Filtered by vendor Microsoft
Subscribe
Total
21654 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-41165 | 1 Microsoft | 1 Word | 2025-08-22 | N/A | 7.1 HIGH |
| A library injection vulnerability exists in Microsoft Word 16.83 for macOS. A specially crafted library can leverage Word's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions. | |||||
| CVE-2024-43106 | 1 Microsoft | 1 Excel | 2025-08-22 | N/A | 7.1 HIGH |
| A library injection vulnerability exists in Microsoft Excel 16.83 for macOS. A specially crafted library can leverage Excel's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions. | |||||
| CVE-2024-42220 | 1 Microsoft | 1 Outlook | 2025-08-22 | N/A | 7.1 HIGH |
| A library injection vulnerability exists in Microsoft Outlook 16.83.3 for macOS. A specially crafted library can leverage Outlook's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions. | |||||
| CVE-2024-29072 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2025-08-22 | N/A | 8.2 HIGH |
| A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability occurs due to improper certification validation of the updater executable before executing it. A low privilege user can trigger the update action which can result in unexpected elevation of privilege. | |||||
| CVE-2024-25575 | 3 Apple, Foxit, Microsoft | 4 Macos, Pdf Editor, Pdf Reader and 1 more | 2025-08-22 | N/A | 8.8 HIGH |
| A type confusion vulnerability vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Lock object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. | |||||
| CVE-2024-25648 | 3 Apple, Foxit, Microsoft | 4 Macos, Pdf Editor, Pdf Reader and 1 more | 2025-08-22 | N/A | 8.8 HIGH |
| A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a ComboBox widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. | |||||
| CVE-2024-25938 | 3 Apple, Foxit, Microsoft | 4 Macos, Pdf Editor, Pdf Reader and 1 more | 2025-08-22 | N/A | 8.8 HIGH |
| A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Barcode widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. | |||||
| CVE-2018-25032 | 12 Apple, Azul, Debian and 9 more | 39 Mac Os X, Macos, Zulu and 36 more | 2025-08-21 | 5.0 MEDIUM | 7.5 HIGH |
| zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. | |||||
| CVE-2025-48807 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2025-08-21 | N/A | 6.7 MEDIUM |
| Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally. | |||||
| CVE-2025-9132 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-08-21 | N/A | 8.8 HIGH |
| Out of bounds write in V8 in Google Chrome prior to 139.0.7258.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-25015 | 3 Ibm, Linux, Microsoft | 5 Aix, Linux On Ibm Z, Mq and 2 more | 2025-08-21 | N/A | 7.5 HIGH |
| IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all available resources. IBM X-Force ID: 281278. | |||||
| CVE-2025-8088 | 3 Dtsearch, Microsoft, Rarlab | 3 Dtsearch, Windows, Winrar | 2025-08-21 | N/A | 8.8 HIGH |
| A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET. | |||||
| CVE-2025-25005 | 1 Microsoft | 1 Exchange Server | 2025-08-21 | N/A | 6.5 MEDIUM |
| Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network. | |||||
| CVE-2025-49707 | 1 Microsoft | 22 Dcadsv5-series Azure Vm, Dcadsv5-series Azure Vm Firmware, Dcasv5-series Azure Vm and 19 more | 2025-08-20 | N/A | 7.9 HIGH |
| Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally. | |||||
| CVE-2025-24789 | 2 Microsoft, Snowflake | 2 Windows, Snowflake Jdbc | 2025-08-20 | N/A | 7.8 HIGH |
| Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. When the EXTERNALBROWSER authentication method is used on Windows, an attacker with write access to a directory in the %PATH% can escalate their privileges to the user that runs the vulnerable JDBC Driver version. This vulnerability affects versions 3.2.3 through 3.21.0 on Windows. Snowflake fixed the issue in version 3.22.0. | |||||
| CVE-2021-27081 | 1 Microsoft | 1 Eslint | 2025-08-20 | 9.3 HIGH | 7.8 HIGH |
| Visual Studio Code ESLint Extension Remote Code Execution Vulnerability | |||||
| CVE-2020-1481 | 1 Microsoft | 1 Eslint | 2025-08-20 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists in the ESLint extension for Visual Studio Code when it validates source code after opening a project, aka 'Visual Studio Code ESLint Extention Remote Code Execution Vulnerability'. | |||||
| CVE-2025-1992 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2025-08-20 | N/A | 5.3 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user in federation environment, to cause a denial of service due to insufficient release of allocated memory after usage. | |||||
| CVE-2024-52896 | 3 Ibm, Linux, Microsoft | 4 Linux On Ibm Z, Mq, Linux Kernel and 1 more | 2025-08-19 | N/A | 6.2 MEDIUM |
| IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. | |||||
| CVE-2024-52897 | 3 Ibm, Linux, Microsoft | 4 Linux On Ibm Z, Mq, Linux Kernel and 1 more | 2025-08-19 | N/A | 6.2 MEDIUM |
| IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. | |||||