Search
Search Results (314234 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-59221 | 2025-10-14 | 7 High | ||
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-59223 | 2025-10-14 | 7.8 High | ||
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-59226 | 2025-10-14 | 7.8 High | ||
| Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-59227 | 2025-10-14 | 7.8 High | ||
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-59229 | 2025-10-14 | 5.5 Medium | ||
| Uncaught exception in Microsoft Office allows an unauthorized attacker to deny service locally. | ||||
| CVE-2025-59231 | 2025-10-14 | 7.8 High | ||
| Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-59233 | 2025-10-14 | 7.8 High | ||
| Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-59234 | 2025-10-14 | 7.8 High | ||
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-59235 | 2025-10-14 | 7.1 High | ||
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2025-59237 | 2025-10-14 | 8.8 High | ||
| Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||||
| CVE-2025-59244 | 2025-10-14 | 6.5 Medium | ||
| External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-59248 | 2025-10-14 | 7.5 High | ||
| Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-59253 | 2025-10-14 | 5.5 Medium | ||
| Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny service locally. | ||||
| CVE-2025-59261 | 2025-10-14 | 7 High | ||
| Time-of-check time-of-use (toctou) race condition in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59278 | 2025-10-14 | 7.8 High | ||
| Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59287 | 2025-10-14 | 9.8 Critical | ||
| Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-59289 | 2025-10-14 | 7 High | ||
| Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59295 | 2025-10-14 | 8.8 High | ||
| Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-24052 | 2025-10-14 | 7.8 High | ||
| Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update. Fax modem hardware dependent on this specific driver will no longer work on Windows. Microsoft recommends removing any existing dependencies on this hardware. | ||||
| CVE-2025-55240 | 2025-10-14 | 7.3 High | ||
| Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. | ||||