Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-49717

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-08 Jul, 2025 | 16:57
Updated At-26 Feb, 2026 | 18:27
Rejected At-
Credits

Microsoft SQL Server Remote Code Execution Vulnerability

Heap-based buffer overflow in SQL Server allows an authorized attacker to execute code over a network.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:08 Jul, 2025 | 16:57
Updated At:26 Feb, 2026 | 18:27
Rejected At:
▼CVE Numbering Authority (CNA)
Microsoft SQL Server Remote Code Execution Vulnerability

Heap-based buffer overflow in SQL Server allows an authorized attacker to execute code over a network.

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft SQL Server 2019 (CU 32)
Platforms
  • x64-based Systems
Versions
Affected
  • From 15.0.0.0 before 15.0.4435.7 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft SQL Server 2019 (GDR)
Platforms
  • x64-based Systems
Versions
Affected
  • From 15.0.0 before 15.0.2135.5 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft SQL Server 2022 (CU 19)
Platforms
  • x64-based Systems
Versions
Affected
  • From 16.0.0.0 before 16.0.4200.1 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft SQL Server 2022 (GDR)
Platforms
  • x64-based Systems
Versions
Affected
  • From 16.0.0 before 16.0.1140.6 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-122CWE-122: Heap-based Buffer Overflow
Type: CWE
CWE ID: CWE-122
Description: CWE-122: Heap-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
3.18.5HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Version: 3.1
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49717
vendor-advisory
patch
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49717
Resource:
vendor-advisory
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:08 Jul, 2025 | 17:15
Updated At:17 Jul, 2025 | 22:00

Heap-based buffer overflow in SQL Server allows an authorized attacker to execute code over a network.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.5HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CPE Matches
Microsoft Corporation
microsoft
>>sql_server_2019>>Versions from 15.0.2000.5(inclusive) to 15.0.2135.5(exclusive)
cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>sql_server_2019>>Versions from 15.0.4003.23(inclusive) to 15.0.4435.7(exclusive)
cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>sql_server_2022>>Versions from 16.0.1000.6(inclusive) to 16.0.1140.6(exclusive)
cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>sql_server_2022>>Versions from 16.0.4003.1(inclusive) to 16.0.4200.1(exclusive)
cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*
Weaknesses
CWE IDTypeSource
CWE-122Primarysecure@microsoft.com
CWE ID: CWE-122
Type: Primary
Source: secure@microsoft.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49717secure@microsoft.com
Vendor Advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49717
Source: secure@microsoft.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

749Records found
CVE-2022-28181
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-8.5||HIGH
EPSS-1.14% / 78.64%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 00:00
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsvirtual_gpulinux_kernelgpu_display_driverNVIDIA GPU Display Driver
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-1019
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.5||HIGH
EPSS-2.69% / 86.02%
||
7 Day CHG-0.10%
Published-12 Jun, 2019 | 13:49
Updated-20 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Windows Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. To exploit this vulnerability, an attacker could send a specially crafted authentication request. An attacker who successfully exploited this vulnerability could access another machine using the original user privileges. The issue has been addressed by changing how NTLM validates network authentication messages.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2016windows_7windows_rt_8.1windows_server_2019windows_8.1windows_server_2008windows_10Windows Server 2008 R2 Systems Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server, version 1803 (Server Core Installation)Windows Server 2019Windows Server 2012 R2Windows Server 2016Windows Server 2016 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 7 Service Pack 1Windows Server 2008 Service Pack 2Windows Server 2019 (Server Core installation)Windows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 10 Version 1607Windows Server 2008 Service Pack 2Windows Server, version 1903 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1507Windows Server 2012 (Server Core installation)Windows 10 Version 1709Windows 8.1Windows Server 2008 R2 Service Pack 1Windows Server 2012Windows 10 Version 1703Windows 7Windows 10 Version 1809
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-52452
Matching Score-8
Assigner-Salesforce, Inc.
ShareView Details
Matching Score-8
Assigner-Salesforce, Inc.
CVSS Score-8.5||HIGH
EPSS-0.14% / 34.33%
||
7 Day CHG+0.01%
Published-25 Jul, 2025 | 19:00
Updated-31 Oct, 2025 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salesforce Tableau Server on Windows, Linux (tabdoc api - duplicate-data-source modules) allows Absolute Path Traversal. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.

