CVE-2025-29831

Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network...

CVE-2025-32705

Out-of-bounds read in Microsoft Office Outlook allows an unauthorized attacker to execute code locally...

CVE-2025-32704

Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

CVE-2025-30388

Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally...

CVE-2025-30378

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally...

CVE-2025-29962

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network...

CVE-2025-29840

Stack-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network...

CVE-2025-29967

Technical details about CVE-2025-29967 are not provided in the connected documents. Public details in the initial description exist, but no accompanying technical specifics (affected versions, root cause, exploit info, or remediation) are available here. Monitor for updates.

Microsoft Excel Remote Code Execution Vulnerability

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

Scripting Engine Memory Corruption Vulnerability

Access of resource using incompatible type 'type confusion' in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network...

Microsoft SharePoint Server Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally...

PT-2025-20999 · Microsoft · Office Excel

Name of the Vulnerable Software and Affected Versions: Microsoft Office Excel affected versions not specified Description: The issue is related to a use after free condition in Microsoft Office Excel, allowing an unauthorized attacker to execute code locally. This poses a threat to data and...

PT-2025-20979 · Microsoft · Office Excel

Name of the Vulnerable Software and Affected Versions: Microsoft Office Excel affected versions not specified Description: The issue is related to a use-after-free flaw in Microsoft Office Excel, allowing an unauthorized attacker to execute code locally. This can enable remote attackers to execut...

PT-2025-21004 · Microsoft · Visual Studio

Name of the Vulnerable Software and Affected Versions: Visual Studio versions prior to 17.13.3 Description: The issue is related to improper neutralization of special elements used in a command, allowing an unauthorized attacker to execute code locally. This is a command injection vulnerability i...

PT-2025-20992 · Microsoft · Sharepoint Server

Name of the Vulnerable Software and Affected Versions: Microsoft Office SharePoint affected versions not specified Description: The issue concerns the deserialization of untrusted data in Microsoft Office SharePoint, allowing an unauthorized attacker to execute code locally. This enables remote...

PT-2025-21001

Name of the Vulnerable Software and Affected Versions Microsoft Scripting Engine affected versions not specified Description The issue is related to a type confusion vulnerability in the Microsoft Scripting Engine, which allows an unauthorized attacker to execute code over a network. This can be...

CVE-2025-30397

Access of resource using incompatible type ‘type confusion’ in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

KB5058387: Windows 10 LTS 1507 Security Update (May 2025)

The remote Windows host is missing security update 5058387. It is, therefore, affected by multiple vulnerabilities - Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. CVE-2025-29967 - Use of uninitialized resource in Windo...

CVE-2025-33074

Improper verification of cryptographic signature in Microsoft Azure Functions allows an authorized attacker to execute code over a network...

Siemens TeleControl Server Basic SQL Injection Vulnerability (CNVD-2025-08610)

Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from an SQL injection vulnerability that originates from an internal method, UnlockGateway, which can be exploited by an attacker to bypass authorization controls an...