Lucene search
K

21727 matches found

Microsoft CVE
Microsoft CVE
•added 2025/10/14 2:0 p.m.•7 views

Windows Agere Modem Driver Elevation of Privilege Vulnerability

Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update. Fax modem hardware depende...

7.8CVSS6.9AI score0.02313EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/14 2:0 p.m.•4 views

Windows Agere Modem Driver Elevation of Privilege Vulnerability

Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update. Fax modem hardware depende...

7.8CVSS6.9AI score0.05793EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/14 2:0 p.m.•8 views

ASP.NET Security Feature Bypass Vulnerability

Inconsistent interpretation of http requests 'http request/response smuggling' in ASP.NET Core allows an authorized attacker to bypass a security feature over a network...

9.9CVSS6.9AI score0.66258EPSS
Exploits5
Microsoft CVE
Microsoft CVE
•added 2025/10/14 2:0 p.m.•4 views

.NET Elevation of Privilege Vulnerability

Improper link resolution before file access 'link following' in .NET allows an authorized attacker to elevate privileges locally...

7.3CVSS6.9AI score0.00564EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/14 2:0 p.m.•2 views

Microsoft Exchange Server Elevation of Privilege Vulnerability

Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally...

8.4CVSS7AI score0.00325EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/14 2:0 p.m.•6 views

Windows Device Association Broker Service Elevation of Privilege Vulnerability

Use after free in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally...

7CVSS7.1AI score0.00313EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/14 2:0 p.m.•5 views

Microsoft Brokering File System Elevation of Privilege Vulnerability

Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally...

7.4CVSS7AI score0.01783EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/14 2:0 p.m.•7 views

Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability

Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally...

7CVSS6.9AI score0.00502EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/14 2:0 p.m.•8 views

Microsoft SharePoint Remote Code Execution Vulnerability

Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...

8.8CVSS7.3AI score0.01243EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/13 2:0 p.m.•14 views

AMD CVE-2025-0033: RMP Corruption During SNP Initialization

Microsoft is aware of AMD-SB-3020 | CVE-2025-0033 disclosed by AMD on October 13, 2025. CVE-2025-0033 is a vulnerability in AMD EPYC processors using Secure Encrypted Virtualization – Secure Nested Paging SEV-SNP. It involves a race condition during Reverse Map Table RMP initialization that could...

8.2CVSS6.7AI score0.00194EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/12 1:1 a.m.•3 views

s390/uv: Don't call folio_wait_writeback() without a folio reference

...

5.5CVSS7AI score0.00225EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/12 1:1 a.m.•2 views

media: mediatek: vcodec: Handle invalid decoder vsi

...

5.5CVSS7AI score0.00225EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/12 1:1 a.m.•7 views

There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`.

...

6.9CVSS7AI score0.01415EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/10/11 8:2 a.m.•4 views

GNU Binutils Linker elflink.c bfd_elf_gc_record_vtentry out-of-bounds

...

5.5CVSS7AI score0.00184EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/10/11 8:2 a.m.•7 views

GNU Binutils Linker elflink.c get_link_hash_entry out-of-bounds

...

5.5CVSS7AI score0.00184EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/10/11 8:1 a.m.•3 views

iommu/amd/pgtbl: Fix possible race while increase page table level

...

5.8CVSS7AI score0.00098EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/11 1:3 a.m.•6 views

Elasticsearch Insertion of sensitive information in log file

...

5.7CVSS7AI score0.00225EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/11 1:2 a.m.•7 views

GNU Binutils Linker elflink.c elf_link_add_object_symbols out-of-bounds

...

5.5CVSS7AI score0.00199EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/10/11 1:2 a.m.•3 views

GNU Binutils Linker elf64-x86-64.c elf_x86_64_relocate_section heap-based overflow

...

5.5CVSS7AI score0.00215EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/10/11 1:1 a.m.•4 views

net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE

...

5.5CVSS7AI score0.0021EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/11 1:1 a.m.•3 views

net/mlx5e: SHAMPO, Fix incorrect page release

...

5.5CVSS7AI score0.0022EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/11 1:1 a.m.•4 views

nvmet: always initialize cqe.result

...

5.5CVSS7AI score0.00256EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/11 1:1 a.m.•5 views

bluetooth/l2cap: sync sock recv cb and release

...

5.5CVSS7AI score0.00212EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/10 2:35 p.m.•9 views

io_uring/tctx: work around xa_store() allocation error issue

...

