Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE CATEGORY:CERT C++ Secure Coding Section 08 - Memory Management (MEM)
Category ID:876
Vulnerability Mapping:Prohibited
Status:Incomplete
DetailsContent HistoryObserved CVE ExamplesReports
40199Vulnerabilities found
CVE-2025-53718
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.04% / 13.16%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:10
Updated-28 Aug, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_10_1507windows_server_2019windows_server_2025windows_server_2008windows_10_22h2windows_server_2016windows_server_2012windows_10_1607windows_server_2022_23h2windows_11_22h2windows_server_2022windows_10_21h2windows_11_23h2windows_10_1809Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1507Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 1607Windows 11 version 22H2Windows Server 2012Windows 11 version 22H3Windows 11 Version 23H2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 21H2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2016Windows Server 2025 (Server Core installation)Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2022Windows Server 2008 R2 Service Pack 1Windows 10 Version 22H2Windows 10 Version 1809Windows Server 2008 Service Pack 2Windows Server 2019Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)
CWE ID-CWE-416
Use After Free
CVE-2025-53716
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 37.60%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:10
Updated-28 Aug, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability

Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to deny service over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2019windows_server_2025windows_10_22h2windows_server_2022_23h2windows_11_22h2windows_server_2022windows_10_21h2windows_11_23h2windows_10_1809Windows 10 Version 21H2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 11 Version 24H2Windows Server 2022Windows 10 Version 22H2Windows 10 Version 1809Windows 11 version 22H2Windows Server 2019Windows 11 version 22H3Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 23H2
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-53154
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.74%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:10
Updated-28 Aug, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_10_1507windows_server_2019windows_server_2025windows_server_2008windows_10_22h2windows_server_2016windows_server_2012windows_10_1607windows_server_2022_23h2windows_11_22h2windows_server_2022windows_10_21h2windows_11_23h2windows_10_1809Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1507Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 1607Windows 11 version 22H2Windows Server 2012Windows 11 version 22H3Windows 11 Version 23H2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 21H2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2016Windows Server 2025 (Server Core installation)Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2022Windows Server 2008 R2 Service Pack 1Windows 10 Version 22H2Windows 10 Version 1809Windows Server 2008 Service Pack 2Windows Server 2019Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-53152
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.74%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:10
Updated-28 Aug, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Desktop Windows Manager Remote Code Execution Vulnerability

Use after free in Desktop Windows Manager allows an authorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_server_2019windows_server_2008windows_10_22h2windows_server_2016windows_server_2012windows_10_1607windows_11_22h2windows_server_2022windows_10_21h2windows_11_23h2windows_10_1809Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1507Windows 10 Version 1607Windows 11 version 22H2Windows Server 2012Windows 11 version 22H3Windows 11 Version 23H2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 21H2Windows Server 2012 R2Windows Server 2019 (Server Core installation)Windows Server 2016Windows Server 2012 (Server Core installation)Windows Server 2022Windows Server 2008 R2 Service Pack 1Windows 10 Version 22H2Windows 10 Version 1809Windows Server 2019Windows Server 2016 (Server Core installation)
CWE ID-CWE-416
Use After Free
CVE-2025-53151
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.74%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:10
Updated-28 Aug, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2019windows_server_2025windows_10_22h2windows_server_2022_23h2windows_11_22h2windows_server_2022windows_10_21h2windows_11_23h2windows_10_1809Windows 10 Version 21H2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 11 Version 24H2Windows Server 2022Windows 10 Version 22H2Windows 10 Version 1809Windows 11 version 22H2Windows Server 2019Windows 11 version 22H3Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 23H2
CWE ID-CWE-416
Use After Free
CVE-2025-53147
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.04% / 13.16%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:10
Updated-28 Aug, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_10_1507windows_server_2019windows_server_2025windows_server_2008windows_10_22h2windows_server_2016windows_server_2012windows_10_1607windows_server_2022_23h2windows_11_22h2windows_server_2022windows_10_21h2windows_11_23h2windows_10_1809Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1507Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 1607Windows 11 version 22H2Windows Server 2012Windows 11 version 22H3Windows 11 Version 23H2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 21H2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2016Windows Server 2025 (Server Core installation)Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2022Windows Server 2008 R2 Service Pack 1Windows 10 Version 22H2Windows 10 Version 1809Windows Server 2008 Service Pack 2Windows Server 2019Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)
CWE ID-CWE-416
Use After Free
CVE-2025-53142
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.04% / 13.16%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:10
Updated-28 Aug, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Brokering File System Elevation of Privilege Vulnerability

Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2025windows_server_2022_23h2windows_11_22h2windows_11_23h2Windows Server 2025Windows Server 2025 (Server Core installation)Windows 11 Version 24H2Windows 11 version 22H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows 11 Version 23H2
CWE ID-CWE-416
Use After Free
CVE-2025-53141
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.74%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:10
Updated-28 Aug, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_10_1507windows_server_2019windows_server_2025windows_server_2008windows_10_22h2windows_server_2016windows_server_2012windows_10_1607windows_server_2022_23h2windows_11_22h2windows_server_2022windows_10_21h2windows_11_23h2windows_10_1809Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1507Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 1607Windows 11 version 22H2Windows Server 2012Windows 11 version 22H3Windows 11 Version 23H2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 21H2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2016Windows Server 2025 (Server Core installation)Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2022Windows Server 2008 R2 Service Pack 1Windows 10 Version 22H2Windows 10 Version 1809Windows Server 2008 Service Pack 2Windows Server 2019Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-53140
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.04% / 13.16%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:10
Updated-28 Aug, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Transaction Manager Elevation of Privilege Vulnerability

Use after free in Kernel Transaction Manager allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_10_1507windows_server_2019windows_server_2025windows_server_2008windows_10_22h2windows_server_2016windows_server_2012windows_10_1607windows_server_2022_23h2windows_11_22h2windows_server_2022windows_10_21h2windows_11_23h2windows_10_1809Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1507Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 1607Windows 11 version 22H2Windows Server 2012Windows 11 version 22H3Windows 11 Version 23H2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 21H2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2016Windows Server 2025 (Server Core installation)Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2022Windows Server 2008 R2 Service Pack 1Windows 10 Version 22H2Windows 10 Version 1809Windows Server 2008 Service Pack 2Windows Server 2019Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)
CWE ID-CWE-416
Use After Free
CVE-2025-53137
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.04% / 13.16%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:10
Updated-28 Aug, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_11_23h2windows_10_22h2windows_server_2008windows_server_2019windows_10_1507windows_server_2022windows_server_2022_23h2windows_10_1809windows_10_21h2windows_server_2016windows_server_2025windows_11_24h2windows_11_22h2windows_server_2012Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1507Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 1607Windows 11 version 22H2Windows Server 2012Windows 11 version 22H3Windows 11 Version 23H2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 21H2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2016Windows Server 2025 (Server Core installation)Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2022Windows Server 2008 R2 Service Pack 1Windows 10 Version 22H2Windows 10 Version 1809Windows Server 2008 Service Pack 2Windows Server 2019Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)
CWE ID-CWE-416
Use After Free
CVE-2025-53133
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.16%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:10
Updated-28 Aug, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability

Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2025windows_11_24h2Windows Server 2025Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-416
Use After Free
CVE-2025-53132
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8||HIGH
EPSS-0.06% / 17.31%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:10
Updated-28 Aug, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Win32k Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_11_23h2windows_10_22h2windows_server_2008windows_server_2019windows_10_1507windows_server_2022windows_server_2022_23h2windows_10_1809windows_10_21h2windows_server_2016windows_server_2025windows_11_24h2windows_11_22h2windows_server_2012Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1507Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 1607Windows 11 version 22H2Windows Server 2012Windows 11 version 22H3Windows 11 Version 23H2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 21H2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2016Windows Server 2025 (Server Core installation)Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2022Windows Server 2008 R2 Service Pack 1Windows 10 Version 22H2Windows 10 Version 1809Windows Server 2008 Service Pack 2Windows Server 2019Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-416
Use After Free
CVE-2025-50177
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-0.11% / 30.11%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:10
Updated-28 Aug, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Use after free in Windows Message Queuing allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_11_23h2windows_10_22h2windows_server_2008windows_server_2019windows_10_1507windows_server_2022windows_server_2022_23h2windows_10_1809windows_10_21h2windows_server_2016windows_server_2025windows_11_24h2windows_11_22h2windows_server_2012Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1507Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 1607Windows 11 version 22H2Windows Server 2012Windows 11 version 22H3Windows 11 Version 23H2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 21H2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2016Windows Server 2025 (Server Core installation)Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2022Windows Server 2008 R2 Service Pack 1Windows 10 Version 22H2Windows 10 Version 1809Windows Server 2008 Service Pack 2Windows Server 2019Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-416
Use After Free
CVE-2025-50172
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.94% / 82.67%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:10
Updated-28 Aug, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DirectX Graphics Kernel Denial of Service Vulnerability

