Search

Search Results (314434 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-43313 2025-10-15 5.5 Medium
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.7.7, macOS Sonoma 14.7.7, macOS Sequoia 15.6. An app may be able to access sensitive user data.
CVE-2025-43282 2025-10-15 5.5 Medium
A double free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, watchOS 11.6, tvOS 18.6, visionOS 2.6, macOS Ventura 13.7.7, macOS Sonoma 14.7.7, iPadOS 17.7.9. An app may be able to cause unexpected system termination.
CVE-2025-11021 1 Redhat 1 Enterprise Linux 2025-10-15 7.5 High
A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in unintended disclosure of memory contents, potentially exposing sensitive information from the process using libsoup.
CVE-2025-59227 2025-10-15 7.8 High
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-58724 2025-10-15 7.8 High
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
CVE-2025-47989 2025-10-15 7 High
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
CVE-2025-59228 2025-10-15 8.8 High
Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-59223 2025-10-15 7.8 High
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-55315 2025-10-15 9.9 Critical
Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.
CVE-2025-59214 2025-10-15 6.5 Medium
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-59286 1 Microsoft 3 365, 365 Copilot, 365 Copilot Chat 2025-10-15 6.5 Medium
Copilot Spoofing Vulnerability
CVE-2025-55321 1 Microsoft 1 Azure Monitor 2025-10-15 8.7 High
Improper neutralization of input during web page generation ('cross-site scripting') in Azure Monitor allows an authorized attacker to perform spoofing over a network.
CVE-2025-59272 1 Microsoft 3 365, 365 Copilot, 365 Copilot Chat 2025-10-15 6.5 Medium
Copilot Spoofing Vulnerability
CVE-2025-59271 2025-10-15 8.7 High
Redis Enterprise Elevation of Privilege Vulnerability
CVE-2025-59252 1 Microsoft 2 365, 365 Copilot 2025-10-15 6.5 Medium
M365 Copilot Spoofing Vulnerability
CVE-2025-59247 1 Microsoft 2 Azure, Azure Playfab 2025-10-15 8.8 High
Azure PlayFab Elevation of Privilege Vulnerability
CVE-2025-59246 1 Microsoft 1 Entra Id 2025-10-15 9.8 Critical
Azure Entra ID Elevation of Privilege Vulnerability
CVE-2025-59218 1 Microsoft 1 Entra Id 2025-10-15 9.6 Critical
Azure Entra ID Elevation of Privilege Vulnerability
CVE-2025-59497 2025-10-15 7 High
Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Linux allows an authorized attacker to deny service locally.
CVE-2025-59289 2025-10-15 7 High
Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.