22096 matches found
Office Developer Platform Security Feature Bypass Vulnerability
Use of a broken or risky cryptographic algorithm in Office Developer Platform allows an authorized attacker to bypass a security feature locally...
Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability
Use after free in Windows KDC Proxy Service KPSSVC allows an unauthorized attacker to execute code over a network...
Windows Notification Elevation of Privilege Vulnerability
Use after free in Windows Notification allows an authorized attacker to elevate privileges locally...
Windows StateRepository API Server file Tampering Vulnerability
Missing authorization in Windows StateRepository API allows an authorized attacker to perform tampering locally...
Microsoft SQL Server Information Disclosure Vulnerability
Improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network...
GitHub: CVE-2025-48384 Git Symlink Vulnerability
CVE-2025-48384 is regarding a vulnerability in Git where when reading a config value, Git strips any trailing carriage return and line feed CRLF. When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a...
GitHub: CVE-2025-46334 Git Malicious Shell Vulnerability
CVE-2025-46334 is regarding a vulnerability in Git GUI Windows only where a malicious repository can ship versions of sh.exe or typical textconv filter programs such as astextplain. On Windows, path lookup can find such executables in the worktree. These programs are invoked when the user selects...
GitHub: CVE-2025-27614 Gitk Arbitrary Code Execution Vulnerability
CVE-2025-27614 is regarding a vulnerability in Gitk where a Git repository can be crafted in such a way that a user who has cloned the repository can be tricked into running any script supplied by the attacker by invoking gitk filename, where filename has a particular structure. GitHub created th...
Microsoft SQL Server Remote Code Execution Vulnerability
Heap-based buffer overflow in SQL Server allows an authorized attacker to execute code over a network...
Microsoft Excel Remote Code Execution Vulnerability
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally...
Microsoft Office Elevation of Privilege Vulnerability
Deserialization of untrusted data in Microsoft Office allows an unauthorized attacker to elevate privileges locally...
Microsoft Brokering File System Elevation of Privilege Vulnerability
Null pointer dereference in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally...
Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability
Integer overflow or wraparound in Virtual Hard Disk VHDX allows an unauthorized attacker to elevate privileges locally...
Windows Input Method Editor (IME) Elevation of Privilege Vulnerability
Out-of-bounds read in Microsoft Input Method Editor IME allows an authorized attacker to elevate privileges locally...
Windows TCP/IP Driver Elevation of Privilege Vulnerability
Null pointer dereference in Windows TCP/IP allows an authorized attacker to elevate privileges locally...
Microsoft Brokering File System Elevation of Privilege Vulnerability
Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally...
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to disclose information over a network...
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...
Windows Transport Driver Interface (TDI) Translation Driver Information Disclosure Vulnerability
Out-of-bounds read in Windows TDX.sys allows an authorized attacker to disclose information locally...
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...
Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally...
Universal Print Management Service Elevation of Privilege Vulnerability
Use after free in Universal Print Management Service allows an authorized attacker to elevate privileges locally...
Windows Input Method Editor (IME) Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization 'race condition' in Microsoft Input Method Editor IME allows an authorized attacker to elevate privileges over a network...
Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability
Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally...
Azure Service Fabric Runtime Elevation of Privilege Vulnerability
Improper link resolution before file access 'link following' in Service Fabric allows an authorized attacker to elevate privileges locally...
Windows Virtualization-Based Security (VBS) Elevation of Privilege Vulnerability
Protection mechanism failure in Windows Virtualization-Based Security VBS Enclave allows an authorized attacker to elevate privileges locally...
AMD: CVE-2025-36357 Transient Scheduler Attack in L1 Data Queue
The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protecti...
AMD: CVE-2024-36350 Transient Scheduler Attack in Store Queue
The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protecti...
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Access of resource using incompatible type 'type confusion' in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
Chromium: CVE-2025-6554 Type Confusion in V8
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. Google is aware that an exploit for CVE-2025-6554 exists in the wild...
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
No cwe for this issue in Microsoft Edge Chromium-based allows an unauthorized attacker to disclose information over a network...
Chromium: CVE-2025-6557 Insufficient data validation in DevTools
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2025-6556 Insufficient policy enforcement in Loader
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2025-6555 Use after free in Animation
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Microsoft Edge (Chromium-based) Spoofing Vulnerability
No cwe for this issue in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Improper input validation in Microsoft Edge Chromium-based allows an authorized attacker to bypass a security feature locally...
Microsoft Edge (Chromium-based) Spoofing Vulnerability
...
Vulnerability in the MySQL Server product of Oracle MySQL
...
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
...
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
...
Vulnerability in the MySQL Server product of Oracle MySQL
...
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
...
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
...
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).
...
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB)
...
Vulnerability in the MySQL Server product of Oracle MySQL
...
Vulnerability in the MySQL Server product of Oracle MySQL
...
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
...