Search
Search Results (322949 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-21182 | 1 Microsoft | 3 Windows 11 24h2, Windows 11 24h2, Windows Server 2025 | 2025-12-17 | 7.4 High |
| Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability | ||||
| CVE-2025-21383 | 1 Microsoft | 10 365 Apps, Excel, Excel 2016 and 7 more | 2025-12-17 | 7.8 High |
| Microsoft Excel Information Disclosure Vulnerability | ||||
| CVE-2025-21379 | 1 Microsoft | 3 Windows 11 24h2, Windows 11 24h2, Windows Server 2025 | 2025-12-17 | 7.1 High |
| DHCP Client Service Remote Code Execution Vulnerability | ||||
| CVE-2025-21376 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2025-12-17 | 8.1 High |
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | ||||
| CVE-2025-21375 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2025-12-17 | 7.8 High |
| Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | ||||
| CVE-2025-21369 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2025-12-17 | 8.8 High |
| Microsoft Digest Authentication Remote Code Execution Vulnerability | ||||
| CVE-2025-21368 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2025-12-17 | 8.8 High |
| Microsoft Digest Authentication Remote Code Execution Vulnerability | ||||
| CVE-2025-21352 | 1 Microsoft | 17 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 14 more | 2025-12-17 | 6.5 Medium |
| Internet Connection Sharing (ICS) Denial of Service Vulnerability | ||||
| CVE-2025-21351 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2025-12-17 | 7.5 High |
| Windows Active Directory Domain Services API Denial of Service Vulnerability | ||||
| CVE-2025-21206 | 1 Microsoft | 4 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 1 more | 2025-12-17 | 7.3 High |
| Visual Studio Installer Elevation of Privilege Vulnerability | ||||
| CVE-2025-21188 | 1 Microsoft | 2 Azure Network Watcher, Azure Network Watcher Agent | 2025-12-17 | 6 Medium |
| Azure Network Watcher VM Extension Elevation of Privilege Vulnerability | ||||
| CVE-2025-68145 | 2025-12-17 | N/A | ||
| In mcp-server-git versions prior to 2025.12.17, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repo_path arguments in subsequent tool calls were actually within that configured path. This could allow tool calls to operate on other repositories accessible to the server process. The fix adds path validation that resolves both the configured repository and the requested path (following symlinks) and verifies the requested path is within the allowed repository before executing any git operations. Users are advised to upgrade to 2025.12.17 upon release to remediate this issue. | ||||
| CVE-2025-24044 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2025-12-17 | 7.8 High |
| Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-24070 | 2 Microsoft, Redhat | 4 Asp.net Core, Visual Studio 2022, Enterprise Linux and 1 more | 2025-12-17 | 7 High |
| Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-24084 | 1 Microsoft | 10 Windows 11 22h2, Windows 11 22h2, Windows 11 23h2 and 7 more | 2025-12-17 | 8.4 High |
| Untrusted pointer dereference in Windows Subsystem for Linux allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-26629 | 1 Microsoft | 3 365 Apps, Office 2024, Office Long Term Servicing Channel | 2025-12-17 | 7.8 High |
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-29795 | 1 Microsoft | 2 Edge Update, Edge Update Setup | 2025-12-17 | 7.8 High |
| Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-24053 | 1 Microsoft | 1 Dataverse | 2025-12-17 | 7.2 High |
| Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-26645 | 1 Microsoft | 28 Remote Desktop, Remote Desktop Client, Windows 10 1507 and 25 more | 2025-12-17 | 8.8 High |
| Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-26643 | 1 Microsoft | 1 Edge Chromium | 2025-12-17 | 5.4 Medium |
| The UI performs the wrong action in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | ||||