Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows
Subscriptions
Total
8780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-49154 | 2 Microsoft, Trendmicro | 6 Windows, Apex One, Apexone Op and 3 more | 2025-10-06 | 8.7 High |
| An insecure access control vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security could allow a local attacker to overwrite key memory-mapped files which could then have severe consequences for the security and stability of affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2025-58135 | 2 Microsoft, Zoom | 9 Windows, Meeting Software Development Kit, Rooms and 6 more | 2025-10-06 | 5.3 Medium |
| Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosure of information via network access. | ||||
| CVE-2025-58134 | 2 Microsoft, Zoom | 9 Windows, Meeting Software Development Kit, Rooms and 6 more | 2025-10-06 | 4.3 Medium |
| Incorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated user to conduct an impact to integrity via network access. | ||||
| CVE-2025-61666 | 2 Microsoft, Traccar | 2 Windows, Traccar | 2025-10-06 | N/A |
| Traccar is an open source GPS tracking system. Default installs of Traccar on Windows between versions 6.1- 6.8.1 and non default installs between versions 5.8 - 6.0 are vulnerable to unauthenticated local file inclusion attacks which can lead to leakage of passwords or any file on the file system including the Traccar configuration file. Versions 5.8 - 6.0 are only vulnerable if <entry key='web.override'>./override</entry> is set in the configuration file. Versions 6.1 - 6.8.1 are vulnerable by default as the web override is enabled by default. The vulnerable code is removed in version 6.9.0. | ||||
| CVE-2025-27237 | 2 Microsoft, Zabbix | 5 Windows, Zabbix, Zabbix-agent and 2 more | 2025-10-06 | N/A |
| In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL. | ||||
| CVE-2025-23248 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2025-10-06 | 3.3 Low |
| NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability may lead to a partial denial of service. | ||||
| CVE-2025-23273 | 3 Linux, Microsoft, Nvidia | 6 Linux Kernel, Windows, Cuda Toolkit and 3 more | 2025-10-06 | 2.5 Low |
| NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvJPEG where a local authenticated user may cause a divide by zero error by submitting a specially crafted JPEG file. A successful exploit of this vulnerability may lead to denial of service. | ||||
| CVE-2025-23275 | 3 Linux, Microsoft, Nvidia | 6 Linux Kernel, Windows, Cuda Toolkit and 3 more | 2025-10-06 | 4.2 Medium |
| NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvJPEG where a local authenticated user may cause a GPU out-of-bounds write by providing certain image dimensions. A successful exploit of this vulnerability may lead to denial of service and information disclosure. | ||||
| CVE-2025-23346 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2025-10-06 | 3.3 Low |
| NVIDIA CUDA Toolkit contains a vulnerability in cuobjdump, where an unprivileged user can cause a NULL pointer dereference. A successful exploit of this vulnerability may lead to a limited denial of service. | ||||
| CVE-2025-27556 | 2 Djangoproject, Microsoft | 2 Django, Windows | 2025-10-03 | 5.8 Medium |
| An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. | ||||
| CVE-2025-23247 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2025-10-03 | 4.4 Medium |
| NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to cause the tool to crash or execute arbitrary code by passing in a malformed ELF file. A successful exploit of this vulnerability might lead to arbitrary code execution. | ||||
| CVE-2025-11020 | 3 Linux, Markany, Microsoft | 3 Linux, Safepc Enterprise, Windows | 2025-10-03 | 8.8 High |
| An attacker can obtain server information using Path Traversal vulnerability to conduct SQL Injection, which possibly exploits Unrestricted Upload of File with Dangerous Type vulnerability in MarkAny SafePC Enterprise on Windows, Linux.This issue affects SafePC Enterprise: V7.0.* (V7.0.YYYY.MM.DD) before V7.0.1, and V5.*.*. | ||||
| CVE-2025-53378 | 2 Microsoft, Trendmicro | 3 Windows, Wfbs Saas, Worry-free Business Security Services | 2025-10-03 | 7.6 High |