Allocation of resources without limits or throttling in Windows DirectX allows an authorized attacker to deny service over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_23h2windows_10_22h2windows_server_2019windows_server_2022windows_server_2022_23h2windows_10_1809windows_10_21h2windows_server_2025windows_11_24h2windows_11_22h2Windows 10 Version 21H2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 11 Version 24H2Windows Server 2022Windows 10 Version 22H2Windows 10 Version 1809Windows 11 version 22H2Windows Server 2019Windows 11 version 22H3Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 23H2
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-50169
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 17.27%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:10
Updated-28 Aug, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows SMB Remote Code Execution Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2025windows_11_24h2Windows Server 2025Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-415
Double Free
CVE-2025-50167
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.04% / 11.24%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:10
Updated-28 Aug, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Hyper-V Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1809windows_10_22h2windows_server_2012windows_server_2019windows_10_1507windows_server_2022_23h2windows_10_21h2windows_11_23h2windows_server_2022windows_server_2016windows_server_2025windows_11_24h2windows_10_1607windows_11_22h2Windows 11 Version 24H2Windows 10 Version 1507Windows 10 Version 1607Windows 11 version 22H2Windows Server 2012Windows 11 version 22H3Windows 11 Version 23H2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 21H2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2016Windows Server 2025 (Server Core installation)Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows Server 2022Windows 10 Version 22H2Windows 10 Version 1809Windows Server 2019Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-416
Use After Free
CVE-2025-50166
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.80%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:10
Updated-28 Aug, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Distributed Transaction Coordinator (MSDTC) Information Disclosure Vulnerability

Integer overflow or wraparound in Windows Distributed Transaction Coordinator allows an authorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1809windows_10_22h2windows_server_2012windows_server_2008windows_server_2019windows_10_1507windows_server_2022_23h2windows_10_21h2windows_11_23h2windows_server_2022windows_server_2016windows_server_2025windows_11_24h2windows_10_1607windows_11_22h2Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1507Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 1607Windows 11 version 22H2Windows Server 2012Windows 11 version 22H3Windows 11 Version 23H2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 21H2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2016Windows Server 2025 (Server Core installation)Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2022Windows Server 2008 R2 Service Pack 1Windows 10 Version 22H2Windows 10 Version 1809Windows Server 2008 Service Pack 2Windows Server 2019Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-50165
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.40% / 59.86%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:10
Updated-28 Aug, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Graphics Component Remote Code Execution Vulnerability

Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2025windows_11_24h2Windows Server 2025Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-822
Untrusted Pointer Dereference
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2025-50159
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.06% / 18.37%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:10
Updated-28 Aug, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Access Point-to-Point Protocol (PPP) EAP-TLS Elevation of Privilege Vulnerability

Use after free in Remote Access Point-to-Point Protocol (PPP) EAP-TLS allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1809windows_10_22h2windows_server_2012windows_server_2019windows_10_1507windows_server_2022_23h2windows_10_21h2windows_11_23h2windows_server_2022windows_server_2016windows_server_2025windows_11_24h2windows_10_1607windows_11_22h2Windows 11 Version 24H2Windows 10 Version 1507Windows 10 Version 1607Windows 11 version 22H2Windows Server 2012Windows 11 version 22H3Windows 11 Version 23H2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 21H2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2016Windows Server 2025 (Server Core installation)Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows Server 2022Windows 10 Version 22H2Windows 10 Version 1809Windows Server 2019Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)
CWE ID-CWE-416
Use After Free
CVE-2025-50153
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.74%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:09
Updated-28 Aug, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Desktop Windows Manager Elevation of Privilege Vulnerability

Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1809windows_10_22h2windows_server_2012windows_server_2008windows_server_2019windows_10_1507windows_10_21h2windows_11_23h2windows_server_2022windows_server_2016windows_10_1607windows_11_22h2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1507Windows 10 Version 1607Windows 11 version 22H2Windows Server 2012Windows 11 version 22H3Windows 11 Version 23H2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 21H2Windows Server 2012 R2Windows Server 2019 (Server Core installation)Windows Server 2016Windows Server 2012 (Server Core installation)Windows Server 2022Windows Server 2008 R2 Service Pack 1Windows 10 Version 22H2Windows 10 Version 1809Windows Server 2019Windows Server 2016 (Server Core installation)
CWE ID-CWE-416
Use After Free
CVE-2025-49761
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.74%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:09
Updated-28 Aug, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_11_23h2windows_10_22h2windows_server_2008windows_server_2019windows_10_1507windows_server_2022windows_server_2022_23h2windows_10_1809windows_10_21h2windows_server_2016windows_server_2025windows_11_24h2windows_11_22h2windows_server_2012Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1507Windows 10 Version 1607Windows 11 version 22H2Windows Server 2012Windows 11 version 22H3Windows 11 Version 23H2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 21H2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2016Windows Server 2025 (Server Core installation)Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows Server 2022Windows Server 2008 R2 Service Pack 1Windows 10 Version 22H2Windows 10 Version 1809Windows Server 2019Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)
CWE ID-CWE-416
Use After Free
CVE-2025-49743
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 14.53%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:09
Updated-28 Aug, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Graphics Component Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1809windows_10_22h2windows_server_2012windows_server_2008windows_server_2019windows_10_1507windows_server_2022_23h2windows_10_21h2windows_11_23h2windows_server_2022windows_server_2016windows_server_2025windows_11_24h2windows_10_1607windows_11_22h2Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1507Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 1607Windows 11 version 22H2Windows Server 2012Windows 11 version 22H3Windows 11 Version 23H2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 21H2Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2016Windows Server 2025 (Server Core installation)Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2022Windows Server 2008 R2 Service Pack 1Windows 10 Version 22H2Windows 10 Version 1809Windows Server 2008 Service Pack 2Windows Server 2019Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-416
Use After Free
CVE-2025-25005
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 35.13%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:09
Updated-28 Aug, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Tampering Vulnerability

Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2019 Cumulative Update 14Microsoft Exchange Server 2019 Cumulative Update 15Microsoft Exchange Server 2016 Cumulative Update 23Microsoft Exchange Server Subscription Edition RTM
CWE ID-CWE-20
Improper Input Validation
CVE-2025-53761
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.46%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:09
Updated-28 Aug, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft PowerPoint Remote Code Execution Vulnerability

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsoffice_long_term_servicing_channelpowerpointofficeMicrosoft Office LTSC 2021Microsoft 365 Apps for EnterpriseMicrosoft PowerPoint 2016Microsoft Office LTSC 2024Microsoft Office 2019
CWE ID-CWE-416
Use After Free
CVE-2025-53730
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.46%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:09
Updated-28 Aug, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Visio Remote Code Execution Vulnerability

Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsoffice_long_term_servicing_channelofficeMicrosoft Office LTSC 2024Microsoft Office LTSC 2021Microsoft Office 2019Microsoft 365 Apps for Enterprise
CWE ID-CWE-416
Use After Free
CVE-2025-49568
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.47%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:01
Updated-14 Aug, 2025 | 01:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Illustrator | Use After Free (CWE-416)

Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-macosillustratorwindowsIllustrator
CWE ID-CWE-416
Use After Free
CVE-2025-49567
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.33%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:01
Updated-14 Aug, 2025 | 01:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Illustrator | NULL Pointer Dereference (CWE-476)

Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-macosillustratorwindowsIllustrator
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-32004
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-1.8||LOW
EPSS-0.02% / 3.18%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 16:59
Updated-15 Aug, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in the Intel Edger8r Tool for some Intel(R) SGX SDK may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) SGX SDK
CWE ID-CWE-20
Improper Input Validation
CVE-2025-27537
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 8.55%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 16:59
Updated-13 Aug, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable escalation of privilege via adjacent access.

