Filtered by vendor Microsoft
Subscriptions
Total
22113 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-40979 | 2 Grandstream, Microsoft | 3 Wave, Windows, Windows 11 | 2025-09-12 | N/A |
| DLL search order hijacking vulnerability in the wave.exe executable for Windows 11, version 1.27.8. Exploitation of this vulnerability could allow attackers with local access to execute arbitrary code by placing an arbitrary file in the 'C:\Users<user>\AppData\Local\Temp' directory, which could lead to arbitrary code execution and persistence. This vulnerability is only replicable in versions of Windows 11 and does not affect earlier versions. | ||||
| CVE-2025-10220 | 2 Axxonsoft, Microsoft | 2 Axxon One, Windows | 2025-09-12 | 9.8 Critical |
| Use of Unmaintained Third Party Components (CWE-1104) in the NuGet dependency components in AxxonSoft Axxon One VMS 2.0.0 through 2.0.4 on Windows allows a remote attacker to execute arbitrary code or bypass security features via exploitation of vulnerable third-party packages such as Google.Protobuf, DynamicData, System.Runtime.CompilerServices.Unsafe, and others. | ||||
| CVE-2025-10226 | 3 Axxonsoft, Linux, Microsoft | 3 Axxon One, Linux, Windows | 2025-09-12 | 9.8 Critical |
| Dependency on Vulnerable Third-Party Component (CWE-1395) in the PostgreSQL backend in AxxonSoft Axxon One 2.0.8 and earlier on Windows and Linux allows a remote attacker to escalate privileges, execute arbitrary code, or cause denial-of-service via exploitation of multiple known CVEs present in PostgreSQL v10.x, which are resolved in PostgreSQL 17.4. | ||||
| CVE-2025-10222 | 2 Axxonsoft, Microsoft | 2 Axxon One, Windows | 2025-09-12 | 3.3 Low |
| Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) in the diagnostic dump component in AxxonSoft Axxon One VMS 2.0.0 through 2.0.1 on Windows allows a local attacker to obtain licensing-related information such as timestamps, license states, and registry values via reading diagnostic export files created by the built-in troubleshooting tool. | ||||
| CVE-2025-10227 | 3 Axxonsoft, Linux, Microsoft | 3 Axxon One, Linux, Windows | 2025-09-12 | 4.6 Medium |
| Missing Encryption of Sensitive Data (CWE-311) in the Object Archive component in AxxonSoft Axxon One before 2.0.8 on Windows and Linux allows a local attacker with access to exported storage or stolen physical drives to extract sensitive archive data in plaintext via lack of encryption at rest. | ||||
| CVE-2025-10213 | 1 Microsoft | 1 Windows | 2025-09-12 | N/A |
| DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a dxtn.dll file of their choice in the 'C:\Users\<user>\AppData\Local\Microsoft\WindowsApps\' directory, which could lead to arbitrary code execution and persistence. | ||||
| CVE-2025-10223 | 2 Axxonsoft, Microsoft | 2 Axxon One, Windows | 2025-09-12 | 5.4 Medium |
| Insufficient Session Expiration (CWE-613) in the Web Admin Panel in AxxonSoft Axxon One prior to 2.0.3 on Windows allows a local or remote authenticated attacker to retain access with removed privileges via continued use of an unexpired session token until natural expiration. | ||||
| CVE-2025-10231 | 2 Microsoft, N-able | 2 Windows, N-central | 2025-09-11 | 7 High |
| An Incorrect File Handling Permission bug exists on the N-central Windows Agent and Probe that, in the right circumstances, can allow a local low-level user to run commands with elevated permissions. | ||||
| CVE-2025-10221 | 1 Microsoft | 1 Windows | 2025-09-11 | 5.5 Medium |
| Insertion of Sensitive Information into Log File (CWE-532) in the ARP Agent component in AxxonSoft Axxon One / AxxonNet 2.0.4 and earlier on Windows platforms allows a local attacker to obtain plaintext credentials via reading TRACE log files containing serialized JSON with passwords. | ||||
| CVE-2025-10215 | 1 Microsoft | 1 Windows | 2025-09-11 | N/A |
| DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a FREngine.dll file of their choice in the 'C:\Users\Public\AppData\Local\UPDF\FREngine\Bin64\' directory, which could lead to arbitrary code execution and persistence. | ||||
| CVE-2025-10214 | 1 Microsoft | 1 Windows | 2025-09-11 | N/A |
| DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a FREngine.dll file of their choice in the 'C:\Users\<user>\AppData\Local\UPDF\FREngine\Bin64\' directory, which could lead to arbitrary code execution and persistence. | ||||
| CVE-2025-29954 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-09-10 | 5.9 Medium |
| Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2025-26684 | 1 Microsoft | 1 Defender For Endpoint | 2025-09-10 | 6.7 Medium |
| External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-47161 | 1 Microsoft | 1 Defender For Endpoint | 2025-09-10 | 7.8 High |
| Improper access control in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-21264 | 1 Microsoft | 1 Visual Studio Code | 2025-09-10 | 7.1 High |
| Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2025-30394 | 1 Microsoft | 6 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 3 more | 2025-09-10 | 5.9 Medium |
| Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2025-30376 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-09-10 | 7.8 High |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-30381 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-09-10 | 7.8 High |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-24063 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-09-10 | 7.8 High |
| Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-47732 | 1 Microsoft | 1 Dataverse | 2025-09-10 | 8.7 High |
| Microsoft Dataverse Remote Code Execution Vulnerability | ||||