Total
6098 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-26648 | 2025-04-30 | 7.8 High | ||
| Sensitive data storage in improperly locked memory in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-26640 | 2025-04-30 | 7 High | ||
| Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-29824 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2025-04-30 | 7.8 High |
| Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-29823 | 2025-04-30 | 7.8 High | ||
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-29820 | 2025-04-30 | 7.8 High | ||
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-29792 | 2025-04-30 | 7.3 High | ||
| Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-27750 | 2025-04-30 | 7.8 High | ||
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-27751 | 2025-04-30 | 7.8 High | ||
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-27749 | 2025-04-30 | 7.8 High | ||
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-27748 | 2025-04-30 | 7.8 High | ||
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-27746 | 2025-04-30 | 7.8 High | ||
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-27745 | 2025-04-30 | 7.8 High | ||
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-27476 | 2025-04-30 | 7.8 High | ||
| Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-26687 | 2025-04-30 | 7.5 High | ||
| Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-26681 | 2025-04-30 | 6.7 Medium | ||
| Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-26663 | 2025-04-30 | 8.1 High | ||
| Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-31197 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-04-30 | 5.7 Medium |
| The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may cause an unexpected app termination. | ||||
| CVE-2025-22041 | 1 Linux | 1 Linux Kernel | 2025-04-30 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_sessions_deregister() In multichannel mode, UAF issue can occur in session_deregister when the second channel sets up a session through the connection of the first channel. session that is freed through the global session table can be accessed again through ->sessions of connection. | ||||
| CVE-2025-22040 | 1 Linux | 1 Linux Kernel | 2025-04-30 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix session use-after-free in multichannel connection There is a race condition between session setup and ksmbd_sessions_deregister. The session can be freed before the connection is added to channel list of session. This patch check reference count of session before freeing it. | ||||
| CVE-2023-36041 | 1 Microsoft | 4 365 Apps, Excel, Office and 1 more | 2025-04-29 | 7.8 High |
| Microsoft Excel Remote Code Execution Vulnerability | ||||