ReportizFlow
Filtered by vendor Microsoft
Subscriptions
Total
21964 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-53760 | 1 Microsoft | 3 Sharepoint Enterprise Server 2016, Sharepoint Server, Sharepoint Server 2019 | 2025-08-28 | 7.1 High |
| Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-53759 | 1 Microsoft | 11 365, 365 Apps, Excel and 8 more | 2025-08-28 | 7.8 High |
| Use of uninitialized resource in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-53741 | 1 Microsoft | 13 365, 365 Apps, Excel and 10 more | 2025-08-28 | 7.8 High |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-53730 | 1 Microsoft | 8 365, 365 Apps, Office and 5 more | 2025-08-28 | 7.8 High |
| Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-53729 | 1 Microsoft | 1 Azure File Sync | 2025-08-28 | 7.8 High |
| Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-53727 | 1 Microsoft | 6 Sql 2016 Azure Connect Feature Pack, Sql Server, Sql Server 2016 and 3 more | 2025-08-28 | 8.8 High |
| Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-49758 | 1 Microsoft | 6 Sql 2016 Azure Connect Feature Pack, Sql Server, Sql Server 2016 and 3 more | 2025-08-28 | 8.8 High |
| Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-49745 | 1 Microsoft | 1 Dynamics 365 | 2025-08-28 | 5.4 Medium |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-49751 | 1 Microsoft | 19 Hyper-v, Server, Windows and 16 more | 2025-08-28 | 6.8 Medium |
| Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network. | ||||
| CVE-2025-8901 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-08-28 | 8.8 High |
| Out of bounds write in ANGLE in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-8879 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-08-28 | 8.8 High |
| Heap buffer overflow in libaom in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to potentially exploit heap corruption via a curated set of gestures. (Chromium security severity: High) | ||||
| CVE-2025-8011 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-08-28 | 8.8 High |
| Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-8010 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-08-28 | 8.8 High |
| Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-25045 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-08-28 | 4.3 Medium |
| IBM InfoSphere Information 11.7 Server authenticated user to obtain sensitive information when a detailed technical error message is returned in a request. This information could be used in further attacks against the system. | ||||
| CVE-2024-52903 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2025-08-28 | 5.3 Medium |
| IBM Db2 for Linux, UNIX and Windows 12.1.0 and 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | ||||
| CVE-2025-1992 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2025-08-28 | 5.3 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user in federation environment, to cause a denial of service due to insufficient release of allocated memory after usage. | ||||
| CVE-2024-30040 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-08-28 | 8.8 High |
| Windows MSHTML Platform Security Feature Bypass Vulnerability | ||||
| CVE-2023-41234 | 2 Intel, Microsoft | 2 Power Gadget, Windows | 2025-08-28 | 5 Medium |
| NULL pointer dereference in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2023-42773 | 2 Intel, Microsoft | 2 Power Gadget, Windows | 2025-08-28 | 8.8 High |
| Improper neutralization in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-45217 | 2 Intel, Microsoft | 2 Power Gadget, Windows | 2025-08-28 | 8.8 High |
| Improper access control in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||