Action-Not Available
Vendor-tableauSalesforceLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelwindowstableau_serverTableau Server
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-21416
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.5||HIGH
EPSS-0.29% / 52.66%
||
7 Day CHG~0.00%
Published-30 Apr, 2025 | 17:14
Updated-26 Feb, 2026 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Virtual Desktop Elevation of Privilege Vulnerability

Missing authorization in Azure Virtual Desktop allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_virtual_desktopAzure Virtual Desktop
CWE ID-CWE-862
Missing Authorization
CVE-2023-25925
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.5||HIGH
EPSS-0.39% / 60.34%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 21:53
Updated-13 Dec, 2024 | 20:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Guardium Key Lifecycle Manager command injection

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 247632.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixsecurity_guardium_key_lifecycle_managerwindowslinux_kernelSecurity Guardium Key Lifecycle Managersecurity_guardium_key_lifecycle_manager
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-25921
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.5||HIGH
EPSS-0.09% / 25.05%
||
7 Day CHG~0.00%
Published-29 Feb, 2024 | 00:36
Updated-13 Dec, 2024 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Guardium Key Lifecycle Manager file upload

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 247620.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixsecurity_guardium_key_lifecycle_managerwindowslinux_kernelSecurity Guardium Key Lifecycle Managersecurity_guardium_key_lifecycle_manager
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-43479
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.5||HIGH
EPSS-0.60% / 69.68%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 16:54
Updated-31 Dec, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Power Automate Desktop Remote Code Execution Vulnerability

Microsoft Power Automate Desktop Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-power_automatePower Automate for Desktop
CWE ID-CWE-284
Improper Access Control
CVE-2021-34450
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.5||HIGH
EPSS-2.28% / 84.86%
||
7 Day CHG~0.00%
Published-16 Jul, 2021 | 20:19
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Hyper-V Remote Code Execution Vulnerability

Windows Hyper-V Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 1809Windows Server 2019Windows Server version 20H2Windows 10 Version 1909
CVE-2021-30480
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.5||HIGH
EPSS-9.10% / 92.74%
||
7 Day CHG~0.00%
Published-09 Apr, 2021 | 22:03
Updated-03 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat software, which is different from the chat feature of the Zoom Meetings and Zoom Video Webinars software.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationZoom Communications, Inc.
Product-windowschatmacosn/a
CVE-2022-41076
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.5||HIGH
EPSS-34.02% / 97.02%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-22 Jul, 2025 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PowerShell Remote Code Execution Vulnerability

PowerShell Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008powershellWindows Server 2012Windows 10 Version 22H2Windows 10 Version 1507Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2022Windows 11 version 22H2Windows Server 2016 (Server Core installation)PowerShell 7.2Windows 10 Version 20H2Windows Server 2016Windows 10 Version 21H2PowerShell 7.3Windows 10 Version 21H1Windows Server 2012 R2 (Server Core installation)Windows 7 Service Pack 1Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2 (Server Core installation)Windows 11 version 21H2Windows Server 2012 R2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows 7Windows Server 2019Windows Server 2019 (Server Core installation)Windows 10 Version 1607
CVE-2022-41127
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.5||HIGH
EPSS-2.02% / 83.96%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-22 Jul, 2025 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability

Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-dynamics_365_business_centraldynamics_navMicrosoft Dynamics 365 Business Central 2020 Release Wave 1Microsoft Dynamics NAV 2018Microsoft Dynamics 365 Business Central 2022 Release Wave 2Microsoft Dynamics 365 Business Central 2020 Release Wave 2Microsoft Dynamics 365 Business Central 2021 Release Wave 1Microsoft Dynamics 365 Business Central 2021 Release Wave 2Microsoft Dynamics NAV 2015Microsoft Dynamics 365 Business Central 2022 Release Wave 1Microsoft Dynamics NAV 2016Microsoft Dynamics NAV 2017Microsoft Dynamics NAV 2013 R2Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)Dynamics 365 Business Central Spring 2019 Update
CVE-2024-25699
Matching Score-8
Assigner-Environmental Systems Research Institute, Inc.
ShareView Details
Matching Score-8
Assigner-Environmental Systems Research Institute, Inc.
CVSS Score-8.5||HIGH
EPSS-1.59% / 81.86%
||
7 Day CHG~0.00%
Published-04 Apr, 2024 | 17:56
Updated-13 Feb, 2026 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Portal for ArcGIS has an invalid authentication vulnerability

