Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Security Vulnerabilities324568
CVE-2025-63666
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.09% / 26.89%
||
7 Day CHG+0.03%
Published-12 Nov, 2025 | 00:00
Updated-18 Nov, 2025 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC15 v15.03.05.18_multi) issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim browser can steal the cookie and replay it to access protected resources.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac15ac15_firmwaren/a
CWE ID-CWE-284
Improper Access Control
CVE-2025-61835
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.82%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 20:43
Updated-11 Dec, 2025 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Substance3D - Stager | Integer Underflow (Wrap or Wraparound) (CWE-191)

Substance3D - Stager versions 3.1.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-windowssubstance_3d_stagermacosSubstance3D - Stager
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2025-61833
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.82%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 20:43
Updated-11 Dec, 2025 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Substance3D - Stager | Out-of-bounds Read (CWE-125)

Substance3D - Stager versions 3.1.5 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-windowssubstance_3d_stagermacosSubstance3D - Stager
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-64531
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.49%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 20:43
Updated-11 Dec, 2025 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Substance3D - Stager | Use After Free (CWE-416)

Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-windowssubstance_3d_stagermacosSubstance3D - Stager
CWE ID-CWE-416
Use After Free
CVE-2025-61834
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.49%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 20:43
Updated-11 Dec, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Substance3D - Stager | Use After Free (CWE-416)

Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-windowssubstance_3d_stagermacosSubstance3D - Stager
CWE ID-CWE-416
Use After Free
CVE-2025-40827
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.5||HIGH
EPSS-0.02% / 3.68%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 20:20
Updated-12 Nov, 2025 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Siemens Software Center (All versions < V3.5), Solid Edge SE2025 (All versions < V225.0 Update 10). The affected application is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code via placing a crafted DLL file on the system.

Action-Not Available
Vendor-Siemens AG
Product-Solid Edge SE2025Siemens Software Center
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-40817
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-7.1||HIGH
EPSS-0.04% / 10.26%
||
7 Day CHG-0.01%
Published-11 Nov, 2025 | 20:20
Updated-12 Nov, 2025 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA2) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA2) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA2) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA2) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2) (All versions). Affected devices do not conduct certain validations when interacting with them. This could allow an unauthenticated remote attacker to change time of the device, which means the device could behave differently.

Action-Not Available
Vendor-Siemens AG
Product-LOGO! 24CESIPLUS LOGO! 12/24RCESIPLUS LOGO! 12/24RCEoSIPLUS LOGO! 230RCEoLOGO! 12/24RCEoLOGO! 24RCESIPLUS LOGO! 24RCEoSIPLUS LOGO! 24RCELOGO! 230RCEoSIPLUS LOGO! 24CEoLOGO! 12/24RCELOGO! 24RCEoLOGO! 24CEoLOGO! 230RCESIPLUS LOGO! 230RCESIPLUS LOGO! 24CE
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-40816
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-7.2||HIGH
EPSS-0.06% / 18.39%
||
7 Day CHG-0.03%
Published-11 Nov, 2025 | 20:20
Updated-12 Nov, 2025 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA2) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA2) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA2) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA2) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2) (All versions). Affected devices do not conduct certain validations when interacting with them. This could allow an unauthenticated remote attacker to manipulate the devices IP address, which means the device would not be reachable.

Action-Not Available
Vendor-Siemens AG
Product-LOGO! 24CESIPLUS LOGO! 12/24RCESIPLUS LOGO! 12/24RCEoSIPLUS LOGO! 230RCEoLOGO! 12/24RCEoLOGO! 24RCESIPLUS LOGO! 24RCEoSIPLUS LOGO! 24RCELOGO! 230RCEoSIPLUS LOGO! 24CEoLOGO! 12/24RCELOGO! 24RCEoLOGO! 24CEoLOGO! 230RCESIPLUS LOGO! 230RCESIPLUS LOGO! 24CE
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-40815
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.6||HIGH
EPSS-0.06% / 17.71%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 20:20
Updated-12 Nov, 2025 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA2) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA2) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA2) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA2) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2) (All versions). Affected devices do not properly validate the structure of TCP packets in several methods. This could allow an attacker to cause buffer overflows, get control over the instruction counter and run custom code.

