Search
Search Results (314568 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-29504 | 1 Huang-yk | 1 Student-manage | 2025-10-15 | 7.8 High |
| Insecure Permission vulnerability in student-manage 1 allows a local attacker to escalate privileges via the Unsafe permission verification. | ||||
| CVE-2025-3398 | 1 Lenve | 1 Vblog | 2025-10-15 | 6.3 Medium |
| A vulnerability classified as critical was found in lenve VBlog up to 1.0.0. Affected by this vulnerability is the function configure of the file blogserver/src/main/java/org/sang/config/WebSecurityConfig.java. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-50173 | 1 Microsoft | 19 Windows, Windows 10 1507, Windows 10 1607 and 16 more | 2025-10-15 | 7.8 High |
| Weak authentication in Windows Installer allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-49736 | 2 Google, Microsoft | 2 Android, Edge | 2025-10-15 | 4.3 Medium |
| The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-49712 | 1 Microsoft | 3 Sharepoint Enterprise Server 2016, Sharepoint Server, Sharepoint Server 2010 | 2025-10-15 | 8.8 High |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||||
| CVE-2025-49707 | 1 Microsoft | 24 Azure, Azure Virtual Machine, Dcadsv5-series Azure Vm and 21 more | 2025-10-15 | 7.9 High |
| Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally. | ||||
| CVE-2025-55231 | 1 Microsoft | 9 Server, Windows, Windows Server and 6 more | 2025-10-15 | 7.5 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Storage allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-55229 | 1 Microsoft | 17 Windows, Windows 10, Windows 10 1507 and 14 more | 2025-10-15 | 5.3 Medium |
| Improper verification of cryptographic signature in Windows Certificates allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-49755 | 2 Google, Microsoft | 2 Android, Edge | 2025-10-15 | 4.3 Medium |
| User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-53787 | 1 Microsoft | 3 365, 365 Copilot, 365 Copilot Chat | 2025-10-15 | 8.2 High |
| Microsoft 365 Copilot BizChat Information Disclosure Vulnerability | ||||
| CVE-2025-53774 | 1 Microsoft | 3 365, 365 Copilot, 365 Copilot Chat | 2025-10-15 | 6.5 Medium |
| Microsoft 365 Copilot BizChat Information Disclosure Vulnerability | ||||
| CVE-2025-53767 | 1 Microsoft | 2 Azure, Azure Openai | 2025-10-15 | 10 Critical |
| Azure OpenAI Elevation of Privilege Vulnerability | ||||
| CVE-2025-53792 | 1 Microsoft | 2 Azure, Azure Portal | 2025-10-15 | 9.1 Critical |
| Azure Portal Elevation of Privilege Vulnerability | ||||
| CVE-2025-48807 | 1 Microsoft | 17 Hyper-v, Server, Windows and 14 more | 2025-10-15 | 6.7 Medium |
| Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally. | ||||
| CVE-2025-53793 | 1 Microsoft | 1 Azure Stack Hub | 2025-10-15 | 7.5 High |
| Improper authentication in Azure Stack allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-53789 | 1 Microsoft | 17 Server, Windows, Windows 10 1507 and 14 more | 2025-10-15 | 7.8 High |
| Missing authentication for critical function in Windows StateRepository API allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-53788 | 1 Microsoft | 1 Windows Subsystem For Linux | 2025-10-15 | 7 High |
| Time-of-check time-of-use (toctou) race condition in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-53784 | 1 Microsoft | 8 365, 365 Apps, Office and 5 more | 2025-10-15 | 8.4 High |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-53783 | 1 Microsoft | 6 Dynamics 365 Guides, Dynamics 365 Remote Assist, Teams and 3 more | 2025-10-15 | 7.5 High |
| Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-53779 | 1 Microsoft | 4 Server, Windows, Windows Server and 1 more | 2025-10-15 | 7.2 High |
| Relative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges over a network. | ||||