Search
Search Results (310219 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54918 | 1 Microsoft | 5 Windows, Windows 10, Windows 11 and 2 more | 2025-09-16 | 8.8 High |
| Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-54916 | 2025-09-16 | 7.8 High | ||
| Stack-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally. | ||||
| CVE-2025-54913 | 2025-09-16 | 7.8 High | ||
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows UI XAML Maps MapControlSettings allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54908 | 1 Microsoft | 7 365 Apps, Apps, Office and 4 more | 2025-09-16 | 7.8 High |
| Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-54907 | 1 Microsoft | 8 365, 365 Apps, Office and 5 more | 2025-09-16 | 7.8 High |
| Heap-based buffer overflow in Microsoft Office Visio allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-54906 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-09-16 | 7.8 High |
| Free of memory not on the heap in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-54905 | 1 Microsoft | 6 365 Apps, Office, Office Long Term Servicing Channel and 3 more | 2025-09-16 | 7.1 High |
| Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2025-54904 | 1 Microsoft | 13 365, 365 Apps, Excel and 10 more | 2025-09-16 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-54903 | 1 Microsoft | 13 365, 365 Apps, Excel and 10 more | 2025-09-16 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-54902 | 1 Microsoft | 11 365, 365 Apps, Excel and 8 more | 2025-09-16 | 7.8 High |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-54899 | 1 Microsoft | 12 365, 365 Apps, Excel and 9 more | 2025-09-16 | 7.8 High |
| Free of memory not on the heap in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-54898 | 1 Microsoft | 12 365, 365 Apps, Excel and 9 more | 2025-09-16 | 7.8 High |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-54897 | 1 Microsoft | 1 Sharepoint Server | 2025-09-16 | 8.8 High |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||||
| CVE-2025-54896 | 1 Microsoft | 12 365, 365 Apps, Excel and 9 more | 2025-09-16 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-54895 | 1 Microsoft | 5 Windows, Windows 10, Windows 11 and 2 more | 2025-09-16 | 7.8 High |
| Integer overflow or wraparound in Windows SPNEGO Extended Negotiation allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54894 | 2025-09-16 | 7.8 High | ||
| Local Security Authority Subsystem Service Elevation of Privilege Vulnerability | ||||
| CVE-2025-54111 | 2025-09-16 | 7.8 High | ||
| Use after free in Windows UI XAML Phone DatePickerFlyout allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54110 | 2025-09-16 | 8.8 High | ||
| Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54106 | 2025-09-16 | 8.8 High | ||
| Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-54102 | 2025-09-16 | 7.8 High | ||
| Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. | ||||