Filtered by vendor Microsoft
Subscriptions
Total
22765 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-62223 | 1 Microsoft | 1 Edge Chromium | 2025-12-10 | 4.3 Medium |
| User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-62459 | 1 Microsoft | 1 365 Defender Portal | 2025-12-10 | 8.3 High |
| Microsoft Defender Portal Spoofing Vulnerability | ||||
| CVE-2025-64655 | 1 Microsoft | 1 Dynamics Omnichannel Sdk Storage Containers | 2025-12-10 | 8.8 High |
| Improper authorization in Dynamics OmniChannel SDK Storage Containers allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-53841 | 2 Akamai, Microsoft | 2 Guardicore Platform Agent, Windows | 2025-12-10 | 7.8 High |
| The GC-AGENTS-SERVICE running as part of AkamaiĀ“s Guardicore Platform Agent for Windows versions prior to v49.20.1, v50.15.0, v51.12.0, v52.2.0 is affected by a local privilege escalation vulnerability. The service will attempt to read an OpenSSL configuration file from a non-existent location that standard Windows users have default write access to. This allows an unprivileged local user to create a crafted "openssl.cnf" file in that location and, by specifying the path to a custom DLL file in a custom OpenSSL engine definition, execute arbitrary commands with the privileges of the Guardicore Agent process. Since Guardicore Agent runs with SYSTEM privileges, this permits an unprivileged user to fully elevate privileges to SYSTEM level in this manner. | ||||
| CVE-2025-62567 | 1 Microsoft | 20 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 17 more | 2025-12-10 | 5.3 Medium |
| Integer underflow (wrap or wraparound) in Windows Hyper-V allows an authorized attacker to deny service over a network. | ||||
| CVE-2025-62550 | 1 Microsoft | 1 Azure Monitor Agent | 2025-12-10 | 8.8 High |
| Out-of-bounds write in Azure Monitor Agent allows an authorized attacker to execute code over a network. | ||||
| CVE-2025-62570 | 1 Microsoft | 5 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 2 more | 2025-12-10 | 7.1 High |
| Improper access control in Windows Camera Frame Server Monitor allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-62571 | 1 Microsoft | 23 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 20 more | 2025-12-10 | 7.8 High |
| Improper input validation in Windows Installer allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-62572 | 1 Microsoft | 5 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 2 more | 2025-12-10 | 7.8 High |
| Out-of-bounds read in Application Information Services allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-62573 | 1 Microsoft | 18 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 15 more | 2025-12-10 | 7 High |
| Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-64661 | 1 Microsoft | 18 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 15 more | 2025-12-10 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-64670 | 1 Microsoft | 14 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 11 more | 2025-12-10 | 6.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Microsoft Graphics Component allows an authorized attacker to disclose information over a network. | ||||
| CVE-2025-64673 | 1 Microsoft | 16 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 13 more | 2025-12-10 | 7.8 High |
| Improper access control in Storvsp.sys Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-64678 | 1 Microsoft | 23 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 20 more | 2025-12-10 | 8.8 High |
| Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-62461 | 1 Microsoft | 16 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 13 more | 2025-12-10 | 7.8 High |
| Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-62462 | 1 Microsoft | 16 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 13 more | 2025-12-10 | 7.8 High |
| Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-62463 | 1 Microsoft | 14 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 11 more | 2025-12-10 | 6.5 Medium |
| Null pointer dereference in Windows DirectX allows an authorized attacker to deny service locally. | ||||
| CVE-2025-62464 | 1 Microsoft | 16 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 13 more | 2025-12-10 | 7.8 High |
| Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-62465 | 1 Microsoft | 10 Windows 11 23h2, Windows 11 23h2, Windows 11 24h2 and 7 more | 2025-12-10 | 6.5 Medium |
| Null pointer dereference in Windows DirectX allows an authorized attacker to deny service locally. | ||||
| CVE-2025-62554 | 1 Microsoft | 9 365 Apps, Office, Office 2016 and 6 more | 2025-12-10 | 8.4 High |
| Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||