5.5CVSS7AI score0.00231EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/10 2:35 p.m.•6 views

f2fs: fix to drop all discards after creating snapshot on lvm device

...

5.5CVSS7AI score0.00212EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/10 2:35 p.m.•10 views

mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable()

...

5.5CVSS7AI score0.00209EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/10 2:35 p.m.•4 views

net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx()

...

5.5CVSS7AI score0.00241EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/10 2:35 p.m.•6 views

media: mediatek: vcodec: Only free buffer VA that is not NULL

...

5.5CVSS7AI score0.00241EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/10 8:37 a.m.•6 views

Redis is vulnerable to DoS via specially crafted LUA scripts

...

7.1CVSS7AI score0.01023EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/10 8:37 a.m.•5 views

Redis: Authenticated users can execute LUA scripts as a different user

...

7.3CVSS7AI score0.00701EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/10 8:36 a.m.•4 views

Lua library commands may lead to integer overflow and potential RCE

...

8.8CVSS7AI score0.03692EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/10/10 8:2 a.m.•5 views

wifi: mac80211: increase scan_ies_len for S1G

...

7.8CVSS7AI score0.0014EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/10 8:2 a.m.•3 views

tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect().

...

7.8CVSS7AI score0.00141EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/10 8:2 a.m.•3 views

ZIP64 End of Central Directory (EOCD) Locator record offset not checked

...

4.3CVSS7AI score0.00345EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/10 1:2 a.m.•6 views

iommu/s390: Make attach succeed when the device was surprise removed

...

7.8CVSS7AI score0.00131EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/10 1:1 a.m.•6 views

bpf: Call free_htab_elem() after htab_unlock_bucket()

...

5.5CVSS7AI score0.00213EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/10 1:1 a.m.•3 views

erofs: handle NONHEAD !delta[1] lclusters gracefully

...

5.5CVSS7AI score0.00203EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/10 1:1 a.m.•5 views

f2fs: fix to account dirty data in __get_secs_required()

...

5.5CVSS7AI score0.00216EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/10 1:1 a.m.•4 views

KVM: arm64: Don't retire aborted MMIO instruction

...

5.5CVSS7AI score0.00217EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/10 1:1 a.m.•3 views

KVM: arm64: Get rid of userspace_irqchip_in_use

...

5.5CVSS7AI score0.00213EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/09 11:8 p.m.•12 views

Chromium: CVE-2025-11460 Use after free in Storage

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8CVSS6.4AI score0.00283EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/10/09 11:8 p.m.•7 views

Chromium: CVE-2025-11458 Heap buffer overflow in Sync

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.1CVSS6.4AI score0.0025EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/09 2:0 p.m.•8 views

Copilot Information Disclosure Vulnerability

Improper neutralization of special elements used in a command 'command injection' in Copilot allows an unauthorized attacker to disclose information over a network...

9.3CVSS8.8AI score0.00521EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/09 2:0 p.m.•8 views

Copilot Information Disclosure Vulnerability

Improper neutralization of special elements used in a command 'command injection' in Copilot allows an unauthorized attacker to perform information disclosure locally...

9.3CVSS8.7AI score0.00517EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/09 2:0 p.m.•4 views

M365 Copilot Information Disclosure Vulnerability

Improper neutralization of special elements used in a command 'command injection' in Copilot allows an unauthorized attacker to disclose information over a network...

9.3CVSS8.8AI score0.00521EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/09 2:0 p.m.•6 views

Azure Monitor Log Analytics Spoofing Vulnerability

Improper neutralization of input during web page generation 'cross-site scripting' in Azure Monitor allows an unauthorized attacker to perform spoofing over a network...

9.3CVSS6.6AI score0.00404EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/09 2:0 p.m.•16 views

Azure Entra ID Elevation of Privilege Vulnerability

Azure Entra ID Elevation of Privilege Vulnerability...

9.8CVSS7AI score0.06944EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/09 2:0 p.m.•5 views

Azure Entra ID Elevation of Privilege Vulnerability

Azure Entra ID Elevation of Privilege Vulnerability...

9.6CVSS7AI score0.00601EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/09 2:0 p.m.•9 views

Redis Enterprise Elevation of Privilege Vulnerability

...

8.7CVSS7AI score0.006EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/09 2:0 p.m.•8 views

Azure PlayFab Elevation of Privilege Vulnerability

...

9.8CVSS7AI score0.01385EPSS
Exploits0
Total number of security vulnerabilities21727