Search
Search Results (317455 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-12921 | 2025-11-10 | 4.3 Medium | ||
| A vulnerability has been found in OpenClinica Community Edition up to 3.12.2/3.13. Affected by this issue is some unknown functionality of the file /ImportCRFData?action=confirm of the component CRF Data Import. Such manipulation of the argument xml_file leads to xml injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-49736 | 2 Google, Microsoft | 2 Android, Edge | 2025-11-10 | 4.3 Medium |
| The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-49712 | 1 Microsoft | 3 Sharepoint Enterprise Server 2016, Sharepoint Server, Sharepoint Server 2010 | 2025-11-10 | 8.8 High |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||||
| CVE-2025-49707 | 1 Microsoft | 24 Azure, Azure Virtual Machine, Dcadsv5-series Azure Vm and 21 more | 2025-11-10 | 7.9 High |
| Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally. | ||||
| CVE-2025-55231 | 1 Microsoft | 9 Server, Windows, Windows Server and 6 more | 2025-11-10 | 7.5 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Storage allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-55229 | 1 Microsoft | 17 Windows, Windows 10, Windows 10 1507 and 14 more | 2025-11-10 | 5.3 Medium |
| Improper verification of cryptographic signature in Windows Certificates allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-49755 | 2 Google, Microsoft | 2 Android, Edge | 2025-11-10 | 4.3 Medium |
| User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-53787 | 1 Microsoft | 3 365, 365 Copilot, 365 Copilot Chat | 2025-11-10 | 8.2 High |
| Microsoft 365 Copilot BizChat Information Disclosure Vulnerability | ||||
| CVE-2025-53774 | 1 Microsoft | 3 365, 365 Copilot, 365 Copilot Chat | 2025-11-10 | 6.5 Medium |
| Microsoft 365 Copilot BizChat Information Disclosure Vulnerability | ||||
| CVE-2025-53767 | 1 Microsoft | 2 Azure, Azure Openai | 2025-11-10 | 10 Critical |
| Azure OpenAI Elevation of Privilege Vulnerability | ||||
| CVE-2025-53792 | 1 Microsoft | 2 Azure, Azure Portal | 2025-11-10 | 9.1 Critical |
| Azure Portal Elevation of Privilege Vulnerability | ||||
| CVE-2025-48807 | 1 Microsoft | 17 Hyper-v, Server, Windows and 14 more | 2025-11-10 | 6.7 Medium |
| Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally. | ||||
| CVE-2025-53793 | 1 Microsoft | 1 Azure Stack Hub | 2025-11-10 | 7.5 High |
| Improper authentication in Azure Stack allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-53789 | 1 Microsoft | 17 Server, Windows, Windows 10 1507 and 14 more | 2025-11-10 | 7.8 High |
| Missing authentication for critical function in Windows StateRepository API allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-53788 | 1 Microsoft | 1 Windows Subsystem For Linux | 2025-11-10 | 7 High |
| Time-of-check time-of-use (toctou) race condition in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-53784 | 1 Microsoft | 8 365, 365 Apps, Office and 5 more | 2025-11-10 | 8.4 High |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-53783 | 1 Microsoft | 6 Dynamics 365 Guides, Dynamics 365 Remote Assist, Teams and 3 more | 2025-11-10 | 7.5 High |
| Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-53779 | 1 Microsoft | 4 Server, Windows, Windows Server and 1 more | 2025-11-10 | 7.2 High |
| Relative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-53778 | 1 Microsoft | 21 Windows, Windows 10, Windows 10 1507 and 18 more | 2025-11-10 | 8.8 High |
| Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-50155 | 1 Microsoft | 19 Server, Windows, Windows 10 1507 and 16 more | 2025-11-10 | 7.8 High |
| Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | ||||