Filtered by vendor Microsoft
Subscribe
Total
20944 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-29975 | 1 Microsoft | 1 Pc Manager | 2025-05-19 | N/A | 7.8 HIGH |
| Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-29976 | 1 Microsoft | 16 Sharepoint Server, Windows 10 1507, Windows 10 1607 and 13 more | 2025-05-19 | N/A | 7.8 HIGH |
| Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-29978 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2025-05-19 | N/A | 7.8 HIGH |
| Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-30381 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-05-19 | N/A | 7.8 HIGH |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-30379 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-05-19 | N/A | 7.8 HIGH |
| Release of invalid pointer or reference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-30377 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-05-19 | N/A | 8.4 HIGH |
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-30376 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-05-19 | N/A | 7.8 HIGH |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-30375 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-05-19 | N/A | 7.8 HIGH |
| Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-30382 | 1 Microsoft | 1 Sharepoint Server | 2025-05-19 | N/A | 7.8 HIGH |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-32709 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-05-16 | N/A | 7.8 HIGH |
| Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-30397 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-05-16 | N/A | 7.5 HIGH |
| Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-30400 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-05-16 | N/A | 7.8 HIGH |
| Use after free in Windows DWM allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-32701 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-05-16 | N/A | 7.8 HIGH |
| Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-32706 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-05-16 | N/A | 7.8 HIGH |
| Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2022-28887 | 3 Apple, F-secure, Microsoft | 8 Macos, Atlant, Elements Endpoint Detection And Response and 5 more | 2025-05-15 | N/A | 4.3 MEDIUM |
| Multiple Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl.dll unpacker handler function crashes. This can lead to a possible scanning engine crash. | |||||
| CVE-2025-30328 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2025-05-15 | N/A | 7.8 HIGH |
| Animate versions 24.0.8, 23.0.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-30329 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2025-05-15 | N/A | 5.5 MEDIUM |
| Animate versions 24.0.8, 23.0.11 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-30330 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2025-05-15 | N/A | 7.8 HIGH |
| Illustrator versions 29.3, 28.7.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-43545 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2025-05-15 | N/A | 7.8 HIGH |
| Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-43546 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2025-05-15 | N/A | 7.8 HIGH |
| Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||