There is a difficult‑to‑exploit improper authentication issue in the Home application for Esri Portal for ArcGIS versions 11.2 and below on Windows and Linux, and ArcGIS Enterprise versions 11.1 and below on Kubernetes, which under unique circumstances could allow a remote, authenticated attacker with low‑privileged access to compromise the confidentiality, integrity, and availability of the software. Successful exploitation allows the attacker to cross an authentication and authorization boundary beyond their originally assigned access, resulting in a scope change.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationEnvironmental Systems Research Institute, Inc. ("Esri")
Product-portal_for_arcgisarcgis_enterprisewindowslinux_kernelPortal for ArcGIS
CWE ID-CWE-287
Improper Authentication
CVE-2022-30163
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.5||HIGH
EPSS-0.59% / 69.44%
||
7 Day CHG~0.00%
Published-15 Jun, 2022 | 21:51
Updated-02 Jan, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Hyper-V Remote Code Execution Vulnerability

Windows Hyper-V Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows Server 2012 (Server Core installation)Windows Server version 20H2Windows 7 Service Pack 1Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2020-17095
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.5||HIGH
EPSS-0.69% / 71.97%
||
7 Day CHG~0.00%
Published-09 Dec, 2020 | 23:36
Updated-28 Aug, 2025 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Hyper-V Remote Code Execution Vulnerability

Windows Hyper-V Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows Server version 2004Windows 10 Version 1607Windows 10 Version 1809Windows Server, version 1903 (Server Core installation)Windows Server version 20H2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows 10 Version 2004Windows 10 Version 1909Windows 10 Version 1803Windows 10 Version 1903 for x64-based Systems
CVE-2020-1576
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.5||HIGH
EPSS-0.23% / 45.66%
||
7 Day CHG~0.00%
Published-11 Sep, 2020 | 17:09
Updated-23 Feb, 2026 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Remote Code Execution Vulnerability

<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p> <p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p> <p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_enterprise_serversharepoint_foundationsharepoint_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Server 2010 Service Pack 2Microsoft SharePoint Foundation 2013 Service Pack 1Microsoft SharePoint Foundation 2010 Service Pack 2Microsoft SharePoint Enterprise Server 2013 Service Pack 1Microsoft SharePoint Enterprise Server 2016
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2020-17084
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.5||HIGH
EPSS-0.19% / 40.86%
||
7 Day CHG~0.00%
Published-11 Nov, 2020 | 06:48
Updated-10 Sep, 2024 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2013 Cumulative Update 23Microsoft Exchange Server 2016 Cumulative Update 18Microsoft Exchange Server 2019 Cumulative Update 6Microsoft Exchange Server 2016 Cumulative Update 17Microsoft Exchange Server 2019 Cumulative Update 7
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-28182
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-8.5||HIGH
EPSS-1.14% / 78.64%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 19:15
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), where an unauthorized attacker on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution to cause denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-windowsvirtual_gpugpu_display_driverNVIDIA GPU Display Driver
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-26634
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.48% / 65.43%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 16:50
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Core Messaging Elevation of Privileges Vulnerability

Heap-based buffer overflow in Windows Core Messaging allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_11_22h2windows_10_22h2windows_11_24h2windows_10_1507windows_10_1607windows_server_2025windows_server_2019windows_11_23h2windows_server_2016windows_10_21h2windows_server_2022Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025 (Server Core installation)Windows 11 version 22H2Windows 11 version 22H3Windows 10 Version 1607Windows Server 2019Windows Server 2022Windows 10 Version 1507Windows Server 2025Windows Server 2016 (Server Core installation)Windows 11 Version 24H2Windows Server 2016Windows 10 Version 1809
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2015-3113
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-92.50% / 99.74%
||
7 Day CHG~0.00%
Published-23 Jun, 2015 | 21:00
Updated-21 Apr, 2026 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-04||The impacted product is end-of-life and should be disconnected if still in use.

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015.