Action-Not Available
Vendor-Siemens AG
Product-LOGO! 24CESIPLUS LOGO! 12/24RCESIPLUS LOGO! 12/24RCEoSIPLUS LOGO! 230RCEoLOGO! 12/24RCEoLOGO! 24RCESIPLUS LOGO! 24RCEoSIPLUS LOGO! 24RCELOGO! 230RCEoSIPLUS LOGO! 24CEoLOGO! 12/24RCELOGO! 24RCEoLOGO! 24CEoLOGO! 230RCESIPLUS LOGO! 230RCESIPLUS LOGO! 24CE
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-40763
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.5||HIGH
EPSS-0.02% / 3.55%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 20:20
Updated-12 Nov, 2025 | 18:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Altair Grid Engine (All versions < V2026.0.0). Affected products do not properly validate environment variables when loading shared libraries, allowing path hijacking through malicious library substitution. This could allow a local attacker to execute arbitrary code with superuser privileges by manipulating the environment variable and placing a malicious library in the controlled path.

Action-Not Available
Vendor-Siemens AG
Product-Altair Grid Engine
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-40760
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-6.8||MEDIUM
EPSS-0.02% / 3.95%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 20:20
Updated-12 Nov, 2025 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Altair Grid Engine (All versions < V2026.0.0). Affected products do not properly handle error messages and discloses sensitive password hash information when processing user authentication requests. This could allow a local attacker to extract password hashes for privileged accounts, which can then be subjected to offline brute-force attacks.

Action-Not Available
Vendor-Siemens AG
Product-Altair Grid Engine
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2025-40744
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.02% / 5.62%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 20:20
Updated-12 Nov, 2025 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 11). Affected applications do not properly validate client certificates to connect to License Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks.

Action-Not Available
Vendor-Siemens AG
Product-Solid Edge SE2025
CWE ID-CWE-295
Improper Certificate Validation
CVE-2024-32014
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-5.6||MEDIUM
EPSS-0.01% / 2.41%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 20:20
Updated-12 Nov, 2025 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to alter the local database which contains the application credentials. This allows an attacker to gain administrative application privileges.

Action-Not Available
Vendor-Siemens AG
Product-Spectrum Power 4
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2024-32011
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.08% / 24.47%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 20:20
Updated-12 Nov, 2025 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to run arbitrary commands via the user interface. This user interface can be used via the network and allows the execution of commands as administrative application user.

Action-Not Available
Vendor-Siemens AG
Product-Spectrum Power 4
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2024-32010
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.5||HIGH
EPSS-0.01% / 2.54%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 20:20
Updated-12 Nov, 2025 | 21:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to extraction of database credentials via a world-readable credential file. This allows an attacker to connect to the database as privileged application user and to run system commands via the database.

Action-Not Available
Vendor-Siemens AG
Product-Spectrum Power 4
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2024-32009
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.47%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 20:20
Updated-12 Nov, 2025 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to a local privilege escalation due to wrongly set permissions to a binary which allows any local attacker to gain administrative privileges.

Action-Not Available
Vendor-Siemens AG
Product-Spectrum Power 4
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2024-32008
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.5||HIGH
EPSS-0.01% / 2.19%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 20:20
Updated-12 Nov, 2025 | 21:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to a local privilege escalation due to an exposed debug interface on the localhost. This allows any local user to gain code execution as administrative application user.

Action-Not Available
Vendor-Siemens AG
Product-Spectrum Power 4
CWE ID-CWE-648
Incorrect Use of Privileged APIs
CVE-2025-41116
Assigner-Grafana Labs
ShareView Details
Assigner-Grafana Labs
CVSS Score-2.1||LOW
EPSS-0.05% / 17.07%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 20:18
Updated-19 Nov, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect oauth passthrough in Grafana Databricks Datasource

When using the Grafana Databricks Datasource Plugin, if Oauth passthrough is enabled on the datasource, and multiple users are using the same datasource at the same time on a single Grafana instance, it  could result in  the wrong user identifier being used, and information for which the viewer is not authorized being returned.  This issue affects Grafana Databricks Datasource Plugin: from 1.6.0 before 1.12.0

Action-Not Available
Vendor-Grafana Labs
Product-Grafana Databricks Datasource Plugin
CWE ID-CWE-653
Improper Isolation or Compartmentalization
CVE-2025-3717
Assigner-Grafana Labs
ShareView Details
Assigner-Grafana Labs
CVSS Score-2.1||LOW
EPSS-0.05% / 17.07%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 20:17
Updated-12 Nov, 2025 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect oauth passthrough in Grafana Snowflake Datasource

When using the Grafana Snowflake Datasource Plugin, if Oauth passthrough is enabled on the datasource, and multiple users are using the same datasource at the same time on a single Grafana instance, it  could result in  the wrong user identifier being used, and information for which the viewer is not authorized being returned.  This issue affects Grafana Snowflake Datasource Plugin: from 1.5.0 before 1.14.1.

