Total
5827 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-55223 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-09-12 | N/A | 7.0 HIGH |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-50518 | 2025-09-11 | N/A | 9.8 CRITICAL | ||
| A use-after-free vulnerability exists in the coap_delete_pdu_lkd function within coap_pdu.c of the libcoap library. This issue occurs due to improper handling of memory after the freeing of a PDU object, leading to potential memory corruption or the possibility of executing arbitrary code. NOTE: this is disputed by the Supplier because it only occurs when an application uses libcoap incorrectly. | |||||
| CVE-2025-54103 | 2025-09-11 | N/A | 7.4 HIGH | ||
| Use after free in Windows Management Services allows an unauthorized attacker to elevate privileges locally. | |||||
| CVE-2025-54105 | 2025-09-11 | N/A | 7.0 HIGH | ||
| Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-54913 | 2025-09-11 | N/A | 7.8 HIGH | ||
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows UI XAML Maps MapControlSettings allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-54902 | 2025-09-11 | N/A | 7.8 HIGH | ||
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-55228 | 2025-09-11 | N/A | 7.8 HIGH | ||
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally. | |||||
| CVE-2025-54111 | 2025-09-11 | N/A | 7.8 HIGH | ||
| Use after free in Windows UI XAML Phone DatePickerFlyout allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-54112 | 2025-09-11 | N/A | 7.0 HIGH | ||
| Use after free in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-54912 | 2025-09-11 | N/A | 7.8 HIGH | ||
| Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-54092 | 2025-09-11 | N/A | 7.8 HIGH | ||
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-53802 | 2025-09-11 | N/A | 7.0 HIGH | ||
| Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-54102 | 2025-09-11 | N/A | 7.8 HIGH | ||
| Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-54101 | 2025-09-11 | N/A | 4.8 MEDIUM | ||
| Use after free in Windows SMBv3 Client allows an authorized attacker to execute code over a network. | |||||
| CVE-2025-54108 | 2025-09-11 | N/A | 7.0 HIGH | ||
| Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-53807 | 2025-09-11 | N/A | 7.0 HIGH | ||
| Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-10200 | 2025-09-11 | N/A | 8.8 HIGH | ||
| Use after free in Serviceworker in Google Chrome on Desktop prior to 140.0.7339.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | |||||
| CVE-2025-8176 | 1 Libtiff | 1 Libtiff | 2025-09-11 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2025-57616 | 1 Meh.schizofreni | 1 Rust-ffmpeg | 2025-09-10 | N/A | 7.5 HIGH |
| An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) A use-after-free vulnerability in the write_interleaved method allows an attacker to cause a denial of service or memory corruption. The method violates Rust's aliasing rules by modifying a data structure through a mutable pointer while only holding an immutable reference, which can lead to undefined behavior when the data is accessed later. | |||||
| CVE-2025-20006 | 1 Intel | 4 Proset\/wireless Wifi, Wi-fi 7 Be200, Wi-fi 7 Be201 and 1 more | 2025-09-10 | N/A | 7.4 HIGH |
| Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | |||||