Filtered by vendor Microsoft
Subscriptions
Total
21586 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-47109 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2025-07-14 | 5.5 Medium |
| After Effects versions 25.2, 24.6.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-43587 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2025-07-14 | 5.5 Medium |
| After Effects versions 25.2, 24.6.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-26627 | 1 Microsoft | 1 Azure Arc | 2025-07-13 | 7 High |
| Improper neutralization of special elements used in a command ('command injection') in Azure Arc allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2024-11364 | 2 Microsoft, Rockwellautomation | 2 Windows, Arena | 2025-07-11 | 7.3 High |
| Another “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable prior to it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. | ||||
| CVE-2025-30312 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2025-07-11 | 7.8 High |
| Dimension versions 4.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-47097 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2025-07-11 | 7.8 High |
| InCopy versions 20.3, 19.5.3 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-47098 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2025-07-11 | 7.8 High |
| InCopy versions 20.3, 19.5.3 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-47099 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2025-07-11 | 7.8 High |
| InCopy versions 20.3, 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-47135 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2025-07-11 | 5.5 Medium |
| Dimension versions 4.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-47956 | 1 Microsoft | 1 Windows Security App | 2025-07-11 | 5.5 Medium |
| External control of file name or path in Windows Security App allows an authorized attacker to perform spoofing locally. | ||||
| CVE-2025-47977 | 1 Microsoft | 1 Nuance Digital Engagement Platform | 2025-07-11 | 8.2 High |
| Improper neutralization of input during web page generation ('cross-site scripting') in Nuance Digital Engagement Platform allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-47968 | 1 Microsoft | 1 Autoupdate | 2025-07-11 | 7.8 High |
| Improper input validation in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-47959 | 1 Microsoft | 2 Visual Studio, Visual Studio 2022 | 2025-07-11 | 7.1 High |
| Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network. | ||||
| CVE-2025-47176 | 1 Microsoft | 5 365 Apps, Office, Office 2024 and 2 more | 2025-07-11 | 7.8 High |
| '.../...//' in Microsoft Office Outlook allows an authorized attacker to execute code locally. | ||||
| CVE-2025-47175 | 1 Microsoft | 8 365 Apps, Office, Office 2016 and 5 more | 2025-07-11 | 7.8 High |
| Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-47174 | 1 Microsoft | 6 365 Apps, Excel, Office and 3 more | 2025-07-11 | 7.8 High |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-47173 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-07-11 | 7.8 High |
| Improper input validation in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-47172 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2025-07-11 | 8.8 High |
| Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||||
| CVE-2025-47171 | 1 Microsoft | 8 365 Apps, Office, Office 2019 and 5 more | 2025-07-11 | 6.7 Medium |
| Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally. | ||||
| CVE-2025-47170 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2025-07-11 | 7.8 High |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||