| CVE-2025-53513 | The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running a unit through the affected charm. | medium |
| CVE-2025-53512 | The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information. | medium |
| CVE-2025-49760 | External control of file name or path in Windows Storage allows an authorized attacker to perform spoofing over a network. | low |
| CVE-2025-49756 | Use of a broken or risky cryptographic algorithm in Office Developer Platform allows an authorized attacker to bypass a security feature locally. | low |
| CVE-2025-49753 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | high |
| CVE-2025-49744 | Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | high |
| CVE-2025-49742 | Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally. | high |
| CVE-2025-49740 | Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network. | high |
| CVE-2025-49739 | Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network. | high |
| CVE-2025-49738 | Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally. | high |
| CVE-2025-49737 | Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Teams allows an authorized attacker to elevate privileges locally. | high |
| CVE-2025-49735 | Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network. | high |
| CVE-2025-49733 | Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. | high |
| CVE-2025-49732 | Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | high |
| CVE-2025-49731 | Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network. | low |
| CVE-2025-49730 | Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally. | high |
| CVE-2025-49729 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | high |
| CVE-2025-49727 | Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | high |
| CVE-2025-49726 | Use after free in Windows Notification allows an authorized attacker to elevate privileges locally. | high |
| CVE-2025-49725 | Use after free in Windows Notification allows an authorized attacker to elevate privileges locally. | high |
| CVE-2025-49724 | Use after free in Windows Connected Devices Platform Service allows an unauthorized attacker to execute code over a network. | high |
| CVE-2025-49723 | Missing authorization in Windows StateRepository API allows an authorized attacker to perform tampering locally. | high |
| CVE-2025-49722 | Uncontrolled resource consumption in Windows Print Spooler Components allows an authorized attacker to deny service over an adjacent network. | medium |
| CVE-2025-49721 | Heap-based buffer overflow in Windows Fast FAT Driver allows an unauthorized attacker to elevate privileges locally. | high |
| CVE-2025-49719 | Improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network. | high |
| CVE-2025-49718 | Use of uninitialized resource in SQL Server allows an unauthorized attacker to disclose information over a network. | high |
| CVE-2025-49717 | Heap-based buffer overflow in SQL Server allows an authorized attacker to execute code over a network. | high |
| CVE-2025-49716 | Uncontrolled resource consumption in Windows Netlogon allows an unauthorized attacker to deny service over a network. | high |
| CVE-2025-49714 | Trust boundary violation in Visual Studio Code - Python extension allows an unauthorized attacker to execute code locally. | high |
| CVE-2025-49711 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | high |
| CVE-2025-49706 | Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. | medium |
| CVE-2025-49705 | Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. | high |
| CVE-2025-49704 | Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | high |
| CVE-2025-49703 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | high |
| CVE-2025-49702 | Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | high |
| CVE-2025-49701 | Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | high |
| CVE-2025-49700 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | high |
| CVE-2025-49699 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | high |
| CVE-2025-49698 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | high |
| CVE-2025-49697 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | high |
| CVE-2025-49696 | Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally. | high |
| CVE-2025-49695 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | high |
| CVE-2025-49694 | Null pointer dereference in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | high |
| CVE-2025-49693 | Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | high |
| CVE-2025-49691 | Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over an adjacent network. | high |
| CVE-2025-49690 | Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an unauthorized attacker to elevate privileges locally. | high |
| CVE-2025-49689 | Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally. | high |
| CVE-2025-49688 | Double free in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | high |
| CVE-2025-49687 | Out-of-bounds read in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally. | high |
| CVE-2025-49686 | Null pointer dereference in Windows TCP/IP allows an authorized attacker to elevate privileges locally. | high |
