Filtered by vendor Microsoft
Subscriptions
Total
21516 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-3619 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-07-15 | 8.8 High |
| Heap buffer overflow in Codecs in Google Chrome on Windows prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2025-47107 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2025-07-15 | 7.8 High |
| InCopy versions 20.2, 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-8196 | 2 Microsoft, Mintplexlabs | 2 Windows, Anythingllm Desktop | 2025-07-15 | N/A |
| In mintplex-labs/anything-llm v1.5.11 desktop version for Windows, the application opens server port 3001 on 0.0.0.0 with no authentication by default. This vulnerability allows an attacker to gain full backend access, enabling them to perform actions such as deleting all data from the workspace. | ||||
| CVE-2025-43580 | 3 Adobe, Apple, Microsoft | 3 Audition, Macos, Windows | 2025-07-15 | 5.5 Medium |
| Audition versions 25.2, 24.6.3 and earlier are affected by an Access of Memory Location After End of Buffer vulnerability that could result in application denial-of-service. An attacker could leverage this vulnerability to crash the application or disrupt its functionality. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-26684 | 1 Microsoft | 1 Defender For Endpoint | 2025-07-15 | 6.7 Medium |
| External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-47161 | 1 Microsoft | 1 Defender For Endpoint | 2025-07-15 | 7.8 High |
| Improper access control in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-21264 | 1 Microsoft | 1 Visual Studio Code | 2025-07-15 | 7.1 High |
| Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2025-30394 | 1 Microsoft | 6 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 3 more | 2025-07-15 | 5.9 Medium |
| Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2025-30376 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-07-15 | 7.8 High |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-30381 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-07-15 | 7.8 High |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-24063 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-15 | 7.8 High |
| Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-47732 | 1 Microsoft | 1 Dataverse | 2025-07-15 | 8.7 High |
| Microsoft Dataverse Remote Code Execution Vulnerability | ||||
| CVE-2025-47733 | 1 Microsoft | 1 Power Apps | 2025-07-15 | 9.1 Critical |
| Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an unauthorized attacker to disclose information over a network | ||||
| CVE-2025-29813 | 1 Microsoft | 1 Azure Devops | 2025-07-15 | 10 Critical |
| [Spoofable identity claims] Authentication Bypass by Assumed-Immutable Data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-29827 | 1 Microsoft | 1 Azure Automation | 2025-07-15 | 9.9 Critical |
| Improper Authorization in Azure Automation allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-29972 | 1 Microsoft | 1 Azure Storage Resource Provider | 2025-07-15 | 9.9 Critical |
| Server-Side Request Forgery (SSRF) in Azure allows an authorized attacker to perform spoofing over a network. | ||||
| CVE-2025-32707 | 1 Microsoft | 7 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 4 more | 2025-07-15 | 7.8 High |
| Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2025-32705 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2025-07-15 | 7.8 High |
| Out-of-bounds read in Microsoft Office Outlook allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-32704 | 1 Microsoft | 4 365 Apps, Excel, Office and 1 more | 2025-07-15 | 8.4 High |
| Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-32702 | 1 Microsoft | 2 Visual Studio 2019, Visual Studio 2022 | 2025-07-15 | 7.8 High |
| Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally. | ||||