Action-Not Available
Vendor-n/a
Product-Edge Orchestrator software
CWE ID-CWE-20
Improper Input Validation
CVE-2025-24515
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.01% / 1.80%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 16:59
Updated-13 Aug, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NULL pointer dereference for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable denial of service via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) Graphics Drivers
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-24511
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-2||LOW
EPSS-0.01% / 1.48%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 16:59
Updated-13 Aug, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper initialization in the Linux kernel-mode driver for some Intel(R) I350 Series Ethernet before version 5.19.2 may allow an authenticated user to potentially enable Information disclosure via data exposure.

Action-Not Available
Vendor-n/a
Product-Intel(R) I350 Series Ethernet
CWE ID-CWE-665
Improper Initialization
CVE-2025-24486
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-8.8||HIGH
EPSS-0.02% / 3.92%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 16:59
Updated-14 Aug, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) 700 Series Ethernet
CWE ID-CWE-20
Improper Input Validation
CVE-2025-24484
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-8.8||HIGH
EPSS-0.02% / 3.92%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 16:58
Updated-14 Aug, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) 800 Series Ethernet
CWE ID-CWE-20
Improper Input Validation
CVE-2025-24325
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-9.3||CRITICAL
EPSS-0.02% / 3.92%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 16:58
Updated-14 Aug, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) 800 Series Ethernet
CWE ID-CWE-20
Improper Input Validation
CVE-2025-24324
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-2||LOW
EPSS-0.01% / 1.63%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 16:58
Updated-14 Aug, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow or wraparound in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) 800 Series Ethernet
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-24303
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-8.8||HIGH
EPSS-0.01% / 1.84%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 16:58
Updated-14 Aug, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper check for unusual or exceptional conditions in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) 800 Series Ethernet
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2025-24296
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.02% / 2.16%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 16:58
Updated-13 Aug, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in some firmware for the Intel(R) E810 Ethernet before version 4.6 may allow a privileged user to enable denial of service via local access.

Action-Not Available
Vendor-n/a
Product-firmware for the Intel(R) E810 Ethernet
CWE ID-CWE-20
Improper Input Validation
CVE-2025-23241
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-8.4||HIGH
EPSS-0.01% / 1.80%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 16:58
Updated-13 Aug, 2025 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow or wraparound in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable denial of service via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) 800 Series Ethernet
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-22836
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-8.8||HIGH
EPSS-0.01% / 1.84%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 16:58
Updated-14 Aug, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow or wraparound in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) 800 Series Ethernet
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-21096
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-2||LOW
EPSS-0.01% / 1.97%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 16:58
Updated-13 Aug, 2025 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper buffer restrictions in the firmware for some Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) TDX
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-21086
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 3.90%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 16:58
Updated-14 Aug, 2025 | 03:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable escalation of privilege.

Action-Not Available
Vendor-n/a
Product-Intel(R) 700 Series Ethernet
CWE ID-CWE-20
Improper Input Validation
CVE-2025-20625
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.22%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 16:58
Updated-13 Aug, 2025 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper conditions check for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.110.0.5 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

Action-Not Available
Vendor-n/a
Product-Intel(R) PROSet/Wireless WiFi Software for Windows
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2025-20093
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-8.6||HIGH
EPSS-0.01% / 1.50%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 16:58
Updated-14 Aug, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper check for unusual or exceptional conditions in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) 800 Series Ethernet
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2025-20090
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.01% / 1.80%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 16:58
Updated-13 Aug, 2025 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted Pointer Dereference for some Intel(R) QuickAssist Technology software before version 2.5.0 may allow an authenticated user to potentially enable denial of service via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) QuickAssist Technology software
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2025-20053
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-7||HIGH
EPSS-0.01% / 1.99%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 16:58
Updated-13 Aug, 2025 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper buffer restrictions for some Intel(R) Xeon(R) Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) Xeon(R) Processor firmware with SGX enabled
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2024-38805
Assigner-TianoCore.org
ShareView Details
Assigner-TianoCore.org
CVSS Score-6.3||MEDIUM
EPSS-0.02% / 2.96%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 14:13
Updated-13 Aug, 2025 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
iSCSI Remote Memory Corruption and Denial of Service

EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service.