| A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an unauthenticated attacker to remotely take control of the agent on affected installations. Also note: this vulnerability only affected the SaaS client version of WFBSS only, meaning the on-premise version of Worry-Free Business Security was not affected, and this issue was addressed in a WFBSS monthly maintenance update. Therefore no other customer action is required to mitigate if the WFBSS agents are on the regular SaaS maintenance deployment schedule and this disclosure is for informational purposes only. | ||||
| CVE-2025-34195 | 3 Microsoft, Printerlogic, Vasion | 5 Windows, Vasion Print, Virtual Appliance and 2 more | 2025-10-02 | 9.8 Critical |
| Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application prior to 20.0.1330 (Windows client deployments) contain a remote code execution vulnerability during driver installation caused by unquoted program paths. The PrinterInstallerClient driver-installation component launches programs using an unquoted path under "C:\Program Files (x86)\Printer Properties Pro\Printer Installer". Because the path is unquoted, the operating system may execute a program located at a short-path location such as C:\Program.exe before the intended binaries in the quoted path. If an attacker can place or cause a program to exist at that location, it will be executed with the privileges of the installer process (which may be elevated), enabling arbitrary code execution and potential privilege escalation. This weakness can be used to achieve remote code execution and full compromise of affected Windows endpoints. This vulnerability has been identified by the vendor as: V-2022-006 — Driver Upload Security. | ||||
| CVE-2025-11178 | 2 Acronis, Microsoft | 2 True Image, Windows | 2025-10-02 | N/A |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42386. | ||||
| CVE-2025-23297 | 2 Microsoft, Nvidia | 2 Windows, App | 2025-10-02 | 7.8 High |
| NVIDIA Installer for NvAPP for Windows contains a vulnerability in the FrameviewSDK installation process, where an attacker with local unprivileged access could modify files in the Frameview SDK directory. A successful exploit of this vulnerability might lead to escalation of privileges. | ||||
| CVE-2025-41421 | 2 Microsoft, Teamviewer | 6 Windows, Full Client, Host and 3 more | 2025-10-02 | 4.7 Medium |
| Improper handling of symbolic links in the TeamViewer Full Client and Host for Windows — in versions prior to 15.70 of TeamViewer Remote and Tensor — allows an attacker with local, unprivileged access to a device lacking adequate malware protection to escalate privileges by spoofing the update file path. This may result in unauthorized access to sensitive information. | ||||
| CVE-2025-59050 | 3 Getgreenshot, Greenshot, Microsoft | 3 Greenshot, Greenshot, Windows | 2025-10-02 | 8.4 High |
| Greenshot is an open source Windows screenshot utility. Greenshot 1.3.300 and earlier deserializes attacker-controlled data received in a WM_COPYDATA message using BinaryFormatter.Deserialize without prior validation or authentication, allowing a local process at the same integrity level to trigger arbitrary code execution inside the Greenshot process. The vulnerable logic resides in a WinForms WndProc handler for WM_COPYDATA (message 74) that copies the supplied bytes into a MemoryStream and invokes BinaryFormatter.Deserialize, and only afterward checks whether the specified channel is authorized. Because the authorization check occurs after deserialization, any gadget chain embedded in the serialized payload executes regardless of channel membership. A local attacker who can send WM_COPYDATA to the Greenshot main window can achieve in-process code execution, which may aid evasion of application control policies by running payloads within the trusted, signed Greenshot.exe process. This issue is fixed in version 1.3.301. No known workarounds exist. | ||||
| CVE-2025-49734 | 1 Microsoft | 17 Powershell, Windows, Windows 10 and 14 more | 2025-10-02 | 7 High |
| Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-53805 | 1 Microsoft | 10 Internet Information Services, Windows, Windows 11 and 7 more | 2025-10-02 | 7.5 High |
| Out-of-bounds read in Windows Internet Information Services allows an unauthorized attacker to deny service over a network. | ||||