Filtered by vendor Microsoft
Subscriptions
Total
22829 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-13433 | 2 Microsoft, Muse | 2 Windows, Musehub | 2025-11-24 | 7 High |
| A security flaw has been discovered in Muse Group MuseHub 2.1.0.1567. The affected element is an unknown function of the file C:\Program Files\WindowsApps\Muse.MuseHub_2.1.0.1567_x64__rb9pth70m6nz6\Muse.Updater.exe of the component Windows Service. The manipulation results in unquoted search path. The attack is only possible with local access. A high complexity level is associated with this attack. The exploitability is described as difficult. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2014-0546 | 2 Adobe, Microsoft | 3 Acrobat, Acrobat Reader, Windows | 2025-11-22 | 8.8 High |
| Adobe Reader and Acrobat 10.x before 10.1.11 and 11.x before 11.0.08 on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context, via unspecified vectors. | ||||
| CVE-2011-2462 | 5 Adobe, Apple, Microsoft and 2 more | 6 Acrobat, Acrobat Reader, Mac Os X and 3 more | 2025-11-22 | 8.8 High |
| Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011. | ||||
| CVE-2025-12905 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-11-21 | 5.4 Medium |
| Inappropriate implementation in Downloads in Google Chrome on Windows prior to 140.0.7339.80 allowed a remote attacker to bypass Mark of the Web via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2025-59251 | 1 Microsoft | 1 Edge Chromium | 2025-11-21 | 7.6 High |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | ||||
| CVE-2025-55322 | 1 Microsoft | 1 Omniparser | 2025-11-21 | 7.3 High |
| Binding to an unrestricted ip address in GitHub allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-54914 | 1 Microsoft | 2 Azure, Azure Networking | 2025-11-21 | 10 Critical |
| Azure Networking Elevation of Privilege Vulnerability | ||||
| CVE-2025-53804 | 1 Microsoft | 25 Windows, Windows 10, Windows 10 1507 and 22 more | 2025-11-21 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-53803 | 1 Microsoft | 25 Windows, Windows 10, Windows 10 1507 and 22 more | 2025-11-21 | 5.5 Medium |
| Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-47997 | 1 Microsoft | 4 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 1 more | 2025-11-21 | 6.5 Medium |
| Concurrent execution using shared resource with improper synchronization ('race condition') in SQL Server allows an authorized attacker to disclose information over a network. | ||||
| CVE-2025-49728 | 1 Microsoft | 1 Pc Manager | 2025-11-21 | 4 Medium |
| Cleartext storage of sensitive information in Microsoft PC Manager allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2025-47967 | 2 Google, Microsoft | 3 Android, Edge, Edge Chromium | 2025-11-21 | 4.7 Medium |
| Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-55226 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2025-11-21 | 6.7 Medium |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to execute code locally. | ||||
| CVE-2025-54906 | 1 Microsoft | 12 365 Apps, Office, Office 2016 and 9 more | 2025-11-21 | 7.8 High |
| Free of memory not on the heap in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-54897 | 1 Microsoft | 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 | 2025-11-21 | 8.8 High |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||||
| CVE-2014-0496 | 3 Adobe, Apple, Microsoft | 3 Acrobat, Mac Os X, Windows | 2025-11-21 | 8.8 High |
| Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2017-20201 | 2 Microsoft, Piriform | 2 Windows, Ccleaner | 2025-11-21 | N/A |
| CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 (32-bit builds) contained a malicious pre-entry-point loader that diverts execution from __scrt_common_main_seh into a custom loader. That loader decodes an embedded blob into shellcode, allocates executable heap memory, resolves Windows API functions at runtime, and transfers execution to an in-memory payload. The payload performs anti-analysis checks, gathers host telemetry, encodes the data with a two-stage obfuscation, and attempts HTTPS exfiltration to hard-coded C2 servers or month-based DGA domains. Potential impacts include remote data collection and exfiltration, stealthy in-memory execution and persistence, and potential lateral movement. CCleaner was developed by Piriform, which was acquired by Avast in July 2017; Avast later merged with NortonLifeLock to form the parent company now known as Gen Digital. According to vendor advisories, the compromised CCleaner build was released on August 15, 2017 and remediated on September 12, 2017 with v5.34; the compromised CCleaner Cloud build was released on August 24, 2017 and remediated on September 15, 2017 with v1.07.3214. | ||||
| CVE-2025-4056 | 3 Gnome, Microsoft, Redhat | 3 Glib, Windows, Enterprise Linux | 2025-11-21 | 3.7 Low |
| A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to spawn a program using long command lines. | ||||
| CVE-2025-50165 | 1 Microsoft | 6 Server, Windows, Windows 11 24h2 and 3 more | 2025-11-21 | 9.8 Critical |
| Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2013-10047 | 3 Microsoft, Miniweb2, Miniweb Http Server Project | 3 Windows, Miniweb, Miniweb Http Server | 2025-11-20 | N/A |
| An unrestricted file upload vulnerability exists in MiniWeb HTTP Server <= Build 300 that allows unauthenticated remote attackers to upload arbitrary files to the server’s filesystem. By abusing the upload handler and crafting a traversal path, an attacker can place a malicious .exe in system32, followed by a .mof file in the WMI directory. This triggers execution of the payload with SYSTEM privileges via the Windows Management Instrumentation service. The exploit is only viable on Windows versions prior to Vista. | ||||