Latest CVE Feed
-
6.2
MEDIUMCVE-2025-29957
Uncontrolled resource consumption in Windows Deployment Services allows an unauthorized attacker to deny service locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: May. 13, 2025
- Modified: May. 19, 2025
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-29958
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: May. 13, 2025
- Modified: May. 19, 2025
- Vuln Type: Information Disclosure
-
7.8
HIGHCVE-2025-30383
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: May. 13, 2025
- Modified: May. 19, 2025
- Vuln Type: Memory Corruption
-
7.4
HIGHCVE-2025-30384
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.... Read more
- Published: May. 13, 2025
- Modified: May. 19, 2025
- Vuln Type: Authentication
-
7.8
HIGHCVE-2025-30385
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: May. 13, 2025
- Modified: May. 19, 2025
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2025-30386
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more
- Published: May. 13, 2025
- Modified: May. 19, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-30387
Improper limitation of a pathname to a restricted directory ('path traversal') in Azure allows an unauthorized attacker to elevate privileges over a network.... Read more
Affected Products : azure_ai_document_intelligence_studio- Published: May. 13, 2025
- Modified: May. 19, 2025
- Vuln Type: Path Traversal
-
7.8
HIGHCVE-2025-32705
Out-of-bounds read in Microsoft Office Outlook allows an unauthorized attacker to execute code locally.... Read more
- Published: May. 13, 2025
- Modified: May. 19, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-32707
Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.... Read more
- Published: May. 13, 2025
- Modified: May. 19, 2025
- Vuln Type: Memory Corruption
-
7.1
HIGHCVE-2025-21264
Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.... Read more
- Published: May. 13, 2025
- Modified: May. 19, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-24063
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: May. 13, 2025
- Modified: May. 19, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-26677
Uncontrolled resource consumption in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network.... Read more
- Published: May. 13, 2025
- Modified: May. 19, 2025
- Vuln Type: Denial of Service
-
6.7
MEDIUMCVE-2025-26684
External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : defender_for_endpoint- Published: May. 13, 2025
- Modified: May. 19, 2025
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2025-26685
Improper authentication in Microsoft Defender for Identity allows an unauthorized attacker to perform spoofing over an adjacent network.... Read more
Affected Products : defender_for_identity- Published: May. 13, 2025
- Modified: May. 19, 2025
- Vuln Type: Authentication
-
7.0
HIGHCVE-2025-27468
Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +6 more products- Published: May. 13, 2025
- Modified: May. 19, 2025
- Vuln Type: Authorization
-
6.7
MEDIUMCVE-2025-27488
Use of hard-coded credentials in Windows Hardware Lab Kit allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_20h2 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_21h1 windows_10_2004 windows_11_24h2 +13 more products- Published: May. 13, 2025
- Modified: May. 19, 2025
- Vuln Type: Authentication
-
8.8
HIGHCVE-2025-29826
Improper handling of insufficient permissions or privileges in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.... Read more
Affected Products : dataverse- Published: May. 13, 2025
- Modified: May. 19, 2025
- Vuln Type: Authorization
-
5.5
MEDIUMCVE-2025-29829
Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +4 more products- Published: May. 13, 2025
- Modified: May. 19, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-29830
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: May. 13, 2025
- Modified: May. 19, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-29831
Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.... Read more
- Published: May. 13, 2025
- Modified: May. 19, 2025
- Vuln Type: Memory Corruption