| CVE-2025-49735 | Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network. | high |
| CVE-2025-49731 | Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network. | low |
| CVE-2025-48823 | Cryptographic issues in Windows Cryptographic Services allows an unauthorized attacker to disclose information over a network. | medium |
| CVE-2025-48023 | A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier | medium |
| CVE-2025-48022 | A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier | medium |
| CVE-2025-48021 | A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier | medium |
| CVE-2025-48020 | A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier | medium |
| CVE-2025-48019 | A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier | medium |
| CVE-2025-47964 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | medium |
| CVE-2025-47963 | No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | medium |
| CVE-2025-47915 | Rejected reason: reserved but not needed | No Score |
| CVE-2025-47732 | Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network. | critical |
| CVE-2025-47176 | '.../...//' in Microsoft Office Outlook allows an authorized attacker to execute code locally. | high |
| CVE-2025-46685 | Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | high |
| CVE-2025-46684 | Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information Tampering. | medium |
| CVE-2025-46310 | This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. An attacker with root privileges may be able to delete protected system files. | medium |
| CVE-2025-46305 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash. | medium |
| CVE-2025-46304 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash. | medium |
| CVE-2025-46303 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash. | medium |
| CVE-2025-46302 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash. | medium |
| CVE-2025-46301 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash. | medium |
| CVE-2025-46300 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash. | medium |
| CVE-2025-46290 | A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. A remote attacker may be able to cause a denial-of-service. | high |
| CVE-2025-43537 | A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5. Restoring a maliciously crafted backup file may lead to modification of protected system files. | medium |
| CVE-2025-43417 | A path handling issue was addressed with improved logic. This issue is fixed in macOS Sonoma 14.8.4. An app may be able to access user-sensitive data. | medium |
| CVE-2025-43403 | An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. An app may be able to access sensitive user data. | medium |
| CVE-2025-40905 | WWW::OAuth 1.000 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. | critical |
| CVE-2025-40536 | SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality. | critical |
| CVE-2025-38575 | In the Linux kernel, the following vulnerability has been resolved: ksmbd: use aead_request_free to match aead_request_alloc Use aead_request_free() instead of kfree() to properly free memory allocated by aead_request_alloc(). This ensures sensitive crypto data is zeroed before being freed. | medium |
| CVE-2025-38501 | In the Linux kernel, the following vulnerability has been resolved: ksmbd: limit repeated connections from clients with the same IP Repeated connections from clients with the same IP address may exhaust the max connections and prevent other normal client connections. This patch limit repeated connections from clients with the same IP. | medium |
| CVE-2025-37947 | In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevent out-of-bounds stream writes by validating *pos ksmbd_vfs_stream_write() did not validate whether the write offset (*pos) was within the bounds of the existing stream data length (v_len). If *pos was greater than or equal to v_len, this could lead to an out-of-bounds memory write. This patch adds a check to ensure *pos is less than v_len before proceeding. If the condition fails, -EINVAL is returned. | high |
| CVE-2025-37778 | In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix dangling pointer in krb_authenticate krb_authenticate frees sess->user and does not set the pointer to NULL. It calls ksmbd_krb5_authenticate to reinitialise sess->user but that function may return without doing so. If that happens then smb2_sess_setup, which calls krb_authenticate, will be accessing free'd memory when it later uses sess->user. | high |
| CVE-2025-37775 | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix the warning from __kernel_write_iter [ 2110.972290] ------------[ cut here ]------------ [ 2110.972301] WARNING: CPU: 3 PID: 735 at fs/read_write.c:599 __kernel_write_iter+0x21b/0x280 This patch doesn't allow writing to directory. | medium |
| CVE-2025-37162 | A vulnerability in the command line interface of affected devices could allow an authenticated remote attacker to conduct a command injection attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. | high |
| CVE-2025-37161 | A vulnerability in the web-based management interface of affected products could allow an unauthenticated remote attacker to cause a denial of service. Successful exploitation could allow an attacker to crash the system, preventing it from rebooting without manual intervention and disrupting network operations. | high |
| CVE-2025-36552 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-36545 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-36542 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-36538 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-36534 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-36532 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-36526 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-36524 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-36523 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-36517 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-35997 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-35993 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-35976 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-35962 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-35961 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
