CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2025-32037 Improper access control for some Intel(R) PresentMon before version 2.3.1 within Ring 3: User Applications may allow a denial of service. Network adversary with a privileged user combined with a high ... | 2.0 | LOW | — | 0 |
| CVE-2025-32038 Uncontrolled search path for some FPGA Support Package for the Intel oneAPI DPC++C++ Compiler software before version 2025.0.1 within Ring 3: User Applications may allow an escalation of privilege. Un... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-32091 Incorrect default permissions in some firmware for the Intel(R) Arc(TM) B-series GPUs within Ring 1: Device Drivers may allow an escalation of privilege. System software adversary with a privileged us... | 8.2 | HIGH | — | 0 |
| CVE-2025-61865 Multiple NAS management applications provided by I-O DATA DEVICE, INC. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive ma... | N/A | NONE | — | 0 |
| CVE-2025-32449 Unquoted search path for some PRI Driver software before version 03.03.1002 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-33029 Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Unprivileged software adversary with ... | 7.4 | HIGH | — | 0 |
| CVE-2025-33178 NVIDIA NeMo Framework for all platforms contains a vulnerability in the bert services component where malicious data created by an attacker may cause a code injection. A successful exploit of this vul... | 7.8 | HIGH | — | 0 |
| CVE-2025-33185 NVIDIA AIStore contains a vulnerability in AuthN where an unauthenticated user may cause information disclosure. A successful exploit of this vulnerability may lead to information disclosure. | 5.3 | MEDIUM | — | 0 |
| CVE-2025-33186 NVIDIA AIStore contains a vulnerability in AuthN. A successful exploit of this vulnerability might lead to escalation of privileges, information disclosure, and data tampering. | 8.8 | HIGH | — | 0 |
| CVE-2025-35963 Insufficient control flow management for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Unprivileged softwar... | 7.4 | HIGH | — | 0 |
| CVE-2025-35967 Out-of-bounds read for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Unprivileged software adversary with a... | 7.4 | HIGH | — | 0 |
| CVE-2025-35968 Protection mechanism failure in the UEFI firmware for the Slim Bootloader within firmware may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a hi... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-26044 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-35971 Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Unprivileged software adversary with ... | 8.2 | HIGH | — | 0 |
| CVE-2025-35972 Uncontrolled search path for the Intel MPI Library before version 2021.16 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated u... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-61814 InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this... | 7.8 | HIGH | — | 0 |
| CVE-2025-61815 InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this... | 7.8 | HIGH | — | 0 |
| CVE-2025-61816 InCopy versions 20.5, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of th... | 7.8 | HIGH | — | 0 |
| CVE-2025-61817 InCopy versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue req... | 7.8 | HIGH | — | 0 |
| CVE-2025-68286 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check NULL before accessing [WHAT] IGT kms_cursor_legacy's long-nonblocking-modeset-vs-cursor-atomic fails with N... | N/A | NONE | — | 0 |
| CVE-2025-61818 InCopy versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue req... | 7.8 | HIGH | — | 0 |
| CVE-2025-61824 InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploita... | 7.8 | HIGH | — | 0 |
| CVE-2025-61832 InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploita... | 7.8 | HIGH | — | 0 |
| CVE-2025-47179 Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally. | 6.7 | MEDIUM | — | 0 |
| CVE-2025-59240 Exposure of sensitive information to an unauthorized actor in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | 5.5 | MEDIUM | — | 0 |
| CVE-2025-59499 Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. | 8.8 | HIGH | — | 0 |
| CVE-2025-59505 Double free in Windows Smart Card allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-59506 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2025-59507 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2025-59508 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2025-59509 Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | — | 0 |
| CVE-2025-59510 Improper link resolution before file access ('link following') in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to deny service locally. | 5.5 | MEDIUM | — | 0 |
| CVE-2025-59511 External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-59512 Improper access control in Customer Experience Improvement Program (CEIP) allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-62204 Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | 8.0 | HIGH | — | 0 |
| CVE-2025-59513 Out-of-bounds read in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | — | 0 |
| CVE-2025-59514 Improper privilege management in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-59515 Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2025-60703 Untrusted pointer dereference in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-60704 Missing cryptographic step in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network. | 7.5 | HIGH | — | 0 |
| CVE-2025-60705 Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-60706 Out-of-bounds read in Windows Hyper-V allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | — | 0 |
| CVE-2025-60708 Untrusted pointer dereference in Storvsp.sys Driver allows an authorized attacker to deny service locally. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-61837 Format Plugins versions 1.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of t... | 7.8 | HIGH | — | 0 |
| CVE-2025-60709 Out-of-bounds read in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-60713 Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-60714 Heap-based buffer overflow in Windows OLE allows an unauthorized attacker to execute code locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-60715 Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. | 8.0 | HIGH | — | 0 |
| CVE-2025-40763 A vulnerability has been identified in Altair Grid Engine (All versions < V2026.0.0). Affected products do not properly validate environment variables when loading shared libraries, allowing path hija... | 7.8 | HIGH | — | 0 |
| CVE-2025-60716 Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.