Action-Not Available
Vendor-n/aApple Inc.openSUSELinux Kernel Organization, IncSUSERed Hat, Inc.HP Inc.Microsoft CorporationAdobe Inc.
Product-evergreenlinux_enterprise_desktopmac_os_xsystem_management_homepagesystems_insight_managerenterprise_linux_desktopinsight_orchestrationversion_control_repository_managerlinux_kernellinux_enterprise_workstation_extensionvirtual_connect_enterprise_managerversion_control_agententerprise_linux_serverenterprise_linux_workstationwindowsflash_playerenterprise_linux_eusopensusen/aFlash Player
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-24995
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.21% / 43.56%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 16:59
Updated-13 Feb, 2026 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_11_22h2windows_10_22h2windows_11_24h2windows_10_1507windows_10_1607windows_server_2025windows_server_2019windows_11_23h2windows_10_1809windows_server_2016windows_10_21h2windows_server_2022Windows Server 2025Windows 11 Version 23H2Windows 10 Version 1809Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows 11 version 22H2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-24063
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.69% / 72.04%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 16:59
Updated-13 Feb, 2026 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel Streaming Service Driver Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2016windows_10_1507windows_10_22h2windows_11_23h2windows_11_22h2windows_10_1607windows_server_2019windows_server_2022_23h2windows_server_2025windows_11_24h2windows_server_2008windows_10_1809windows_server_2022windows_10_21h2Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-24050
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.15% / 35.43%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 16:59
Updated-13 Feb, 2026 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Hyper-V Elevation of Privilege Vulnerability

Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_11_23h2windows_server_2019windows_server_2022_23h2windows_server_2025windows_11_24h2windows_10_22h2windows_11_22h2windows_10_1809windows_10_21h2windows_server_2022windows_server_2016Windows Server 2025Windows 11 Version 23H2Windows 10 Version 1809Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows 10 Version 21H2
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-24066
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.15% / 35.01%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 16:59
Updated-13 Feb, 2026 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel Streaming Service Driver Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_11_23h2windows_server_2022_23h2windows_server_2025windows_11_24h2windows_10_22h2windows_11_22h2windows_10_1507windows_10_21h2windows_server_2016Windows Server 2025Windows 11 Version 23H2Windows 10 Version 1809Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows 11 version 22H2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-7353
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.3||HIGH
EPSS-0.02% / 6.39%
||
7 Day CHG~0.00%
Published-28 Apr, 2026 | 22:35
Updated-30 Apr, 2026 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationGoogle LLCLinux Kernel Organization, Inc
Product-chromewindowslinux_kernelmacosChrome
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-23317
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-9.1||CRITICAL
EPSS-3.33% / 87.42%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 12:35
Updated-12 Aug, 2025 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Triton Inference Server contains a vulnerability in the HTTP server, where an attacker could start a reverse shell by sending a specially crafted HTTP request. A successful exploit of this vulnerability might lead to remote code execution, denial of service, data tampering, or information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-triton_inference_serverwindowslinux_kernelTriton Inference Server
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2022-28234
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.82% / 74.58%
||
7 Day CHG~0.00%
Published-11 May, 2022 | 17:29
Updated-17 Sep, 2024 | 02:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader DC Heap Overflow Could Lead to RCE

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) is affected by a heap-based buffer overflow vulnerability due to insecure handling of a crafted .pdf file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .pdf file

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-21178
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.36% / 58.02%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Remote Code Execution Vulnerability

Visual Studio Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_2017visual_studio_2022visual_studio_2019Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)Microsoft Visual Studio 2022 version 17.6Microsoft Visual Studio 2015 Update 3Microsoft Visual Studio 2022 version 17.12Microsoft Visual Studio 2022 version 17.10Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)Microsoft Visual Studio 2022 version 17.8
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-21305
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.22% / 79.32%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-13 Feb, 2026 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_10_1809windows_server_2008windows_11_24h2windows_11_22h2windows_server_2012windows_server_2016windows_server_2022windows_server_2022_23h2windows_10_21h2windows_10_1507windows_server_2019windows_10_22h2windows_server_2025windows_11_23h2Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-21171
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.59% / 69.48%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:03
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET Remote Code Execution Vulnerability