Action-Not Available
Vendor-Grafana Labs
Product-Grafana Snowflake Datasource Plugin
CWE ID-CWE-653
Improper Isolation or Compartmentalization
CVE-2025-12748
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.78%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 19:49
Updated-17 Nov, 2025 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libvirt: denial of service in xml parsing

A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too much memory on the host. The excessive memory consumption could lead to a libvirt process crash on the host, resulting in a denial-of-service condition.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 10Red Hat Enterprise Linux 6Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-61843
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.21%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 18:58
Updated-14 Nov, 2025 | 15:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Format Plugins | Out-of-bounds Read (CWE-125)

Format Plugins versions 1.1.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-format_pluginsFormat Plugins
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-61839
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.82%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 18:58
Updated-14 Nov, 2025 | 15:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Format Plugins | Out-of-bounds Read (CWE-125)

Format Plugins versions 1.1.1 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-format_pluginsFormat Plugins
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-61845
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.21%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 18:58
Updated-14 Nov, 2025 | 15:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Format Plugins | Out-of-bounds Read (CWE-125)

Format Plugins versions 1.1.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-format_pluginsFormat Plugins
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-61840
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.21%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 18:58
Updated-14 Nov, 2025 | 15:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Format Plugins | Out-of-bounds Read (CWE-125)

Format Plugins versions 1.1.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-format_pluginsFormat Plugins
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-61837
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.82%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 18:58
Updated-14 Nov, 2025 | 15:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Format Plugins | Heap-based Buffer Overflow (CWE-122)

Format Plugins versions 1.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-format_pluginsFormat Plugins
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-61838
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.82%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 18:58
Updated-14 Nov, 2025 | 15:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Format Plugins | Heap-based Buffer Overflow (CWE-122)

Format Plugins versions 1.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-format_pluginsFormat Plugins
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-61841
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.21%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 18:58
Updated-14 Nov, 2025 | 15:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Format Plugins | Out-of-bounds Read (CWE-125)

Format Plugins versions 1.1.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive memory information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-format_pluginsFormat Plugins
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-61842
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 9.88%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 18:58
Updated-14 Nov, 2025 | 15:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Format Plugins | Use After Free (CWE-416)

Format Plugins versions 1.1.1 and earlier are affected by a Use After Free vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-format_pluginsFormat Plugins
CWE ID-CWE-416
Use After Free
CVE-2025-61844
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.21%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 18:58
Updated-14 Nov, 2025 | 15:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Format Plugins | Out-of-bounds Read (CWE-125)

Format Plugins versions 1.1.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-format_pluginsFormat Plugins
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-61830
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.1||HIGH
EPSS-0.04% / 12.97%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 18:28
Updated-10 Dec, 2025 | 04:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Pass | Incorrect Authorization (CWE-863)

Adobe Pass versions 3.7.3 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access. Exploitation of this issue requires user interaction in that a victim must install a malicious SDK.

Action-Not Available
Vendor-Adobe Inc.
Product-Adobe Pass
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-30398
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-0.05% / 14.17%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:59
Updated-09 Dec, 2025 | 22:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nuance PowerScribe 360 Information Disclosure Vulnerability

Missing authorization in Nuance PowerScribe allows an unauthorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-Nuance PowerScribe 360 version 4.0.4Nuance PowerScribe 360 version 4.0.3Nuance PowerScribe 360 version 4.0.5Nuance PowerScribe One version 2019.6Nuance PowerScribe One version 2019.3Nuance PowerScribe 360 version 4.0.2Nuance PowerScribe One version 2019.10Nuance PowerScribe One version 2019.9Nuance PowerScribe 360 version 4.0.9Nuance PowerScribe One version 2019.8Nuance PowerScribe One version 2019.2Nuance PowerScribe One version 2019.4Nuance PowerScribe 360 version 4.0.7Nuance PowerScribe One version 2019.1Nuance PowerScribe 360 version 4.0.1Nuance PowerScribe 360 version 4.0.8Nuance PowerScribe One version 2019.7PowerScribe One version 2023.1 SP2 Patch 7Nuance PowerScribe One version 2019.5Nuance PowerScribe 360 version 4.0.6
CWE ID-CWE-862
Missing Authorization
CVE-2025-62453
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-5||MEDIUM
EPSS-0.06% / 19.23%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:59
Updated-09 Dec, 2025 | 22:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability

Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_codeVisual Studio Code
CWE ID-CWE-1426
Improper Validation of Generative AI Output
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-60721
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.46%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:59
Updated-11 Dec, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Administrator Protection Elevation of Privilege Vulnerability

