Filtered by vendor Microsoft
Subscriptions
Total
21906 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-4044 | 2 Lexmark, Microsoft | 2 Universal Print Driver, Windows | 2025-08-21 | 8.2 High |
| Improper Restriction of XML External Entity Reference in various Lexmark printer drivers for Windows allows attacker to disclose sensitive information to an arbitrary URL. | ||||
| CVE-2025-9074 | 2 Docker, Microsoft | 2 Desktop, Windows | 2025-08-21 | N/A |
| A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation (ECI) enabled, and with or without the "Expose daemon on tcp://localhost:2375 without TLS" option enabled. This can lead to execution of a wide range of privileged commands to the engine API, including controlling other containers, creating new ones, managing images etc. In some circumstances (e.g. Docker Desktop for Windows with WSL backend) it also allows mounting the host drive with the same privileges as the user running Docker Desktop. | ||||
| CVE-2025-6182 | 2 Microsoft, Strongdm | 2 Windows, Sdm-cli | 2025-08-21 | N/A |
| The StrongDM Windows service incorrectly handled communication related to system certificate management. Attackers could exploit this behavior to install untrusted root certificates or remove trusted ones. | ||||
| CVE-2025-6181 | 2 Microsoft, Strongdm | 2 Windows, Sdm-cli | 2025-08-21 | N/A |
| The StrongDM Windows service incorrectly handled input validation. Authenticated attackers could potentially exploit this leading to privilege escalation. | ||||
| CVE-2025-24789 | 2 Microsoft, Snowflake | 2 Windows, Snowflake Jdbc | 2025-08-20 | 7.8 High |
| Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. When the EXTERNALBROWSER authentication method is used on Windows, an attacker with write access to a directory in the %PATH% can escalate their privileges to the user that runs the vulnerable JDBC Driver version. This vulnerability affects versions 3.2.3 through 3.21.0 on Windows. Snowflake fixed the issue in version 3.22.0. | ||||
| CVE-2025-33104 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2025-08-20 | 4.4 Medium |
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2021-27081 | 1 Microsoft | 2 Eslint, Visual Studio Code Eslint Extension | 2025-08-20 | 7.8 High |
| Visual Studio Code ESLint Extension Remote Code Execution Vulnerability | ||||
| CVE-2020-1481 | 1 Microsoft | 1 Eslint | 2025-08-20 | 8.8 High |
| A remote code execution vulnerability exists in the ESLint extension for Visual Studio Code when it validates source code after opening a project, aka 'Visual Studio Code ESLint Extention Remote Code Execution Vulnerability'. | ||||
| CVE-2021-42287 | 1 Microsoft | 10 Windows Server 2004, Windows Server 2008, Windows Server 2008 R2 and 7 more | 2025-08-20 | 7.5 High |
| Active Directory Domain Services Elevation of Privilege Vulnerability | ||||
| CVE-2022-41049 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-08-20 | 5.4 Medium |
| Windows Mark of the Web Security Feature Bypass Vulnerability | ||||
| CVE-2025-33053 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-08-20 | 8.8 High |
| External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-5419 | 2 Google, Microsoft | 2 Chrome, Edge Chromium | 2025-08-20 | 8.8 High |
| Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-1992 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2025-08-20 | 5.3 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user in federation environment, to cause a denial of service due to insufficient release of allocated memory after usage. | ||||
| CVE-2024-52896 | 3 Ibm, Linux, Microsoft | 4 Linux On Ibm Z, Mq, Linux Kernel and 1 more | 2025-08-19 | 6.2 Medium |
| IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. | ||||
| CVE-2024-52897 | 3 Ibm, Linux, Microsoft | 4 Linux On Ibm Z, Mq, Linux Kernel and 1 more | 2025-08-19 | 6.2 Medium |
| IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. | ||||
| CVE-2025-23084 | 2 Microsoft, Nodejs | 2 Windows, Node.js | 2025-08-19 | 5.5 Medium |
| A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory. On Windows, a path that does not start with the file separator is treated as relative to the current directory. This vulnerability affects Windows users of `path.join` API. | ||||
| CVE-2025-7361 | 2 Microsoft, Ni | 2 Windows, Labview | 2025-08-19 | 7.8 High |
| A code injection vulnerability due to an improper initialization check exists in NI LabVIEW that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI using a CIN node. This vulnerability affects 32-bit NI LabVIEW 2025 Q1 and prior versions. LabVIEW 64-bit versions do not support CIN nodes and are not affected. | ||||
| CVE-2024-38320 | 6 Apple, Hp, Ibm and 3 more | 10 Macos, Hp-ux, Aix and 7 more | 2025-08-18 | 5.9 Medium |
| IBM Storage Protect for Virtual Environments: Data Protection for VMware and Storage Protect Backup-Archive Client 8.1.0.0 through 8.1.23.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | ||||
| CVE-2025-33142 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2025-08-18 | 5.3 Medium |
| IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections. | ||||
| CVE-2025-49716 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2025-08-18 | 7.5 High |
| Uncontrolled resource consumption in Windows Netlogon allows an unauthorized attacker to deny service over a network. | ||||