Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows
Subscriptions
Total
9105 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-62225 | 2 Microsoft, Sony | 2 Windows, Optical Disc Archive Software | 2025-11-06 | N/A |
| Optical Disc Archive Software provided by Sony Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege. | ||||
| CVE-2025-23358 | 2 Microsoft, Nvidia | 2 Windows, App | 2025-11-06 | 8.2 High |
| NVIDIA NVApp for Windows contains a vulnerability in the installer, where a local attacker can cause a search path element issue. A successful exploit of this vulnerability might lead to code execution and escalation of privileges. | ||||
| CVE-2025-59596 | 2 Absolute, Microsoft | 2 Secure Access, Windows | 2025-11-06 | N/A |
| CVE-2025-59596 is a denial-of-service vulnerability in Secure Access Windows client versions 12.0 to 14.10 that is addressed in version 14.12. If a local networking policy is active, attackers on an adjacent network may be able to send a crafted packet and cause the client system to crash. | ||||
| CVE-2025-64151 | 2 Microsoft, Roboticsware | 5 Windows, Ba-panel6, Fa-panel6 and 2 more | 2025-11-06 | N/A |
| Multiple Roboticsware products provided by Roboticsware PTE. LTD. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege. | ||||
| CVE-2025-33131 | 3 Ibm, Linux, Microsoft | 6 Aix, Db2 High Performance Unload, Db2 High Performance Unload Load and 3 more | 2025-11-06 | 6.5 Medium |
| IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, and 5.1 could allow an authenticated user to cause the program to crash due to a buffer being overwritten when it is allocated on the stack. | ||||
| CVE-2025-33132 | 3 Ibm, Linux, Microsoft | 6 Aix, Db2 High Performance Unload, Db2 High Performance Unload Load and 3 more | 2025-11-06 | 6.5 Medium |
| IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, and 5.1 could allow an authenticated user to cause the program to crash due to the incorrect calculation of the size of the data that is being pointed to. | ||||
| CVE-2025-33133 | 3 Ibm, Linux, Microsoft | 6 Aix, Db2 High Performance Unload, Db2 High Performance Unload Load and 3 more | 2025-11-06 | 6.5 Medium |
| IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, and 5.1 could allow an authenticated user to cause the program to crash due an out of bounds write. | ||||
| CVE-2019-15752 | 3 Apache, Docker, Microsoft | 3 Geode, Docker, Windows | 2025-11-06 | 7.8 High |
| Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command. | ||||
| CVE-2025-41244 | 4 Debian, Linux, Microsoft and 1 more | 10 Debian Linux, Linux Kernel, Windows and 7 more | 2025-11-06 | 7.8 High |
| VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM. | ||||
| CVE-2025-33126 | 3 Ibm, Linux, Microsoft | 6 Aix, Db2 High Performance Unload, Db2 High Performance Unload Load and 3 more | 2025-11-05 | 6.5 Medium |
| IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, 5.1, 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, 5.1, 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, 5.1, 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, and 5.1 could allow an authenticated user to cause the program to crash due to the incorrect calculation of a buffer size. | ||||
| CVE-2025-23084 | 2 Microsoft, Nodejs | 2 Windows, Node.js | 2025-11-04 | 5.5 Medium |
| A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory. On Windows, a path that does not start with the file separator is treated as relative to the current directory. This vulnerability affects Windows users of `path.join` API. | ||||
| CVE-2024-43394 | 2 Apache, Microsoft | 3 Apache Http Server, Http Server, Windows | 2025-11-04 | 7.5 High |
| Server-Side Request Forgery (SSRF) in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via mod_rewrite or apache expressions that pass unvalidated request input. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.63. Note: The Apache HTTP Server Project will be setting a higher bar for accepting vulnerability reports regarding SSRF via UNC paths. The server offers limited protection against administrators directing the server to open UNC paths. Windows servers should limit the hosts they will connect over via SMB based on the nature of NTLM authentication. | ||||
| CVE-2023-44336 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2025-11-04 | 7.8 High |
| Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-24749 | 2 Geoserver, Microsoft | 2 Geoserver, Windows | 2025-11-04 | 7.5 High |
| GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCache ByteStreamController class and read arbitrary classpath resources with specific file name extensions. If GeoServer is also deployed as a web archive using the data directory embedded in the `geoserver.war` file (rather than an external data directory), it will likely be possible to read specific resources to gain administrator privileges. However, it is very unlikely that production environments will be using the embedded data directory since, depending on how GeoServer is deployed, it will be erased and re-installed (which would also reset to the default password) either every time the server restarts or every time a new GeoServer WAR is installed and is therefore difficult to maintain. An external data directory will always be used if GeoServer is running in standalone mode (via an installer or a binary). Versions 2.23.5 and 2.24.3 contain a patch for the issue. Some workarounds are available. One may change from a Windows environment to a Linux environment; or change from Apache Tomcat to Jetty application server. One may also disable anonymous access to the embeded GeoWebCache administration and status pages. | ||||
| CVE-2024-32152 | 3 Ankitects, Linux, Microsoft | 3 Anki, Linux Kernel, Windows | 2025-11-04 | 3.1 Low |
| A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary file creation at a fixed path. An attacker can share a malicious flashcard to trigger this vulnerability. | ||||
| CVE-2024-25938 | 3 Apple, Foxit, Microsoft | 5 Macos, Pdf Editor, Pdf Reader and 2 more | 2025-11-04 | 8.8 High |
| A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Barcode widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. | ||||
| CVE-2024-0107 | 2 Microsoft, Nvidia | 8 Windows, Cloud Gaming, Geforce and 5 more | 2025-11-04 | 7.8 High |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2024-31880 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2025-11-04 | 5.3 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. | ||||
| CVE-2023-4333 | 2 Broadcom, Microsoft | 2 Raid Controller Web Interface, Windows | 2025-11-04 | 5.5 Medium |
| Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server | ||||
| CVE-2025-60892 | 2 Microsoft, Raspberrypi | 2 Windows, Imager | 2025-11-04 | 6.8 Medium |
| An issue in Raspberry Pi Imager version 1.9.6 for Windows, affecting its OS customization feature. The imager's 'public-key authentication' setting unintentionally re-adds a user's id_rsa.pub key from their local Windows machine to the authorized_keys file on the Raspberry Pi, even after the user explicitly deletes the key from the user interface. This creates an unintended attack surface, as it could allow an attacker to use a different key than the intended one to login to the device. | ||||