09-03 | N/A | 7.5 HIGH |
| Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2025-9478 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-09-02 | N/A | 8.8 HIGH |
| Use after free in ANGLE in Google Chrome prior to 139.0.7258.154 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | |||||
| CVE-2023-38581 | 2 Intel, Microsoft | 2 Power Gadget, Windows | 2025-09-02 | N/A | 8.8 HIGH |
| Buffer overflow in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-28952 | 2 Intel, Microsoft | 3 Integrated Performance Primitives, Oneapi Base Toolkit, Windows | 2025-09-02 | N/A | 6.7 MEDIUM |
| Uncontrolled search path for some Intel(R) IPP software for Windows before version 2021.12.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-17144 | 1 Microsoft | 1 Exchange Server | 2025-08-29 | 6.0 MEDIUM | 8.4 HIGH |
| Microsoft Exchange Remote Code Execution Vulnerability | |||||
| CVE-2020-17158 | 1 Microsoft | 1 Dynamics 365 | 2025-08-28 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability | |||||
| CVE-2020-17156 | 1 Microsoft | 2 Visual Studio 2017, Visual Studio 2019 | 2025-08-28 | 6.8 MEDIUM | 7.8 HIGH |
| Visual Studio Remote Code Execution Vulnerability | |||||
| CVE-2020-17153 | 1 Microsoft | 1 Edge | 2025-08-28 | 5.8 MEDIUM | 4.3 MEDIUM |
| Microsoft Edge for Android Spoofing Vulnerability | |||||