Total
194 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-23136 | 1 Autodesk | 12 Advance Steel, Autocad, Autocad Advance Steel and 9 more | 2025-12-31 | 7.8 High |
| A maliciously crafted STP file in ASMKERN228A.dll when parsed through Autodesk applications can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process. | ||||
| CVE-2025-47325 | 1 Qualcomm | 89 Csr8811, Csr8811 Firmware, Ipq8070 and 86 more | 2025-12-23 | 6.5 Medium |
| Information disclosure while processing system calls with invalid parameters. | ||||
| CVE-2025-54114 | 1 Microsoft | 16 Windows 10 1607, Windows 10 21h2, Windows 10 21h2 and 13 more | 2025-12-23 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-53801 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2025-12-23 | 7.8 High |
| Untrusted pointer dereference in Windows DWM allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54905 | 1 Microsoft | 14 365 Apps, Office, Office 2019 and 11 more | 2025-12-23 | 7.1 High |
| Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2025-47387 | 1 Qualcomm | 1 Snapdragon | 2025-12-18 | 7.8 High |
| Memory Corruption when processing IOCTLs for JPEG data without verification. | ||||
| CVE-2021-47434 | 1 Linux | 1 Linux Kernel | 2025-12-18 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: xhci: Fix command ring pointer corruption while aborting a command The command ring pointer is located at [6:63] bits of the command ring control register (CRCR). All the control bits like command stop, abort are located at [0:3] bits. While aborting a command, we read the CRCR and set the abort bit and write to the CRCR. The read will always give command ring pointer as all zeros. So we essentially write only the control bits. Since we split the 64 bit write into two 32 bit writes, there is a possibility of xHC command ring stopped before the upper dword (all zeros) is written. If that happens, xHC updates the upper dword of its internal command ring pointer with all zeros. Next time, when the command ring is restarted, we see xHC memory access failures. Fix this issue by only writing to the lower dword of CRCR where all control bits are located. | ||||
| CVE-2024-30090 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2025-12-17 | 7 High |
| Microsoft Streaming Service Elevation of Privilege Vulnerability | ||||
| CVE-2024-35250 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2025-12-17 | 7.8 High |
| Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | ||||
| CVE-2025-21381 | 1 Microsoft | 11 365 Apps, Excel, Excel 2016 and 8 more | 2025-12-17 | 7.8 High |
| Microsoft Excel Remote Code Execution Vulnerability | ||||
| CVE-2025-21358 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-12-17 | 7.8 High |
| Windows Core Messaging Elevation of Privileges Vulnerability | ||||
| CVE-2025-24084 | 1 Microsoft | 10 Windows 11 22h2, Windows 11 22h2, Windows 11 23h2 and 7 more | 2025-12-17 | 8.4 High |
| Untrusted pointer dereference in Windows Subsystem for Linux allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-24083 | 1 Microsoft | 9 365 Apps, Office, Office 2016 and 6 more | 2025-12-17 | 7.8 High |
| Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-4993 | 1 Rti | 1 Connext Professional | 2025-12-16 | 9.1 Critical |
| Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.10, from 6.1.0 before 6.1.2.27, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*. | ||||
| CVE-2025-1255 | 1 Rti | 1 Connext Professional | 2025-12-16 | 9.1 Critical |
| Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.2.0 before 7.3.0.9. | ||||
| CVE-2024-38104 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2025-12-09 | 8.8 High |
| Windows Fax Service Remote Code Execution Vulnerability | ||||
| CVE-2024-37969 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2025-12-09 | 8 High |
| Secure Boot Security Feature Bypass Vulnerability | ||||
| CVE-2025-20090 | 1 Intel | 2 Quickassist Technology, Quickassist Technology Firmware | 2025-12-05 | 5.5 Medium |
| Untrusted Pointer Dereference for some Intel(R) QuickAssist Technology software before version 2.5.0 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2025-27710 | 2 Intel, Microsoft | 5 Qat Driver, Qat Driver Firmware, Qat Drivers and 2 more | 2025-11-26 | 6.5 Medium |
| Untrusted pointer dereference for some Intel(R) QAT Windows software before version 2.6.0. within Ring 3: User Applications may allow an information disclosure. System software adversary with an authenticated user combined with a low complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | ||||
| CVE-2025-32446 | 1 Intel | 2 Quickassist Technology, Quickassist Technology Firmware | 2025-11-26 | 6.5 Medium |
| Untrusted pointer dereference for some Intel QuickAssist Technology software before version 2.6.0 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a low complexity attack may enable data manipulation. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (high) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | ||||