Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows
Subscriptions
Total
10240 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-5097 | 2 Hypr, Microsoft | 2 Workforce Access, Windows | 2025-06-17 | 7 High |
| Improper Input Validation vulnerability in HYPR Workforce Access on Windows allows Path Traversal.This issue affects Workforce Access: before 8.7. | ||||
| CVE-2023-31036 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Triton Inference Server | 2025-06-17 | 7.5 High |
| NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where, when it is launched with the non-default command line option --model-control explicit, an attacker may use the model load API to cause a relative path traversal. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2024-20715 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2025-06-17 | 5.5 Medium |
| Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-20714 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2025-06-17 | 5.5 Medium |
| Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-20713 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2025-06-17 | 5.5 Medium |
| Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-20712 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2025-06-17 | 5.5 Medium |
| Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-20711 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2025-06-17 | 5.5 Medium |
| Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-20710 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2025-06-17 | 5.5 Medium |
| Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-26362 | 3 Enpass, Linux, Microsoft | 4 Desktop Application, Password Manager, Linux Kernel and 1 more | 2025-06-17 | 8.8 High |
| HTML injection vulnerability in Enpass Password Manager Desktop Client 6.9.2 for Windows and Linux allows attackers to run arbitrary HTML code via creation of crafted note. | ||||
| CVE-2025-4178 | 2 Microsoft, Xiaowei1118 | 2 Windows, Java Server | 2025-06-17 | 5.4 Medium |
| A vulnerability was found in xiaowei1118 java_server up to 11a5bac8f4ba1c17e4bc1b27cad6d24868500e3a on Windows and classified as critical. This issue affects some unknown processing of the file /src/main/java/com/changyu/foryou/controller/FoodController.java of the component File Upload API. The manipulation leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | ||||
| CVE-2025-30321 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-06-16 | 5.5 Medium |
| InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-47104 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-06-16 | 5.5 Medium |
| InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-47105 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-06-16 | 5.5 Medium |
| InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-47106 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-06-16 | 5.5 Medium |
| InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-38738 | 3 Ibm, Linux, Microsoft | 3 Openpages With Watson, Linux Kernel, Windows | 2025-06-16 | 6.8 Medium |
| IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in a OpenPages environment using Native authentication. If OpenPages is using Native authentication an attacker with access to the OpenPages database could through a series of specially crafted steps could exploit this weakness and gain unauthorized access to other OpenPages accounts. IBM X-Force ID: 262594. | ||||
| CVE-2023-51751 | 2 Microsoft, Scalefusion | 2 Windows, Scalefusion | 2025-06-16 | 7.3 High |
| ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode. | ||||
| CVE-2023-45248 | 2 Acronis, Microsoft | 2 Agent, Windows | 2025-06-16 | 7.3 High |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36497, Acronis Cyber Protect 16 (Windows) before build 37391. | ||||
| CVE-2023-45247 | 4 Acronis, Apple, Linux and 1 more | 4 Agent, Macos, Linux Kernel and 1 more | 2025-06-16 | 7.1 High |
| Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36497, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169. | ||||
| CVE-2021-25736 | 3 Kubernetes, Microsoft, Redhat | 3 Kubernetes, Windows, Openshift | 2025-06-12 | 5.8 Medium |
| Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port (“spec.ports[*].port”) as a LoadBalancer Service when the LoadBalancer controller does not set the “status.loadBalancer.ingress[].ip” field. Clusters where the LoadBalancer controller sets the “status.loadBalancer.ingress[].ip” field are unaffected. | ||||
| CVE-2023-38720 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2025-06-12 | 5.3 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 and 11.5 is vulnerable to denial of service with a specially crafted ALTER TABLE statement. IBM X-Force ID: 261616. | ||||