Filtered by vendor Microsoft
Subscriptions
Total
23035 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-55678 | 1 Microsoft | 30 Directx, Windows, Windows 10 and 27 more | 2026-01-07 | 7 High |
| Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55680 | 1 Microsoft | 22 Windows, Windows 10, Windows 10 1809 and 19 more | 2026-01-07 | 7.8 High |
| Time-of-check time-of-use (toctou) race condition in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-58724 | 1 Microsoft | 6 Arc Enabled Servers Azure Connected Machine Agent, Azure, Azure Agent and 3 more | 2026-01-07 | 7.8 High |
| Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-58726 | 1 Microsoft | 30 Windows, Windows 10, Windows 10 1507 and 27 more | 2026-01-07 | 7.5 High |
| Improper access control in Windows SMB Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-58737 | 1 Microsoft | 11 Remote Desktop, Windows, Windows Server and 8 more | 2026-01-07 | 7 High |
| Use after free in Windows Remote Desktop allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-59221 | 1 Microsoft | 15 365, 365 Apps, Office and 12 more | 2026-01-07 | 7 High |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-59222 | 1 Microsoft | 15 365, 365 Apps, Office and 12 more | 2026-01-07 | 7.8 High |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-59223 | 1 Microsoft | 13 365, 365 Apps, Excel and 10 more | 2026-01-07 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-59225 | 1 Microsoft | 12 365, 365 Apps, Excel and 9 more | 2026-01-07 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-55311 | 3 Apple, Foxit, Microsoft | 4 Macos, Pdf Editor, Pdf Reader and 1 more | 2026-01-07 | 6.5 Medium |
| An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can use JavaScript to alter annotation content and subsequently clear the file's modification status via JavaScript interfaces. This circumvents digital signature verification by hiding document modifications, allowing an attacker to mislead users about the document's integrity and compromise the trustworthiness of signed PDFs. | ||||
| CVE-2025-67703 | 3 Esri, Linux, Microsoft | 4 Arcgis Server, Linux, Linux Kernel and 1 more | 2026-01-06 | 6.1 Medium |
| There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser. | ||||
| CVE-2025-67704 | 3 Esri, Linux, Microsoft | 4 Arcgis Server, Linux, Linux Kernel and 1 more | 2026-01-06 | 6.1 Medium |
| There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser. | ||||
| CVE-2025-67705 | 3 Esri, Linux, Microsoft | 4 Arcgis Server, Linux, Linux Kernel and 1 more | 2026-01-06 | 6.1 Medium |
| There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser. | ||||
| CVE-2025-67706 | 3 Esri, Linux, Microsoft | 4 Arcgis Server, Linux, Linux Kernel and 1 more | 2026-01-06 | 5.6 Medium |
| ArcGIS Server version 11.5 and earlier on Windows and Linux does not properly validate uploaded files file, which allows remote attackers to upload arbitrary files. | ||||
| CVE-2025-67707 | 3 Esri, Linux, Microsoft | 4 Arcgis Server, Linux, Linux Kernel and 1 more | 2026-01-06 | 5.6 Medium |
| ArcGIS Server version 11.5 and earlier on Windows and Linux does not properly validate uploaded files file, which allows remote attackers to upload arbitrary files. | ||||
| CVE-2025-67708 | 3 Esri, Linux, Microsoft | 4 Arcgis Server, Linux, Linux Kernel and 1 more | 2026-01-06 | 6.1 Medium |
| There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser. | ||||
| CVE-2025-67709 | 3 Esri, Linux, Microsoft | 4 Arcgis Server, Linux, Linux Kernel and 1 more | 2026-01-06 | 6.1 Medium |
| There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser. | ||||
| CVE-2025-67710 | 3 Esri, Linux, Microsoft | 4 Arcgis Server, Linux, Linux Kernel and 1 more | 2026-01-06 | 6.1 Medium |
| There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser. | ||||
| CVE-2025-67711 | 3 Esri, Linux, Microsoft | 4 Arcgis Server, Linux, Linux Kernel and 1 more | 2026-01-06 | 6.1 Medium |
| There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser. | ||||
| CVE-2025-68120 | 2 Go, Microsoft | 2 Go, Visual Studio Code | 2026-01-06 | 5.4 Medium |
| To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode. | ||||