CVE-2025-7254

IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the...

CVE-2025-53770

Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this...

Microsoft SharePoint Deserialization of Untrusted Data Vulnerability

Microsoft SharePoint Server on-premises contains a deserialization of untrusted data vulnerability that could allow an unauthorized attacker to execute code over a network. This vulnerability could be chained with CVE-2025-53771. CVE-2025-53770 is a patch bypass for CVE-2025-49704, and the update...

Security Updates for Microsoft SharePoint Server 2019

The Microsoft SharePoint Server 2019 installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - Improper limitation of a pathname to a restricted directory 'path traversal' in Microsoft Office SharePoint allows an authorized attacker to...

CVE-2025-49670

Heap-based buffer overflow in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...

CVE-2025-49753

Heap-based buffer overflow in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...

CVE-2025-49714

Trust boundary violation in Visual Studio Code - Python extension allows an unauthorized attacker to execute code locally...

CVE-2025-49657

Heap-based buffer overflow in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...

CVE-2025-49735

Use after free in Windows KDC Proxy Service KPSSVC allows an unauthorized attacker to execute code over a network...

CVE-2025-49714

Trust boundary violation in Visual Studio Code - Python extension allows an unauthorized attacker to execute code locally...

CVE-2025-49714

Trust boundary violation in Visual Studio Code - Python extension allows an unauthorized attacker to execute code locally...

CVE-2025-49691

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over an adjacent network...

CVE-2025-49729

Technical details about CVE-2025-49729 are not provided in the connected documents. The initial description notes a heap-based buffer overflow in RRAS that could enable remote code execution, but no affected product/version specifics or mitigations are included.

CVE-2025-49714

CVE-2025-49714 involves the Visual Studio Code Python Extension. The connected sources describe a trust boundary violation that can let an unauthorized attacker execute code locally, effectively a remote code execution scenario through the Python extension. The vulnerability is tied to Visual Stu...

CVE-2025-49700

CVE-2025-49700 is a Microsoft Word remote code execution vulnerability caused by a use-after-free in Word. Affected product: Microsoft Word (Office). Impact: local code execution with_high_ impact as per Microsoft’s CVSS (AV:L, AC:L, PR:N, UI:R, C:H/I:H/A:H). Remediation: Microsoft has released s...

CVE-2025-49697

CVE-2025-49697 is a Microsoft Office remote code execution vulnerability. The issue is described as a heap-based buffer overflow in Office that allows an attacker with local access to run arbitrary code on a vulnerable system, with no user interaction required (local access, no UI). Publicly avai...

Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability

Use after free in Windows KDC Proxy Service KPSSVC allows an unauthorized attacker to execute code over a network...

PT-2025-28596

Name of the Vulnerable Software and Affected Versions: Microsoft Office affected versions not specified Description: The issue is related to a use after free condition in Microsoft Office, which enables an unauthorized attacker to execute code locally. Recommendations: At the moment, there is no...

PT-2025-28567 · Microsoft · Windows Routing/Remote Access Service +1

Name of the Vulnerable Software and Affected Versions: Windows Routing and Remote Access Service RRAS affected versions not specified Description: A heap-based buffer overflow issue in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...

PT-2025-28561 · Microsoft · Windows Routing/Remote Access Service +1

Name of the Vulnerable Software and Affected Versions: Windows Routing and Remote Access Service RRAS affected versions not specified Description: A heap-based buffer overflow issue in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...