Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows
Subscriptions
Total
9054 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-22035 | 2 Greenshot, Microsoft | 2 Greenshot, Windows | 2026-01-08 | 7.8 High |
| Greenshot is an open source Windows screenshot utility. Versions 1.3.310 and below arvulnerable to OS Command Injection through unsanitized filename processing. The FormatArguments method in ExternalCommandDestination.cs:269 uses string.Format() to insert user-controlled filenames directly into shell commands without sanitization, allowing attackers to execute arbitrary commands by crafting malicious filenames containing shell metacharacters. This issue is fixed in version 1.3.311. | ||||
| CVE-2025-4056 | 3 Gnome, Microsoft, Redhat | 3 Glib, Windows, Enterprise Linux | 2026-01-08 | 7.5 High |
| A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to spawn a program using long command lines. | ||||
| CVE-2025-41246 | 2 Microsoft, Vmware | 2 Windows, Tools | 2026-01-07 | 7.6 High |
| VMware Tools for Windows contains an improper authorisation vulnerability due to the way it handles user access controls. A malicious actor with non-administrative privileges on a guest VM, who is already authenticated through vCenter or ESX may exploit this issue to access other guest VMs. Successful exploitation requires knowledge of credentials of the targeted VMs and vCenter or ESX. | ||||
| CVE-2025-27713 | 2 Intel, Microsoft | 5 Qat Driver, Qat Driver Firmware, Qat Drivers and 2 more | 2026-01-07 | 7.8 High |
| Out-of-bounds write for some Intel(R) QAT Windows software before version 2.6.0. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | ||||
| CVE-2025-64785 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2026-01-07 | 7.8 High |
| Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. If the application uses a search path to locate critical resources such as programs, an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue does not require user interaction. | ||||
| CVE-2025-55678 | 1 Microsoft | 30 Directx, Windows, Windows 10 and 27 more | 2026-01-07 | 7 High |
| Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55680 | 1 Microsoft | 22 Windows, Windows 10, Windows 10 1809 and 19 more | 2026-01-07 | 7.8 High |
| Time-of-check time-of-use (toctou) race condition in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-58726 | 1 Microsoft | 30 Windows, Windows 10, Windows 10 1507 and 27 more | 2026-01-07 | 7.5 High |
| Improper access control in Windows SMB Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-58737 | 1 Microsoft | 11 Remote Desktop, Windows, Windows Server and 8 more | 2026-01-07 | 7 High |
| Use after free in Windows Remote Desktop allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-11235 | 2 Microsoft, Progress | 2 Windows, Moveit Transfer | 2026-01-07 | 3.7 Low |
| Unverified Password Change vulnerability in Progress MOVEit Transfer on Windows (REST API modules).This issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.3, from 2023.0.0 before 2023.0.8, from 2022.1.0 before 2022.1.11, from 2022.0.0 before 2022.0.10. | ||||
| CVE-2025-55311 | 3 Apple, Foxit, Microsoft | 4 Macos, Pdf Editor, Pdf Reader and 1 more | 2026-01-07 | 6.5 Medium |
| An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can use JavaScript to alter annotation content and subsequently clear the file's modification status via JavaScript interfaces. This circumvents digital signature verification by hiding document modifications, allowing an attacker to mislead users about the document's integrity and compromise the trustworthiness of signed PDFs. | ||||
| CVE-2026-20893 | 2 Fujitsu, Microsoft | 2 Security Solution Authconductor Client Basic V2, Windows | 2026-01-07 | N/A |
| Origin validation error issue exists in Fujitsu Security Solution AuthConductor Client Basic V2 2.0.25.0 and earlier. If this vulnerability is exploited, an attacker who can log in to the Windows system where the affected product is installed may execute arbitrary code with SYSTEM privilege and/or modify the registry value. | ||||
| CVE-2025-67703 | 3 Esri, Linux, Microsoft | 4 Arcgis Server, Linux, Linux Kernel and 1 more | 2026-01-06 | 6.1 Medium |
| There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser. | ||||
| CVE-2025-67704 | 3 Esri, Linux, Microsoft | 4 Arcgis Server, Linux, Linux Kernel and 1 more | 2026-01-06 | 6.1 Medium |
| There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser. | ||||
| CVE-2025-67705 | 3 Esri, Linux, Microsoft | 4 Arcgis Server, Linux, Linux Kernel and 1 more | 2026-01-06 | 6.1 Medium |
| There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser. | ||||
| CVE-2025-67706 | 3 Esri, Linux, Microsoft | 4 Arcgis Server, Linux, Linux Kernel and 1 more | 2026-01-06 | 5.6 Medium |
| ArcGIS Server version 11.5 and earlier on Windows and Linux does not properly validate uploaded files file, which allows remote attackers to upload arbitrary files. | ||||
| CVE-2025-67707 | 3 Esri, Linux, Microsoft | 4 Arcgis Server, Linux, Linux Kernel and 1 more | 2026-01-06 | 5.6 Medium |
| ArcGIS Server version 11.5 and earlier on Windows and Linux does not properly validate uploaded files file, which allows remote attackers to upload arbitrary files. | ||||
| CVE-2025-67708 | 3 Esri, Linux, Microsoft | 4 Arcgis Server, Linux, Linux Kernel and 1 more | 2026-01-06 | 6.1 Medium |
| There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser. | ||||
| CVE-2025-67709 | 3 Esri, Linux, Microsoft | 4 Arcgis Server, Linux, Linux Kernel and 1 more | 2026-01-06 | 6.1 Medium |
| There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser. | ||||
| CVE-2025-67710 | 3 Esri, Linux, Microsoft | 4 Arcgis Server, Linux, Linux Kernel and 1 more | 2026-01-06 | 6.1 Medium |
| There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser. | ||||