Export limit exceeded: 345449 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345449 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-62557 | 1 Microsoft | 9 365 Apps, Office, Office 2016 and 6 more | 2026-04-20 | 8.4 High |
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-62558 | 1 Microsoft | 13 365 Apps, Office, Office 2019 and 10 more | 2026-04-20 | 7.8 High |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-62559 | 1 Microsoft | 13 365 Apps, Office, Office 2019 and 10 more | 2026-04-20 | 7.8 High |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-62560 | 1 Microsoft | 11 365 Apps, Excel, Excel 2016 and 8 more | 2026-04-20 | 7.8 High |
| Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-62569 | 1 Microsoft | 7 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 4 more | 2026-04-20 | 7 High |
| Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-64661 | 1 Microsoft | 18 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 15 more | 2026-04-20 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-64671 | 1 Microsoft | 2 Gihub Copilot Plugin For Jetbrains Ides, Github Copilot | 2026-04-20 | 8.4 High |
| Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-64672 | 1 Microsoft | 1 Sharepoint Server | 2026-04-20 | 8.8 High |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||||
| CVE-2025-64678 | 1 Microsoft | 23 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 20 more | 2026-04-20 | 8.8 High |
| Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-64679 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2026-04-20 | 7.8 High |
| Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-64680 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2026-04-20 | 7.8 High |
| Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-64669 | 1 Microsoft | 1 Windows Admin Center | 2026-04-20 | 7.8 High |
| Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-65046 | 1 Microsoft | 2 Edge, Edge Chromium | 2026-04-20 | 3.1 Low |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||||
| CVE-2025-65041 | 1 Microsoft | 1 Partner Center | 2026-04-20 | 10 Critical |
| Improper authorization in Microsoft Partner Center allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-65037 | 1 Microsoft | 1 Azure Container Apps | 2026-04-20 | 10 Critical |
| Improper control of generation of code ('code injection') in Azure Container Apps allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-64676 | 1 Microsoft | 2 Office Purview, Purview | 2026-04-20 | 7.2 High |
| '.../...//' in Microsoft Purview allows an authorized attacker to execute code over a network. | ||||
| CVE-2025-64677 | 1 Microsoft | 2 Office Out-of-box Experience, Office Out Of-box Experience | 2026-04-20 | 8.2 High |
| Improper neutralization of input during web page generation ('cross-site scripting') in Office Out-of-Box Experience allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-64675 | 1 Microsoft | 2 Azure Cosmos Db, Cosmos Db | 2026-04-20 | 8.3 High |
| Improper neutralization of input during web page generation ('cross-site scripting') in Azure Cosmos DB allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-61594 | 1 Ruby-lang | 1 Uri | 2026-04-20 | 7.5 High |
| URI is a module providing classes to handle Uniform Resource Identifiers. In versions 0.12.4 and earlier (bundled in Ruby 3.2 series) 0.13.2 and earlier (bundled in Ruby 3.3 series), 1.0.3 and earlier (bundled in Ruby 3.4 series), when using the + operator to combine URIs, sensitive information like passwords from the original URI can be leaked, violating RFC3986 and making applications vulnerable to credential exposure. This is a a bypass for the fix to CVE-2025-27221 that can expose user credentials. This issue has been fixed in versions 0.12.5, 0.13.3 and 1.0.4. | ||||
| CVE-2025-14831 | 2 Red Hat, Redhat | 13 Enterprise Linux, Ai Inference Server, Ceph Storage and 10 more | 2026-04-20 | 5.3 Medium |
| A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs). | ||||