| CVE-2025-20022 | Insufficient control flow management for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow a privileged user to potentially enable information disclosure via adjacent access. | medium |
| CVE-2025-20018 | Untrusted pointer dereference for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable escalation of privilege via local access. | medium |
| CVE-2025-20015 | Uncontrolled search path element for some Intel(R) Ethernet Connection software before version 29.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | medium |
| CVE-2025-20013 | Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable information disclosure via local access. | medium |
| CVE-2025-20012 | Incorrect behavior order for some Intel(R) Core™ Ultra Processors may allow an unauthenticated user to potentially enable information disclosure via physical access. | medium |
| CVE-2025-20009 | Improper input validation in the UEFI firmware GenerationSetup module for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to potentially enable information disclosure via local access. | medium |
| CVE-2025-20008 | Insecure inherited permissions for some Intel(R) Simics(R) Package Manager software before version 1.12.0 may allow a privileged user to potentially enable escalation of privilege via local access. | medium |
| CVE-2025-20006 | Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | high |
| CVE-2025-20004 | Insufficient control flow management in the Alias Checking Trusted Module for some Intel(R) Xeon(R) 6 processor E-Cores firmware may allow a privileged user to potentially enable escalation of privilege via local access. | high |
| CVE-2025-20003 | Improper link resolution before file access ('Link Following') for some Intel(R) Graphics Driver software installers may allow an authenticated user to potentially enable escalation of privilege via local access. | high |
| CVE-2024-48869 | Improper restriction of software interfaces to hardware features for some Intel(R) Xeon(R) 6 processor with E-cores when using Intel(R) Trust Domain Extensions (Intel(R) TDX) or Intel(R) Software Guard Extensions (Intel(R) SGX) may allow a privileged user to potentially enable escalation of privilege via local access. | medium |
| CVE-2024-47800 | Uncontrolled search path for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable escalation of privilege via local access. | medium |
| CVE-2024-47795 | Uncontrolled search path for some Intel(R) oneAPI DPC++/C++ Compiler software before version 2025.0.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | medium |
| CVE-2024-47550 | Incorrect default permissions for some Endurance Gaming Mode software installers may allow an authenticated user to potentially enable escalation of privilege via local access. | medium |
| CVE-2024-46895 | Uncontrolled search path for some Intel(R) Arc™ & Iris(R) Xe graphics software before version 32.0.101.6083/32.0.101.5736 may allow an authenticated user to potentially enable escalation of privilege via local access. | medium |
| CVE-2024-45371 | Improper access control for some Intel(R) Arc™ & Iris(R) Xe graphics software before version 32.0.101.6077 may allow an authenticated user to potentially enable denial of service via local access. | medium |
| CVE-2024-45333 | Improper access control for some Intel(R) Data Center GPU Flex Series for Windows driver before version 31.0.101.4314 may allow an authenticated user to potentially enable denial of service via local access. | medium |
| CVE-2024-45332 | Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | medium |
| CVE-2024-43420 | Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom(R) processors may allow an authenticated user to potentially enable information disclosure via local access. | medium |
| CVE-2024-43101 | Improper access control for some Intel(R) Data Center GPU Flex Series for Windows driver software before version 31.0.101.4255 may allow an authenticated user to potentially enable denial of service via local access. | medium |
| CVE-2024-39833 | Uncontrolled search path for some Intel(R) QAT software before version 2.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | medium |
| CVE-2024-39758 | Improper access control for some Intel(R) Arc™ & Iris(R) Xe graphics software before version 31.0.101.4032 may allow an authenticated user to potentially enable denial of service via local access. | medium |
| CVE-2024-36292 | Improper buffer restrictions for some Intel(R) Data Center GPU Flex Series for Windows driver before version 31.0.101.4314 may allow an authenticated user to potentially enable denial of service via local access. | high |
| CVE-2024-31150 | Out-of-bounds read for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable information disclosure via local access. | medium |
| CVE-2024-31073 | Uncontrolled search path for some Intel(R) oneAPI Level Zero software may allow an authenticated user to potentially enable escalation of privilege via local access. | medium |
| CVE-2024-29222 | Out-of-bounds write for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable denial of service via local access. | medium |
| CVE-2024-28956 | Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | medium |
| CVE-2024-28954 | Incorrect default permissions for some Intel(R) Graphics Driver installers may allow an authenticated user to potentially enable escalation of privilege via local access. | medium |
| CVE-2024-28036 | Improper conditions check for some Intel(R) Arc™ GPU may allow an authenticated user to potentially enable denial of service via local access. | medium |
| CVE-2025-45863 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the macstr parameter in the formMapDelDevice interface. | critical |
| CVE-2025-45865 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the dnsaddr parameter in the formDhcpv6s interface. | critical |
| CVE-2025-45861 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the routername parameter in the formDnsv6 interface. | critical |
| CVE-2025-45746 | In ZKT ZKBio CVSecurity 6.4.1_R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console. NOTE: the Supplier disputes the significance of this report because the service console is typically only accessible from a local area network, and because access to the service console does not result in login access or data access in the context of the application software platform. | critical |
| CVE-2025-3744 | Nomad Enterprise (“Nomad”) jobs using the policy override option are bypassing the mandatory sentinel policies. This vulnerability, identified as CVE-2025-3744, is fixed in Nomad Enterprise 1.10.1, 1.9.9, and 1.8.13. | high |
| CVE-2025-4660 | A remote code execution vulnerability exists in the Windows agent component of SecureConnector due to improper access controls on a named pipe. The pipe is accessible to the Everyone group and does not restrict remote connections, allowing any network-based attacker to connect without authentication. By interacting with this pipe, an attacker can redirect the agent to communicate with a rogue server that can issue commands via the SecureConnector Agent. This does not impact Linux or OSX Secure Connector. | high |
| CVE-2025-43557 | Animate versions 24.0.8, 23.0.11 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | high |
| CVE-2025-43556 | Animate versions 24.0.8, 23.0.11 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | high |
| CVE-2025-43555 | Animate versions 24.0.8, 23.0.11 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | high |
| CVE-2025-43547 | Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | high |
| CVE-2025-43546 | Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | high |
| CVE-2025-43545 | Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | high |
| CVE-2025-30330 | Illustrator versions 29.3, 28.7.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | high |
| CVE-2025-30329 | Animate versions 24.0.8, 23.0.11 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | medium |
| CVE-2025-30328 | Animate versions 24.0.8, 23.0.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | high |
| CVE-2025-30326 | Photoshop Desktop versions 26.5, 25.12.2 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | high |
| CVE-2025-30325 | Photoshop Desktop versions 26.5, 25.12.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | high |
| CVE-2025-30324 | Photoshop Desktop versions 26.5, 25.12.2 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | high |
| CVE-2025-30322 | Substance3D - Painter versions 11.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | high |
| CVE-2025-27197 | Lightroom Desktop versions 8.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | high |
| CVE-2023-31359 | Incorrect default permissions in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | high |