.NET Remote Code Execution Vulnerability

Action-Not Available
Vendor-Apple Inc.Linux Kernel Organization, IncMicrosoft Corporation
Product-windowsvisual_studio_2022linux_kernelpowershellmacos.netPowerShell 7.5.NET 9.0Microsoft Visual Studio 2022 version 17.6Microsoft Visual Studio 2022 version 17.12Microsoft Visual Studio 2022 version 17.10Microsoft Visual Studio 2022 version 17.8
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-21237
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.67% / 71.48%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:03
Updated-13 Feb, 2026 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_11_22h2windows_server_2022windows_server_2025windows_10_1607windows_10_22h2windows_10_21h2windows_server_2016windows_server_2019windows_11_24h2windows_10_1809windows_server_2022_23h2windows_server_2008windows_server_2012windows_11_23h2Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-21407
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.17% / 37.14%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:58
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2008windows_server_2025windows_10_1507windows_10_21h2windows_server_2022windows_10_1809windows_11_22h2windows_server_2016windows_server_2012windows_10_1607windows_server_2019windows_10_22h2windows_11_23h2windows_11_24h2Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2012Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2025 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2016Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows 11 version 22H3Windows Server 2019Windows 10 Version 1607Windows Server 2022Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2025Windows Server 2016 (Server Core installation)Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-21417
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-6.10% / 90.88%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-13 Feb, 2026 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2022_23h2windows_server_2008windows_server_2016windows_server_2019windows_server_2022windows_10_1607windows_10_1809windows_11_22h2windows_10_22h2windows_server_2025windows_11_23h2windows_server_2012windows_10_21h2windows_10_1507Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-21411
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-6.10% / 90.88%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:03
Updated-13 Feb, 2026 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2022_23h2windows_server_2008windows_server_2016windows_server_2019windows_server_2022windows_10_1607windows_10_1809windows_11_22h2windows_10_22h2windows_server_2025windows_11_23h2windows_server_2012windows_10_21h2windows_10_1507Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-21375
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.16% / 36.84%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:58
Updated-13 Feb, 2026 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_10_1809windows_10_22h2windows_10_21h2windows_server_2022_23h2windows_11_22h2windows_11_23h2windows_10_1607windows_11_24h2windows_server_2025windows_server_2022windows_10_1507windows_server_2019windows_server_2008windows_server_2016Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-20
Improper Input Validation
CVE-2025-21371
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.23% / 45.69%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:58
Updated-26 Feb, 2026 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_10_21h2windows_server_2008windows_server_2022windows_server_2022_23h2windows_11_24h2windows_server_2025windows_10_1809windows_10_22h2windows_server_2016windows_server_2019windows_11_23h2windows_server_2012windows_10_1607windows_11_22h2Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2012Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2025 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2016Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows 11 version 22H3Windows Server 2019Windows 10 Version 1607Windows Server 2022Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2025Windows Server 2016 (Server Core installation)Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-21369
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.34% / 56.40%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:58
Updated-13 Feb, 2026 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Digest Authentication Remote Code Execution Vulnerability

Microsoft Digest Authentication Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_10_1809windows_10_22h2windows_10_21h2windows_server_2022_23h2windows_11_22h2windows_11_23h2windows_10_1607windows_11_24h2windows_server_2025windows_server_2022windows_10_1507windows_server_2019windows_server_2008windows_server_2016Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-21273
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.65% / 82.23%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-13 Feb, 2026 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10_1507windows_10_22h2windows_10_1607windows_11_23h2windows_server_2019windows_server_2022windows_10_1809windows_11_24h2windows_server_2025windows_11_22h2windows_server_2012windows_10_21h2windows_server_2008windows_server_2022_23h2Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-21221
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.10% / 78.27%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:23
Updated-13 Feb, 2026 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Telephony Service Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_server_2022_23h2windows_10_1607windows_10_21h2windows_server_2008windows_server_2012windows_server_2019windows_11_23h2windows_server_2022windows_11_24h2windows_10_1809windows_server_2025windows_server_2016windows_11_22h2windows_10_22h2Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-21241
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.90% / 75.94%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:03
Updated-13 Feb, 2026 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_10_1809windows_11_24h2windows_11_22h2windows_server_2016windows_server_2022windows_server_2022_23h2windows_10_21h2windows_10_1507windows_server_2019windows_10_22h2windows_server_2025windows_11_23h2Windows Server 2025Windows 11 Version 23H2Windows 10 Version 1809Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows 11 version 22H2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-21418
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-13.27% / 94.23%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:58
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-03-04||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_22h2windows_server_2012windows_server_2008windows_10_21h2windows_11_23h2windows_11_24h2windows_server_2022windows_10_1607windows_10_22h2windows_server_2022_23h2windows_10_1809windows_server_2025windows_server_2019windows_server_2016Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2012Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2025 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2016Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows 11 version 22H3Windows Server 2019Windows 10 Version 1607Windows Server 2022Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2025Windows Server 2016 (Server Core installation)Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809Windows
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-21378
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.46% / 64.49%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-13 Feb, 2026 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows CSC Service Elevation of Privilege Vulnerability

