ReportizFlow
Filtered by vendor Microsoft
Subscriptions
Total
21964 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-50159 | 1 Microsoft | 19 Windows, Windows 10, Windows 10 1507 and 16 more | 2025-08-28 | 7.3 High |
| Use after free in Remote Access Point-to-Point Protocol (PPP) EAP-TLS allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-50158 | 1 Microsoft | 19 Windows, Windows 10 1507, Windows 10 1607 and 16 more | 2025-08-28 | 7 High |
| Time-of-check time-of-use (toctou) race condition in Windows NTFS allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2025-50156 | 1 Microsoft | 13 Server, Windows, Windows 2008 and 10 more | 2025-08-28 | 5.7 Medium |
| Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. | ||||
| CVE-2025-50154 | 1 Microsoft | 19 Windows, Windows 10 1507, Windows 10 1607 and 16 more | 2025-08-28 | 7.5 High |
| Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-50153 | 1 Microsoft | 19 Server, Windows, Windows 10 and 16 more | 2025-08-28 | 7.8 High |
| Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-49762 | 1 Microsoft | 21 Windows, Windows 10, Windows 10 1507 and 18 more | 2025-08-28 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-49761 | 1 Microsoft | 21 Server, Windows, Windows 10 1507 and 18 more | 2025-08-28 | 7.8 High |
| Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-49759 | 1 Microsoft | 6 Server, Sql Server, Sql Server 2016 and 3 more | 2025-08-28 | 8.8 High |
| Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-49757 | 1 Microsoft | 14 Server, Windows, Windows 2008 and 11 more | 2025-08-28 | 8.8 High |
| Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-49743 | 1 Microsoft | 21 Windows, Windows 10, Windows 10 1507 and 18 more | 2025-08-28 | 6.7 Medium |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-25005 | 1 Microsoft | 1 Exchange Server | 2025-08-28 | 6.5 Medium |
| Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network. | ||||
| CVE-2025-55230 | 1 Microsoft | 5 Windows, Windows 10, Windows 11 and 2 more | 2025-08-28 | 7.8 High |
| Untrusted pointer dereference in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-53795 | 1 Microsoft | 1 Pc Manager | 2025-08-28 | 9.1 Critical |
| Improper authorization in Microsoft PC Manager allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-53763 | 1 Microsoft | 1 Azure | 2025-08-28 | 9.8 Critical |
| Improper access control in Azure Databricks allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-53786 | 1 Microsoft | 2 Exchange, Exchange Server | 2025-08-28 | 8 High |
| On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. Microsoft made these changes in the general interest of improving the security of hybrid Exchange deployments. Following further investigation, Microsoft identified specific security implications tied to the guidance and configuration steps outlined in the April announcement. Microsoft is issuing CVE-2025-53786 to document a vulnerability that is addressed by taking the steps documented with the April 18th announcement. Microsoft strongly recommends reading the information, installing the April 2025 (or later) Hot Fix and implementing the changes in your Exchange Server and hybrid environment. | ||||
| CVE-2025-53781 | 1 Microsoft | 3 Azure, Azure Virtual Machine, Virtual Machine | 2025-08-28 | 7.7 High |
| Exposure of sensitive information to an unauthorized actor in Azure Virtual Machines allows an authorized attacker to disclose information over a network. | ||||
| CVE-2025-53773 | 2 Github, Microsoft | 3 Copilot, Visual Studio, Visual Studio 2022 | 2025-08-28 | 7.8 High |
| Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-53772 | 1 Microsoft | 2 Web Deploy, Web Deploy 4.0 | 2025-08-28 | 8.8 High |
| Deserialization of untrusted data in Web Deploy allows an authorized attacker to execute code over a network. | ||||
| CVE-2025-24999 | 1 Microsoft | 5 Sql Server, Sql Server 2016, Sql Server 2017 and 2 more | 2025-08-28 | 8.8 High |
| Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-53761 | 1 Microsoft | 10 365, 365 Apps, Office and 7 more | 2025-08-28 | 7.8 High |
| Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. | ||||