Privilege context switching error in Windows Administrator Protection allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_11_25h2Windows 11 Version 24H2Windows 11 Version 25H2
CWE ID-CWE-270
Privilege Context Switching Error
CVE-2025-62449
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.04% / 11.80%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:59
Updated-09 Dec, 2025 | 22:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability

Improper limitation of a pathname to a restricted directory ('path traversal') in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-github_copilot_chatMicrosoft Visual Studio Code CoPilot Chat Extension
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-62222
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.25% / 48.11%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:59
Updated-11 Dec, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Agentic AI and Visual Studio Code Remote Code Execution Vulnerability

Improper neutralization of special elements used in a command ('command injection') in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-github_copilot_chatMicrosoft Visual Studio Code CoPilot Chat Extension
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-62213
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.07% / 21.64%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:59
Updated-11 Dec, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_11_25h2windows_server_2025windows_10_22h2windows_11_23h2windows_10_1607windows_server_2022windows_server_2019windows_server_2016windows_server_2008windows_server_2022_23h2windows_10_21h2windows_server_2012windows_10_1809Windows 11 Version 24H2Windows Server 2016 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2025Windows Server 2012Windows 11 Version 25H2Windows Server 2016Windows 10 Version 1607Windows 10 Version 21H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2008 Service Pack 2Windows 11 version 22H3Windows Server 2019Windows Server 2022Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows 10 Version 1809Windows Server 2025 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-416
Use After Free
CVE-2025-62215
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.79% / 73.22%
||
7 Day CHG-0.13%
Published-11 Nov, 2025 | 17:59
Updated-09 Dec, 2025 | 22:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-12-03||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Windows Kernel Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_22h2windows_10_1809windows_10_21h2windows_server_2022_23h2windows_11_24h2windows_11_25h2windows_server_2022windows_server_2025windows_server_2019windows_11_23h2Windows 11 Version 24H2Windows 11 version 22H3Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2022Windows 10 Version 21H2Windows Server 2019Windows Server 2025Windows 10 Version 22H2Windows 11 Version 25H2Windows 10 Version 1809Windows Server 2025 (Server Core installation)Windows
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-415
Double Free
CVE-2025-62214
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 16.96%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:59
Updated-11 Dec, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Remote Code Execution Vulnerability

Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_2022Microsoft Visual Studio 2022 version 17.14
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-62211
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.7||HIGH
EPSS-0.06% / 18.12%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:59
Updated-11 Dec, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dynamics 365 Field Service (online) Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-dynamics_365Dynamics 365 Field Service (online)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-59499
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.55%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:59
Updated-11 Dec, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SQL Server Elevation of Privilege Vulnerability

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_2017sql_server_2022sql_server_2016sql_server_2019Microsoft SQL Server 2019 (GDR)Microsoft SQL Server 2017 (GDR)Microsoft SQL Server 2016 Service Pack 3 (GDR)Microsoft SQL Server 2019 (CU 32)Microsoft SQL Server 2022 (CU 21)Microsoft SQL Server 2017 (CU 31)Microsoft SQL Server 2022 (GDR)Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-62209
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.85%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:59
Updated-09 Dec, 2025 | 22:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows License Manager Information Disclosure Vulnerability

Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_11_25h2windows_server_2025windows_10_22h2windows_11_23h2windows_11_22h2windows_10_1607windows_server_2022windows_server_2019windows_server_2016windows_10_21h2windows_server_2022_23h2windows_10_1809windows_10_1507Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 1809Windows 11 Version 25H2Windows Server 2025 (Server Core installation)Windows 11 version 22H2Windows 11 Version 24H2Windows 11 version 22H3Windows 10 Version 1607Windows Server 2022Windows 10 Version 1507Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2025Windows 10 Version 22H2Windows Server 2016Windows 11 Version 23H2
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-62208
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.85%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:59
Updated-09 Dec, 2025 | 22:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows License Manager Information Disclosure Vulnerability

Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_11_25h2windows_server_2025windows_10_22h2windows_11_23h2windows_11_22h2windows_10_1607windows_server_2022windows_server_2019windows_server_2016windows_10_21h2windows_server_2022_23h2windows_10_1809windows_10_1507Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 1809Windows 11 Version 25H2Windows Server 2025 (Server Core installation)Windows 11 version 22H2Windows 11 Version 24H2Windows 11 version 22H3Windows 10 Version 1607Windows Server 2022Windows 10 Version 1507Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2025Windows 10 Version 22H2Windows Server 2016Windows 11 Version 23H2
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-62205
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.32%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:59
Updated-11 Dec, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Remote Code Execution Vulnerability

