| CVE-2025-30302 | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | medium |
| CVE-2025-30301 | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | medium |
| CVE-2025-30300 | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | medium |
| CVE-2025-30299 | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | high |
| CVE-2025-30298 | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | high |
| CVE-2025-30297 | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | high |
| CVE-2025-30296 | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | high |
| CVE-2025-30295 | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | high |
| CVE-2025-32036 | DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. The algorithm used to generate the captcha image shows the least complexity of the desired image. For this reason, the created image can be easily read by OCR tools, and the intruder can send automatic requests by building a robot and using this tool. This vulnerability is fixed in 9.13.8. | medium |
| CVE-2025-32035 | DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 9.13.2, when uploading files (e.g. when uploading assets), the file extension is checked to see if it's an allowed file type but the actual contents of the file aren't checked. This means that it's possible to e.g. upload an executable file renamed to be a .jpg. This file could then be executed by another security vulnerability. This vulnerability is fixed in 9.13.2. | low |
| CVE-2025-29824 | Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | high |
| CVE-2025-29823 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | high |
| CVE-2025-29822 | Incomplete list of disallowed inputs in Microsoft Office OneNote allows an unauthorized attacker to bypass a security feature locally. | high |
| CVE-2025-29821 | Improper input validation in Dynamics Business Central allows an authorized attacker to disclose information locally. | medium |
| CVE-2025-29820 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | high |
| CVE-2025-29819 | External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose information locally. | medium |
| CVE-2025-29816 | Improper input validation in Microsoft Office Word allows an unauthorized attacker to bypass a security feature over a network. | high |
| CVE-2025-29812 | Untrusted pointer dereference in Windows Kernel Memory allows an authorized attacker to elevate privileges locally. | high |
| CVE-2025-29811 | Improper input validation in Windows Mobile Broadband allows an authorized attacker to elevate privileges locally. | high |
| CVE-2025-29810 | Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network. | high |
| CVE-2025-29809 | Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally. | high |
| CVE-2025-29808 | Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally. | medium |
| CVE-2025-29805 | Exposure of sensitive information to an unauthorized actor in Outlook for Android allows an unauthorized attacker to disclose information over a network. | high |
| CVE-2025-29804 | Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. | high |
| CVE-2025-29802 | Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. | high |
| CVE-2025-29801 | Incorrect default permissions in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally. | high |
| CVE-2025-29800 | Improper privilege management in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally. | high |
| CVE-2025-29794 | Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | high |
| CVE-2025-29793 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | high |
| CVE-2025-29792 | Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. | high |
| CVE-2025-29791 | Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | high |
| CVE-2025-27752 | Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | high |
| CVE-2025-27751 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | high |
| CVE-2025-27750 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | high |
| CVE-2025-27749 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | high |
| CVE-2025-27748 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | high |
| CVE-2025-27747 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | high |
| CVE-2025-27746 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | high |
| CVE-2025-27745 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | high |
| CVE-2025-27744 | Improper access control in Microsoft Office allows an authorized attacker to elevate privileges locally. | high |
| CVE-2025-27743 | Untrusted search path in System Center allows an authorized attacker to elevate privileges locally. | high |
| CVE-2025-27742 | Out-of-bounds read in Windows NTFS allows an unauthorized attacker to disclose information locally. | medium |
| CVE-2025-27741 | Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally. | high |
| CVE-2025-27740 | Weak authentication in Windows Active Directory Certificate Services allows an authorized attacker to elevate privileges over a network. | high |
| CVE-2025-27739 | Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally. | high |
| CVE-2025-27738 | Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network. | medium |
| CVE-2025-27737 | Improper input validation in Windows Security Zone Mapping allows an unauthorized attacker to bypass a security feature locally. | high |
| CVE-2025-27736 | Exposure of sensitive information to an unauthorized actor in Windows Power Dependency Coordinator allows an authorized attacker to disclose information locally. | medium |
| CVE-2025-27735 | Insufficient verification of data authenticity in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally. | medium |
| CVE-2025-27733 | Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally. | high |