Action-Not Available
Vendor-TianoCore
Product-EDK2
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-22834
Assigner-AMI
ShareView Details
Assigner-AMI
CVSS Score-4.2||MEDIUM
EPSS-0.01% / 2.04%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 14:02
Updated-12 Aug, 2025 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ThirdPartyVideo SetVariable Vulnerability

AMI APTIOV contains a vulnerability in BIOS where a user may cause “Improper Initialization” by local accessing. Successful exploitation of this vulnerability may leave the resource in an unexpected state and potentially impact confidentiality, integrity, and availability.

Action-Not Available
Vendor-AMI
Product-AptioV
CWE ID-CWE-665
Improper Initialization
CVE-2025-40746
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-9.4||CRITICAL
EPSS-0.27% / 50.25%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 11:17
Updated-20 Aug, 2025 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.2). Affected products do not properly validate input for a backup script. This could allow an authenticated remote attacker with high privileges in the application to execute arbitrary code with 'NT Authority/SYSTEM' privileges.

Action-Not Available
Vendor-Siemens AG
Product-simatic_rtls_locating_managerSIMATIC RTLS Locating Manager
CWE ID-CWE-20
Improper Input Validation
CVE-2025-40570
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-2.4||LOW
EPSS-0.01% / 1.23%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 11:17
Updated-12 Aug, 2025 | 20:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V10.0), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7KE85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SA82 (CP150) (All versions < V10.0), SIPROTEC 5 7SA86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SA87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SD82 (CP150) (All versions < V10.0), SIPROTEC 5 7SD86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SD87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SJ81 (CP150) (All versions < V10.0), SIPROTEC 5 7SJ82 (CP150) (All versions < V10.0), SIPROTEC 5 7SJ85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SJ86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SK82 (CP150) (All versions < V10.0), SIPROTEC 5 7SK85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SL82 (CP150) (All versions < V10.0), SIPROTEC 5 7SL86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SL87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SS85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7ST85 (CP300) (All versions < V10.0), SIPROTEC 5 7ST86 (CP300) (All versions < V10.0), SIPROTEC 5 7SX82 (CP150) (All versions < V10.0), SIPROTEC 5 7SX85 (CP300) (All versions < V10.0), SIPROTEC 5 7SY82 (CP150) (All versions < V10.0), SIPROTEC 5 7UM85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7UT82 (CP150) (All versions < V10.0), SIPROTEC 5 7UT85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7UT86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7UT87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7VE85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7VK87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7VU85 (CP300) (All versions < V10.0), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V10.0). Affected devices do not properly limit the bandwidth for incoming network packets over their local USB port. This could allow an attacker with physical access to send specially crafted packets with high bandwidth to the affected devices thus forcing them to exhaust their memory and stop responding to any network traffic via the local USB port. Affected devices reset themselves automatically after a successful attack. The protection function is not affected of this vulnerability.