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsoffice_long_term_servicing_channelMicrosoft Office LTSC 2021Microsoft Office LTSC 2024Microsoft 365 Apps for Enterprise
CWE ID-CWE-416
Use After Free
CVE-2025-62204
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8||HIGH
EPSS-1.48% / 80.54%
||
7 Day CHG+0.19%
Published-11 Nov, 2025 | 17:59
Updated-11 Dec, 2025 | 15:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Server Subscription Edition
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-62203
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.32%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:59
Updated-11 Dec, 2025 | 15:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channelofficeexceloffice_online_server365_appsMicrosoft Office 2019Microsoft Excel 2016Office Online ServerMicrosoft 365 Apps for EnterpriseMicrosoft Office LTSC 2021Microsoft Office LTSC for Mac 2021Microsoft Office LTSC 2024Microsoft Office LTSC for Mac 2024
CWE ID-CWE-416
Use After Free
CVE-2025-62202
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.1||HIGH
EPSS-0.06% / 19.21%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:59
Updated-09 Dec, 2025 | 22:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Information Disclosure Vulnerability

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channelofficeexceloffice_online_server365_appsMicrosoft Office 2019Microsoft Office LTSC for Mac 2021Office Online ServerMicrosoft Excel 2016Microsoft Office LTSC 2024Microsoft Office LTSC for Mac 2024Microsoft Office LTSC 2021Microsoft 365 Apps for Enterprise
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-62201
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.32%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:59
Updated-11 Dec, 2025 | 15:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channelofficeexceloffice_online_server365_appsMicrosoft Office 2019Microsoft Excel 2016Office Online ServerMicrosoft 365 Apps for EnterpriseMicrosoft Office LTSC 2021Microsoft Office LTSC for Mac 2021Microsoft Office LTSC 2024Microsoft Office LTSC for Mac 2024
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-62200
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.32%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:59
Updated-11 Dec, 2025 | 15:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channelofficeexceloffice_online_server365_appsMicrosoft Excel 2016Microsoft Office 2019Office Online ServerMicrosoft 365 Apps for EnterpriseMicrosoft Office LTSC 2021Microsoft Office LTSC 2024
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2025-60724
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.14% / 35.20%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:59
Updated-11 Dec, 2025 | 15:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GDI+ Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_11_25h2windows_server_2025windows_10_1607windows_server_2016windows_server_2022_23h2windows_10_21h2windows_10_1809office_long_term_servicing_channelwindows_10_22h2windows_11_23h2officewindows_server_2022windows_server_2019windows_server_2008windows_server_2012Windows 11 Version 24H2Windows Server 2016 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2025Windows Server 2012Windows 11 Version 25H2Windows Server 2016Windows 10 Version 1607Windows 10 Version 21H2Microsoft Office for AndroidWindows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Microsoft Office LTSC for Mac 2024Windows Server 2008 Service Pack 2Windows 11 version 22H3Windows Server 2019Windows Server 2022Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2008 R2 Service Pack 1Microsoft Office LTSC for Mac 2021Windows Server 2012 R2Windows 10 Version 1809Windows Server 2025 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-60723
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.08% / 23.03%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:59
Updated-09 Dec, 2025 | 22:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DirectX Graphics Kernel Denial of Service Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to deny service over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_11_25h2windows_server_2025windows_10_22h2windows_11_23h2windows_server_2022windows_server_2019windows_10_21h2windows_server_2022_23h2windows_10_1809Windows 11 Version 24H2Windows 11 version 22H3Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2022Windows 10 Version 21H2Windows Server 2019Windows Server 2025Windows 10 Version 22H2Windows 11 Version 25H2Windows 10 Version 1809Windows Server 2025 (Server Core installation)
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-416
Use After Free
CVE-2025-60720
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.91%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:59
Updated-11 Dec, 2025 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Transport Driver Interface (TDI) Translation Driver Elevation of Privilege Vulnerability

Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_11_25h2windows_server_2025windows_10_22h2windows_11_23h2windows_10_1607windows_server_2022windows_server_2019windows_server_2016windows_server_2008windows_server_2022_23h2windows_10_21h2windows_server_2012windows_10_1809Windows 11 Version 24H2Windows Server 2016 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2025Windows Server 2012Windows 11 Version 25H2Windows Server 2016Windows 10 Version 1607Windows 10 Version 21H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2008 Service Pack 2Windows 11 version 22H3Windows Server 2019Windows Server 2022Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows 10 Version 1809Windows Server 2025 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-126
Buffer Over-read
  • Previous
  • 1
  • 2
  • ...
  • 131
  • 132
  • 133
  • ...
  • 6491
  • 6492
  • Next