CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2025-26685 Improper authentication in Microsoft Defender for Identity allows an unauthorized attacker to perform spoofing over an adjacent network. | 6.5 | MEDIUM | β | 0 |
| CVE-2025-27468 Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2025-27488 Use of hard-coded credentials in Windows Hardware Lab Kit allows an authorized attacker to elevate privileges locally. | 6.7 | MEDIUM | β | 0 |
| CVE-2025-29826 Improper handling of insufficient permissions or privileges in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network. | 7.3 | HIGH | β | 0 |
| CVE-2025-29829 Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | β | 0 |
| CVE-2025-29830 Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | 6.5 | MEDIUM | β | 0 |
| CVE-2025-29838 Null pointer dereference in Windows Drivers allows an unauthorized attacker to elevate privileges locally. | 7.4 | HIGH | β | 0 |
| CVE-2025-29839 Out-of-bounds read in Windows File Server allows an unauthorized attacker to disclose information locally. | 4.0 | MEDIUM | β | 0 |
| CVE-2025-29841 Concurrent execution using shared resource with improper synchronization ('race condition') in Universal Print Management Service allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2025-29842 Acceptance of extraneous untrusted data with trusted data in UrlMon allows an unauthorized attacker to bypass a security feature over a network. | 7.5 | HIGH | β | 0 |
| CVE-2025-29954 Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network. | 5.9 | MEDIUM | β | 0 |
| CVE-2025-29955 Improper input validation in Windows Hyper-V allows an unauthorized attacker to deny service locally. | 6.2 | MEDIUM | β | 0 |
| CVE-2025-29956 Buffer over-read in Windows SMB allows an authorized attacker to disclose information over a network. | 5.4 | MEDIUM | β | 0 |
| CVE-2025-29957 Uncontrolled resource consumption in Windows Deployment Services allows an unauthorized attacker to deny service locally. | 6.2 | MEDIUM | β | 0 |
| CVE-2025-29958 Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | 6.5 | MEDIUM | β | 0 |
| CVE-2025-29963 Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. | 8.8 | HIGH | β | 0 |
| CVE-2025-29964 Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. | 8.8 | HIGH | β | 0 |
| CVE-2025-29966 Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network. | 8.8 | HIGH | β | 0 |
| CVE-2025-29967 Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. | 8.8 | HIGH | β | 0 |
| CVE-2025-29968 Improper input validation in Active Directory Certificate Services (AD CS) allows an authorized attacker to deny service over a network. | 6.5 | MEDIUM | β | 0 |
| CVE-2025-29969 Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network. | 7.5 | HIGH | β | 0 |
| CVE-2025-30322 Substance3D - Painter versions 11.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of t... | 7.8 | HIGH | β | 0 |
| CVE-2025-29970 Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2025-29971 Out-of-bounds read in Web Threat Defense (WTD.sys) allows an unauthorized attacker to deny service over a network. | 7.5 | HIGH | β | 0 |
| CVE-2025-29973 Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2025-29974 Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose information over an adjacent network. | 5.7 | MEDIUM | β | 0 |
| CVE-2025-29975 Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2025-29977 Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | 7.8 | HIGH | β | 0 |
| CVE-2024-48869 Improper restriction of software interfaces to hardware features for some Intel(R) Xeon(R) 6 processor with E-cores when using Intel(R) Trust Domain Extensions (Intel(R) TDX) or Intel(R) Software Guar... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-29978 Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. | 7.8 | HIGH | β | 0 |
| CVE-2025-29979 Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | 7.8 | HIGH | β | 0 |
| CVE-2025-30310 Dreamweaver Desktop versions 21.4 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the contex... | 7.8 | HIGH | β | 0 |
| CVE-2025-30318 InDesign Desktop versions ID19.5.2, ID20.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitati... | 7.8 | HIGH | β | 0 |
| CVE-2025-30319 InDesign Desktop versions ID19.5.2, ID20.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnera... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-45863 TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the macstr parameter in the formMapDelDevice interface. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-30320 InDesign Desktop versions ID19.5.2, ID20.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnera... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-30375 Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | 7.8 | HIGH | β | 0 |
| CVE-2025-30376 Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | 7.8 | HIGH | β | 0 |
| CVE-2025-30377 Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | 8.4 | HIGH | β | 0 |
| CVE-2024-28036 Improper conditions check for some Intel(R) Arcβ’ GPU may allow an authenticated user to potentially enable denial of service via local access. | 5.6 | MEDIUM | β | 0 |
| CVE-2025-30378 Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally. | 7.0 | HIGH | β | 0 |
| CVE-2025-30379 Release of invalid pointer or reference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | 7.8 | HIGH | β | 0 |
| CVE-2025-30381 Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | 7.8 | HIGH | β | 0 |
| CVE-2025-30382 Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally. | 7.8 | HIGH | β | 0 |
| CVE-2025-30383 Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | 7.8 | HIGH | β | 0 |
| CVE-2024-28954 Incorrect default permissions for some Intel(R) Graphics Driver installers may allow an authenticated user to potentially enable escalation of privilege via local access. | 6.7 | MEDIUM | β | 0 |
| CVE-2025-30384 Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally. | 7.4 | HIGH | β | 0 |
| CVE-2025-30385 Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2025-30386 Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | 8.4 | HIGH | β | 0 |
| CVE-2025-30387 Improper limitation of a pathname to a restricted directory ('path traversal') in Azure allows an unauthorized attacker to elevate privileges over a network. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.