Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows
Subscriptions
Total
8478 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-47039 | 3 Microsoft, Perl, Redhat | 3 Windows, Perl, Enterprise Linux | 2025-09-12 | 7.8 High |
| A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permissions, such as `C:\ProgramData`. By doing so, arbitrary code can be executed when an administrator attempts to use this executable from these compromised locations. | ||||
| CVE-2025-58322 | 2 Microsoft, Navercorp | 2 Windows, Mybox | 2025-09-12 | 7.8 High |
| NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM by invoking arbitrary DLLs due to improper privilege checks. | ||||
| CVE-2025-54241 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2025-09-12 | 5.5 Medium |
| After Effects versions 25.3, 24.6.7 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure, potentially disclosing sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-54240 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2025-09-12 | 5.5 Medium |
| After Effects versions 25.3, 24.6.7 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure, potentially disclosing sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-54239 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2025-09-12 | 5.5 Medium |
| After Effects versions 25.3, 24.6.7 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure, potentially disclosing sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-58135 | 2 Microsoft, Zoom | 4 Windows, Workplace, Workplace App and 1 more | 2025-09-12 | 5.3 Medium |
| Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosure of information via network access. | ||||
| CVE-2025-58134 | 2 Microsoft, Zoom | 4 Windows, Workplace, Workplace App and 1 more | 2025-09-12 | 4.3 Medium |
| Incorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated user to conduct an impact to integrity via network access. | ||||
| CVE-2025-49459 | 3 Arm, Microsoft, Zoom | 5 Arm, Windows, Workplace and 2 more | 2025-09-12 | 7.8 High |
| Missing authorization in the installer for Zoom Workplace for Windows on ARM before version 6.5.0 may allow an authenticated user to conduct an escalation of privilege via local access. | ||||
| CVE-2025-10199 | 2 Lizardbyte, Microsoft | 2 Sunshine, Windows | 2025-09-12 | 7.8 High |
| A local privilege escalation vulnerability exists in Sunshine for Windows (version v2025.122.141614 and likely prior versions) due to an unquoted service path. | ||||
| CVE-2025-43491 | 2 Hp, Microsoft | 2 Poly Lens, Windows | 2025-09-12 | N/A |
| A vulnerability in the Poly Lens Desktop application running on the Windows platform might allow modifications to the filesystem, which might lead to SYSTEM level privileges being granted. | ||||
| CVE-2025-10198 | 2 Lizardbyte, Microsoft | 2 Sunshine, Windows | 2025-09-12 | 7.8 High |
| Sunshine for Windows, version v2025.122.141614, contains a DLL search-order hijacking vulnerability, allowing attackers to insert a malicious DLL in user-writeable PATH directories. | ||||
| CVE-2025-10225 | 2 Axxonsoft, Microsoft | 2 Axxon One, Windows | 2025-09-12 | 7.5 High |
| Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) in the OpenSSL-based session module in AxxonSoft Axxon One 2.0.6 and earlier on Windows allows a remote attacker under high load conditions to cause application crashes or unpredictable behavior via triggering memory reallocation errors when handling expired session keys. | ||||
| CVE-2025-10224 | 2 Axxonsoft, Microsoft | 2 Axxon One, Windows | 2025-09-12 | 5.4 Medium |
| Improper Authentication (CWE-287) in the LDAP authentication engine in AxxonSoft Axxon One 2.0.2 and earlier on Windows allows a remote authenticated user to be denied access or misassigned roles via incorrect evaluation of nested LDAP group memberships during login. | ||||
| CVE-2025-40979 | 2 Grandstream, Microsoft | 3 Wave, Windows, Windows 11 | 2025-09-12 | N/A |
| DLL search order hijacking vulnerability in the wave.exe executable for Windows 11, version 1.27.8. Exploitation of this vulnerability could allow attackers with local access to execute arbitrary code by placing an arbitrary file in the 'C:\Users<user>\AppData\Local\Temp' directory, which could lead to arbitrary code execution and persistence. This vulnerability is only replicable in versions of Windows 11 and does not affect earlier versions. | ||||
| CVE-2025-10220 | 2 Axxonsoft, Microsoft | 2 Axxon One, Windows | 2025-09-12 | 9.8 Critical |
| Use of Unmaintained Third Party Components (CWE-1104) in the NuGet dependency components in AxxonSoft Axxon One VMS 2.0.0 through 2.0.4 on Windows allows a remote attacker to execute arbitrary code or bypass security features via exploitation of vulnerable third-party packages such as Google.Protobuf, DynamicData, System.Runtime.CompilerServices.Unsafe, and others. | ||||
| CVE-2025-10226 | 3 Axxonsoft, Linux, Microsoft | 3 Axxon One, Linux, Windows | 2025-09-12 | 9.8 Critical |
| Dependency on Vulnerable Third-Party Component (CWE-1395) in the PostgreSQL backend in AxxonSoft Axxon One 2.0.8 and earlier on Windows and Linux allows a remote attacker to escalate privileges, execute arbitrary code, or cause denial-of-service via exploitation of multiple known CVEs present in PostgreSQL v10.x, which are resolved in PostgreSQL 17.4. | ||||
| CVE-2025-10222 | 2 Axxonsoft, Microsoft | 2 Axxon One, Windows | 2025-09-12 | 3.3 Low |
| Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) in the diagnostic dump component in AxxonSoft Axxon One VMS 2.0.0 through 2.0.1 on Windows allows a local attacker to obtain licensing-related information such as timestamps, license states, and registry values via reading diagnostic export files created by the built-in troubleshooting tool. | ||||
| CVE-2025-10227 | 3 Axxonsoft, Linux, Microsoft | 3 Axxon One, Linux, Windows | 2025-09-12 | 4.6 Medium |
| Missing Encryption of Sensitive Data (CWE-311) in the Object Archive component in AxxonSoft Axxon One before 2.0.8 on Windows and Linux allows a local attacker with access to exported storage or stolen physical drives to extract sensitive archive data in plaintext via lack of encryption at rest. | ||||
| CVE-2025-10213 | 1 Microsoft | 1 Windows | 2025-09-12 | N/A |
| DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a dxtn.dll file of their choice in the 'C:\Users\<user>\AppData\Local\Microsoft\WindowsApps\' directory, which could lead to arbitrary code execution and persistence. | ||||
| CVE-2025-10223 | 2 Axxonsoft, Microsoft | 2 Axxon One, Windows | 2025-09-12 | 5.4 Medium |
| Insufficient Session Expiration (CWE-613) in the Web Admin Panel in AxxonSoft Axxon One prior to 2.0.3 on Windows allows a local or remote authenticated attacker to retain access with removed privileges via continued use of an unexpired session token until natural expiration. | ||||