Filtered by vendor Microsoft
Subscriptions
Total
22703 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-55336 | 1 Microsoft | 22 Windows, Windows 10, Windows 10 1809 and 19 more | 2025-11-22 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows Cloud Files Mini Filter Driver allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-55335 | 1 Microsoft | 26 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 23 more | 2025-11-22 | 7.4 High |
| Use after free in Windows NTFS allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2025-55333 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2025-11-22 | 6.1 Medium |
| Incomplete comparison with missing factors in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | ||||
| CVE-2025-55325 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2025-11-22 | 5.5 Medium |
| Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-55320 | 1 Microsoft | 5 Configuration Manager, Configuration Manager 2403, Configuration Manager 2409 and 2 more | 2025-11-22 | 6.8 Medium |
| Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to elevate privileges over an adjacent network. | ||||
| CVE-2025-24052 | 1 Microsoft | 30 Windows, Windows 10, Windows 10 1507 and 27 more | 2025-11-22 | 7.8 High |
| Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update. Fax modem hardware dependent on this specific driver will no longer work on Windows. Microsoft recommends removing any existing dependencies on this hardware. | ||||
| CVE-2025-24990 | 1 Microsoft | 30 Windows, Windows 10, Windows 10 1507 and 27 more | 2025-11-22 | 7.8 High |
| Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update. Fax modem hardware dependent on this specific driver will no longer work on Windows. Microsoft recommends removing any existing dependencies on this hardware. | ||||
| CVE-2025-55315 | 2 Microsoft, Redhat | 4 Asp.net Core, Visual Studio, Visual Studio 2022 and 1 more | 2025-11-22 | 9.9 Critical |
| Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network. | ||||
| CVE-2025-55247 | 3 Linux, Microsoft, Redhat | 3 Linux Kernel, .net, Enterprise Linux | 2025-11-22 | 7.3 High |
| Improper link resolution before file access ('link following') in .NET allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-53782 | 1 Microsoft | 4 Exchange Server, Exchange Server 2016, Exchange Server 2019 and 1 more | 2025-11-22 | 8.4 High |
| Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2025-50174 | 1 Microsoft | 5 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 2 more | 2025-11-22 | 7 High |
| Use after free in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-48004 | 1 Microsoft | 11 Windows 11 22h2, Windows 11 22h2, Windows 11 23h2 and 8 more | 2025-11-22 | 7.4 High |
| Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2025-47989 | 1 Microsoft | 3 Arc Enabled Servers Azure Connected Machine Agent, Azure, Azure Connected Machine Agent | 2025-11-22 | 7 High |
| Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2011-2462 | 5 Adobe, Apple, Microsoft and 2 more | 6 Acrobat, Acrobat Reader, Mac Os X and 3 more | 2025-11-22 | 8.8 High |
| Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011. | ||||
| CVE-2014-0546 | 2 Adobe, Microsoft | 3 Acrobat, Acrobat Reader, Windows | 2025-11-22 | 8.8 High |
| Adobe Reader and Acrobat 10.x before 10.1.11 and 11.x before 11.0.08 on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context, via unspecified vectors. | ||||
| CVE-2025-12905 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-11-21 | 5.4 Medium |
| Inappropriate implementation in Downloads in Google Chrome on Windows prior to 140.0.7339.80 allowed a remote attacker to bypass Mark of the Web via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2025-54114 | 1 Microsoft | 16 Windows 10 1607, Windows 10 21h2, Windows 10 21h2 and 13 more | 2025-11-21 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59251 | 1 Microsoft | 1 Edge Chromium | 2025-11-21 | 7.6 High |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | ||||
| CVE-2025-55322 | 1 Microsoft | 1 Omniparser | 2025-11-21 | 7.3 High |
| Binding to an unrestricted ip address in GitHub allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-54914 | 1 Microsoft | 2 Azure, Azure Networking | 2025-11-21 | 10 Critical |
| Azure Networking Elevation of Privilege Vulnerability | ||||