Filtered by vendor Microsoft
Subscriptions
Total
22195 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-53760 | 1 Microsoft | 3 Sharepoint Enterprise Server 2016, Sharepoint Server, Sharepoint Server 2019 | 2025-09-17 | 7.1 High |
| Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-53759 | 1 Microsoft | 11 365, 365 Apps, Excel and 8 more | 2025-09-17 | 7.8 High |
| Use of uninitialized resource in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-53741 | 1 Microsoft | 13 365, 365 Apps, Excel and 10 more | 2025-09-17 | 7.8 High |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-53730 | 1 Microsoft | 8 365, 365 Apps, Office and 5 more | 2025-09-17 | 7.8 High |
| Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-33051 | 1 Microsoft | 1 Exchange Server | 2025-09-17 | 7.5 High |
| Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-53729 | 1 Microsoft | 1 Azure File Sync | 2025-09-17 | 7.8 High |
| Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-53727 | 1 Microsoft | 6 Sql 2016 Azure Connect Feature Pack, Sql Server, Sql Server 2016 and 3 more | 2025-09-17 | 8.8 High |
| Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-49758 | 1 Microsoft | 6 Sql 2016 Azure Connect Feature Pack, Sql Server, Sql Server 2016 and 3 more | 2025-09-17 | 8.8 High |
| Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-49745 | 1 Microsoft | 1 Dynamics 365 | 2025-09-17 | 5.4 Medium |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-49751 | 1 Microsoft | 19 Hyper-v, Server, Windows and 16 more | 2025-09-17 | 6.8 Medium |
| Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network. | ||||
| CVE-2024-0098 | 2 Microsoft, Nvidia | 2 Windows, Chatrtx | 2025-09-17 | 5.5 Medium |
| NVIDIA ChatRTX for Windows contains a vulnerability in the ChatRTX UI and backend, where a user can cause a clear-text transmission of sensitive information issue by data sniffing. A successful exploit of this vulnerability might lead to information disclosure. | ||||
| CVE-2025-57625 | 1 Microsoft | 1 Windows | 2025-09-17 | 8.8 High |
| CYRISMA Sensor before 444 for Windows has an Insecure Folder and File Permissions vulnerability. A low-privileged user can abuse these issues to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM by replacing DataSpotliteAgent.exe or any other binaries called by the Cyrisma_Agent service when it starts | ||||
| CVE-2024-0097 | 2 Microsoft, Nvidia | 2 Windows, Chatrtx | 2025-09-17 | 7.5 High |
| NVIDIA ChatRTX for Windows contains a vulnerability in ChatRTX UI, where a user can cause an improper privilege management issue by exploiting interprocess communication between different processes. A successful exploit of this vulnerability might lead to information disclosure, escalation of privileges, and data tampering. | ||||
| CVE-2024-0096 | 2 Microsoft, Nvidia | 2 Windows, Chatrtx | 2025-09-17 | 7.5 High |
| NVIDIA ChatRTX for Windows contains a vulnerability in Chat RTX UI, where a user can cause an improper privilege management issue by sending user inputs to change execution flow. A successful exploit of this vulnerability might lead to information disclosure, escalation of privileges, and data tampering. | ||||
| CVE-2025-9818 | 2 Microsoft, Omron | 2 Windows, Poweract Pro Master Agent | 2025-09-17 | 6.7 Medium |
| A vulnerability (CWE-428) has been identified in the Uninterruptible Power Supply (UPS) management application provided by OMRON SOCIAL SOLUTIONS Co., Ltd., where the executable file paths of Windows services are not enclosed in quotation marks. If the installation folder path of this product contains spaces, there is a possibility that unauthorized files may be executed under the service privileges by using paths containing spaces. | ||||
| CVE-2025-59307 | 2 Century, Microsoft | 2 Raid Manager, Windows | 2025-09-17 | N/A |
| RAID Manager provided by Century Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege. | ||||
| CVE-2025-30075 | 2 Microsoft, Mindmanager | 2 Windows, Mindmanager | 2025-09-17 | 2.2 Low |
| In Alludo MindManager before 25.0.208 on Windows, attackers could potentially execute code as other local users on the same machine if they could write DLL files to directories within victims' DLL search paths. | ||||
| CVE-2025-10491 | 2 Microsoft, Mongodb | 2 Windows, Mongodb | 2025-09-17 | 7.8 High |
| The MongoDB Windows installation MSI may leave ACLs unset on custom installation directories allowing a local attacker to introduce executable code to MongoDB's process via DLL hijacking. This issue affects MongoDB Server v6.0 version prior to 6.0.25, MongoDB Server v7.0 version prior to 7.0.21 and MongoDB Server v8.0 version prior to 8.0.5 | ||||
| CVE-2025-3025 | 2 Gen Digital, Microsoft | 2 Ccleaner, Windows | 2025-09-17 | 7.3 High |
| Elevation of Privileges in the cleaning feature of Gen Digital CCleaner version 6.33.11465 on Windows allows a local user to gain SYSTEM privileges via exploiting insecure file delete operations. Reported in CCleaner v. 6.33.11465. This issue affects CCleaner: before < 6.36.11508. | ||||
| CVE-2025-33053 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-09-16 | 8.8 High |
| External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network. | ||||