Filtered by vendor Microsoft
Subscriptions
Total
22095 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54902 | 1 Microsoft | 11 365, 365 Apps, Excel and 8 more | 2025-09-16 | 7.8 High |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-54899 | 1 Microsoft | 12 365, 365 Apps, Excel and 9 more | 2025-09-16 | 7.8 High |
| Free of memory not on the heap in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-54898 | 1 Microsoft | 12 365, 365 Apps, Excel and 9 more | 2025-09-16 | 7.8 High |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-54897 | 1 Microsoft | 1 Sharepoint Server | 2025-09-16 | 8.8 High |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||||
| CVE-2025-54896 | 1 Microsoft | 12 365, 365 Apps, Excel and 9 more | 2025-09-16 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-54895 | 1 Microsoft | 5 Windows, Windows 10, Windows 11 and 2 more | 2025-09-16 | 7.8 High |
| Integer overflow or wraparound in Windows SPNEGO Extended Negotiation allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54099 | 1 Microsoft | 5 Windows, Windows 10, Windows 11 and 2 more | 2025-09-16 | 7 High |
| Stack-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54097 | 1 Microsoft | 5 Windows, Windows Server, Windows Server 2008 and 2 more | 2025-09-16 | 6.5 Medium |
| Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-49734 | 1 Microsoft | 6 Powershell, Windows, Windows 10 and 3 more | 2025-09-16 | 7 High |
| Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-33053 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-09-16 | 8.8 High |
| External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-32706 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-09-16 | 7.8 High |
| Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-8088 | 3 Dtsearch, Microsoft, Rarlab | 3 Dtsearch, Windows, Winrar | 2025-09-16 | 8.8 High |
| A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET. | ||||
| CVE-2019-1064 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1703, Windows 10 1709 and 8 more | 2025-09-15 | 7.8 High |
| An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by correcting how Windows AppX Deployment Service handles hard links. | ||||
| CVE-2019-1069 | 1 Microsoft | 12 Windows 10, Windows 10 1507, Windows 10 1607 and 9 more | 2025-09-15 | 7.8 High |
| An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system. To exploit the vulnerability, an attacker would require unprivileged code execution on a victim system. The security update addresses the vulnerability by correctly validating file operations. | ||||
| CVE-2025-55526 | 2 Microsoft, N8n | 5 Windows 11, Fastapi, N8n and 2 more | 2025-09-15 | 9.1 Critical |
| n8n-workflows Main Commit ee25413 allows attackers to execute a directory traversal via the download_workflow function within api_server.py | ||||
| CVE-2025-33073 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-09-15 | 8.8 High |
| Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2024-30078 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-09-15 | 8.8 High |
| Windows Wi-Fi Driver Remote Code Execution Vulnerability | ||||
| CVE-2025-48799 | 1 Microsoft | 8 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 5 more | 2025-09-15 | 7.8 High |
| Improper link resolution before file access ('link following') in Windows Update Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-47981 | 1 Microsoft | 18 Windows, Windows 10, Windows 10 1507 and 15 more | 2025-09-15 | 9.8 Critical |
| Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2024-6768 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2025-09-15 | N/A |
| A Denial of Service in CLFS.sys in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated low-privilege user to cause a Blue Screen of Death via a forced call to the KeBugCheckEx function. | ||||