Windows CSC Service Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2022_23h2windows_server_2025windows_10_21h2windows_11_23h2windows_server_2019windows_10_1507windows_server_2022windows_10_1607windows_10_22h2windows_11_22h2windows_server_2012windows_10_1809windows_11_24h2Windows Server 2025Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-21129
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.18% / 38.74%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:58
Updated-12 Feb, 2025 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Substance3D - Stager | Heap-based Buffer Overflow (CWE-122)

Substance3D - Stager versions 3.0.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Microsoft CorporationApple Inc.
Product-macoswindowssubstance_3d_stagerSubstance3D - Stager
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-21252
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.65% / 82.23%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:03
Updated-13 Feb, 2026 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_10_1809windows_server_2008windows_11_24h2windows_11_22h2windows_server_2012windows_server_2016windows_server_2022windows_server_2022_23h2windows_10_21h2windows_10_1507windows_server_2019windows_10_22h2windows_server_2025windows_11_23h2Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-21123
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.43%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:10
Updated-03 Mar, 2025 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
InDesign Desktop | Heap-based Buffer Overflow (CWE-122)

InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Microsoft CorporationApple Inc.
Product-macoswindowsindesignInDesign Desktop
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-21303
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.22% / 79.32%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:03
Updated-13 Feb, 2026 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_10_1809windows_server_2008windows_11_24h2windows_11_22h2windows_server_2012windows_server_2016windows_server_2022windows_server_2022_23h2windows_10_21h2windows_10_1507windows_server_2019windows_10_22h2windows_server_2025windows_11_23h2Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-21239
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.67% / 71.48%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:03
Updated-13 Feb, 2026 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_10_1809windows_11_24h2windows_11_22h2windows_server_2016windows_server_2022windows_server_2022_23h2windows_10_21h2windows_10_1507windows_server_2019windows_10_22h2windows_server_2025windows_11_23h2Windows Server 2025Windows 11 Version 23H2Windows 10 Version 1809Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows 11 version 22H2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-21333
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-82.28% / 99.24%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-02-04||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_22h2windows_10_21h2windows_11_24h2windows_11_23h2windows_10_22h2windows_server_2022_23h2windows_server_2025Windows 10 Version 21H2Windows 11 version 22H2Windows 11 version 22H3Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-41096
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 22.88%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 16:58
Updated-15 May, 2026 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows DNS Client Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_25h2windows_server_2025windows_11_26h1windows_11_24h2windows_server_2022_23h2windows_11_23h2Windows 11 Version 24H2Windows 11 version 26H1Windows Server 2025Windows 11 version 22H3Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025 (Server Core installation)Windows 11 Version 25H2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-40363
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.04% / 13.68%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 16:58
Updated-15 May, 2026 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-Microsoft 365 Apps for EnterpriseMicrosoft Office LTSC for Mac 2021Microsoft Office 2019Microsoft Office LTSC 2021Microsoft Office LTSC for Mac 2024Microsoft Office LTSC 2024Microsoft Office 2016Microsoft Office for Android
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-40377
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.56%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 16:58
Updated-15 May, 2026 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Cryptographic Services Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_22h2windows_10_21h2windows_10_1809windows_11_25h2windows_server_2022windows_server_2025windows_10_1607windows_server_2019windows_11_26h1windows_11_24h2windows_server_2022_23h2windows_server_2016windows_11_23h2windows_server_2012Windows Server 2019Windows 11 version 26H1Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H3Windows Server 2012Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025 (Server Core installation)Windows 11 Version 25H2Windows 10 Version 22H2Windows 10 Version 21H2Windows Server 2016Windows 11 Version 24H2Windows Server 2012 R2Windows Server 2019 (Server Core installation)Windows Server 2025Windows Server 2022Windows Server 2012 (Server Core installation)Windows 11 Version 23H2Windows Server 2016 (Server Core installation)Windows 10 Version 1607
CWE ID-CWE-122
Heap-based Buffer Overflow
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 14
  • 15
  • Next
Details not found