Total
6384 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-43368 | 1 Apple | 5 Ios, Ipados, Iphone Os and 2 more | 2025-09-17 | 4.3 Medium |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to an unexpected Safari crash. | ||||
| CVE-2025-10527 | 2 Mozilla, Redhat | 4 Firefox, Firefox Esr, Thunderbird and 1 more | 2025-09-17 | 7.1 High |
| This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3. | ||||
| CVE-2025-8837 | 1 Jasper Project | 1 Jasper | 2025-09-16 | 5.3 Medium |
| A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpc_dec_dump of the file src/libjasper/jpc/jpc_dec.c of the component JPEG2000 File Handler. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named 8308060d3fbc1da10353ac8a95c8ea60eba9c25a. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2025-55224 | 1 Microsoft | 15 Hyper-v, Windows, Windows 10 and 12 more | 2025-09-16 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally. | ||||
| CVE-2025-54912 | 1 Microsoft | 6 Bitlocker, Windows, Windows 10 and 3 more | 2025-09-16 | 7.8 High |
| Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54911 | 1 Microsoft | 20 Bitlocker, Windows, Windows 10 and 17 more | 2025-09-16 | 7.3 High |
| Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54112 | 2025-09-16 | 7 High | ||
| Use after free in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54108 | 2025-09-16 | 7 High | ||
| Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54105 | 2025-09-16 | 7 High | ||
| Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54103 | 1 Microsoft | 6 Windows, Windows 10, Windows 11 and 3 more | 2025-09-16 | 7.4 High |
| Use after free in Windows Management Services allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2025-54092 | 1 Microsoft | 7 Hyper-v, Windows, Windows 10 and 4 more | 2025-09-16 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-53807 | 2025-09-16 | 7 High | ||
| Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-53802 | 2025-09-16 | 7 High | ||
| Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55228 | 1 Microsoft | 6 Windows, Windows 10, Windows 11 and 3 more | 2025-09-16 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally. | ||||
| CVE-2025-55223 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-09-16 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54913 | 2025-09-16 | 7.8 High | ||
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows UI XAML Maps MapControlSettings allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54908 | 1 Microsoft | 7 365 Apps, Apps, Office and 4 more | 2025-09-16 | 7.8 High |
| Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-54906 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-09-16 | 7.8 High |
| Free of memory not on the heap in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-54904 | 1 Microsoft | 13 365, 365 Apps, Excel and 10 more | 2025-09-16 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-54903 | 1 Microsoft | 13 365, 365 Apps, Excel and 10 more | 2025-09-16 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||