Action-Not Available
Vendor-Siemens AG
Product-SIPROTEC 5 7SA82 (CP150)SIPROTEC 5 7SL86 (CP300)SIPROTEC 5 7UM85 (CP300)SIPROTEC 5 7SS85 (CP300)SIPROTEC 5 7UT87 (CP300)SIPROTEC 5 7SY82 (CP150)SIPROTEC 5 7SJ82 (CP150)SIPROTEC 5 7VK87 (CP300)SIPROTEC 5 7ST86 (CP300)SIPROTEC 5 Compact 7SX800 (CP050)SIPROTEC 5 6MD85 (CP300)SIPROTEC 5 7SD87 (CP300)SIPROTEC 5 7SK85 (CP300)SIPROTEC 5 7UT86 (CP300)SIPROTEC 5 7KE85 (CP300)SIPROTEC 5 6MD86 (CP300)SIPROTEC 5 7SJ85 (CP300)SIPROTEC 5 6MU85 (CP300)SIPROTEC 5 7SD82 (CP150)SIPROTEC 5 7SD86 (CP300)SIPROTEC 5 7SX82 (CP150)SIPROTEC 5 7VE85 (CP300)SIPROTEC 5 7UT82 (CP150)SIPROTEC 5 7SJ81 (CP150)SIPROTEC 5 6MD89 (CP300)SIPROTEC 5 7SL87 (CP300)SIPROTEC 5 7SJ86 (CP300)SIPROTEC 5 7SA86 (CP300)SIPROTEC 5 7SX85 (CP300)SIPROTEC 5 7SA87 (CP300)SIPROTEC 5 7SL82 (CP150)SIPROTEC 5 6MD84 (CP300)SIPROTEC 5 7SK82 (CP150)SIPROTEC 5 7UT85 (CP300)SIPROTEC 5 7ST85 (CP300)SIPROTEC 5 7VU85 (CP300)
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-52504
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.11% / 29.51%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 11:16
Updated-12 Aug, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIPROTEC 4 6MD61 (All versions), SIPROTEC 4 6MD63 (All versions), SIPROTEC 4 6MD66 (All versions), SIPROTEC 4 6MD665 (All versions), SIPROTEC 4 7SA522 (All versions), SIPROTEC 4 7SA6 (All versions < V4.78), SIPROTEC 4 7SD5 (All versions < V4.78), SIPROTEC 4 7SD610 (All versions < V4.78), SIPROTEC 4 7SJ61 (All versions), SIPROTEC 4 7SJ62 (All versions), SIPROTEC 4 7SJ63 (All versions), SIPROTEC 4 7SJ64 (All versions), SIPROTEC 4 7SJ66 (All versions), SIPROTEC 4 7SS52 (All versions), SIPROTEC 4 7ST6 (All versions), SIPROTEC 4 7UM61 (All versions), SIPROTEC 4 7UM62 (All versions), SIPROTEC 4 7UT612 (All versions), SIPROTEC 4 7UT613 (All versions), SIPROTEC 4 7UT63 (All versions), SIPROTEC 4 7VE6 (All versions), SIPROTEC 4 7VK61 (All versions), SIPROTEC 4 7VU683 (All versions), SIPROTEC 4 Compact 7RW80 (All versions), SIPROTEC 4 Compact 7SD80 (All versions), SIPROTEC 4 Compact 7SJ80 (All versions), SIPROTEC 4 Compact 7SJ81 (All versions), SIPROTEC 4 Compact 7SK80 (All versions), SIPROTEC 4 Compact 7SK81 (All versions). Affected devices do not properly handle interrupted operations of file transfer. This could allow an unauthenticated remote attacker to cause a denial of service condition. To restore normal operations, the devices need to be restarted.

Action-Not Available
Vendor-Siemens AG
Product-SIPROTEC 4 Compact 7RW80SIPROTEC 4 Compact 7SD80SIPROTEC 4 7VU683SIPROTEC 4 7SA522SIPROTEC 4 6MD63SIPROTEC 4 7SD610SIPROTEC 4 7SA6SIPROTEC 4 7UT612SIPROTEC 4 7UT613SIPROTEC 4 Compact 7SJ80SIPROTEC 4 6MD66SIPROTEC 4 7VK61SIPROTEC 4 Compact 7SK80SIPROTEC 4 6MD61SIPROTEC 4 Compact 7SK81SIPROTEC 4 7ST6SIPROTEC 4 7VE6SIPROTEC 4 7SJ66SIPROTEC 4 6MD665SIPROTEC 4 7SD5SIPROTEC 4 7UT63SIPROTEC 4 7SJ61SIPROTEC 4 7SJ62SIPROTEC 4 7SS52SIPROTEC 4 7SJ63SIPROTEC 4 7UM61SIPROTEC 4 7UM62SIPROTEC 4 Compact 7SJ81SIPROTEC 4 7SJ64
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2025-43736
Assigner-Liferay, Inc.
ShareView Details
Assigner-Liferay, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.06% / 17.18%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 11:01
Updated-12 Aug, 2025 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial Of Service via File Upload (DOS) vulnerability in the Liferay Portal 7.4.3.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.8, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allows a user to upload more than 300kb profile picture into the user profile. This size more than the noted max 300kb size. This extra amount of data can make Liferay slower.

Action-Not Available
Vendor-Liferay Inc.
Product-DXPPortal
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • ...
  • 803
  • 804
  • Next