Skip to main content
CVE-2025-61836 HIGH This Month

Illustrator on iPad versions 3.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Illustrator On Ipad
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-61831 HIGH This Month

Illustrator versions 28.7.10, 29.8.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Illustrator
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-61829 HIGH This Month

Illustrator on iPad versions 3.0.9 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Illustrator On Ipad
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-61828 HIGH This Month

Illustrator on iPad versions 3.0.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Illustrator On Ipad
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-61827 HIGH This Month

Illustrator on iPad versions 3.0.9 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Illustrator On Ipad
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-61826 HIGH This Month

Illustrator on iPad versions 3.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Illustrator On Ipad
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-61820 HIGH This Month

Illustrator versions 28.7.10, 29.8.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Illustrator
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-61819 HIGH This Month

Photoshop Desktop versions 26.8.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Photoshop
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-60727 HIGH This Month

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure 365 Apps Excel +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-60726 HIGH This Month

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure 365 Apps Excel +3
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-60721 HIGH This Month

Privilege context switching error in Windows Administrator Protection allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 11 24h2 Windows 11 25h2 Windows
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-60720 HIGH This Month

Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +12
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-60719 HIGH This Month

Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +12
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-60718 HIGH This Month

Untrusted search path in Windows Administrator Protection allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 11 24h2 Windows 11 25h2 Windows
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-60717 HIGH This Month

Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Microsoft Use After Free Windows 10 1809 +9
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-60716 HIGH This Month

Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Microsoft Use After Free Windows 10 1809 +10
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-60715 HIGH This Month

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Heap Overflow Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-60714 HIGH This Month

Heap-based buffer overflow in Windows OLE allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Heap Overflow Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-60713 HIGH This Month

Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows Server 2016 Windows Server 2019 Windows Server 2022 +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-60709 HIGH This Month

Out-of-bounds read in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-60707 HIGH This Month

Use after free in Multimedia Class Scheduler Service (MMCSS) allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-60705 HIGH This Month

Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows 10 1607 Windows 10 1809 Windows 10 21h2 +12
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-60704 HIGH This Month

Missing cryptographic step in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Authentication Bypass Windows 10 1607 Windows 10 1809 Windows 10 21h2 +12
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-60703 HIGH This Month

Untrusted pointer dereference in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +12
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-59515 HIGH This Month

Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Microsoft Use After Free Windows 10 1809 +9
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-59514 HIGH This Month

Improper privilege management in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Windows 10 1607 Windows 10 1809 Windows 10 21h2 +11
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-59512 HIGH This Month

Improper access control in Customer Experience Improvement Program (CEIP) allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Windows 10 1607 Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +10
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-59511 HIGH This Month

External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +8
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-59508 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Microsoft Information Disclosure Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-59507 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Microsoft Information Disclosure Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-59506 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Microsoft Information Disclosure Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-59505 HIGH This Month

Double free in Windows Smart Card allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +11
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-59504 HIGH This Month

Heap-based buffer overflow in Azure Monitor Agent allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Heap Overflow Azure Monitor Agent
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-59499 HIGH This Month

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Sql Server 2016 Sql Server 2017 Sql Server 2019 Sql Server 2022
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-61832 HIGH This Month

InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Indesign
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-61824 HIGH This Month

InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Indesign
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-61818 HIGH This Month

InCopy versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE Use After Free Incopy
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-61817 HIGH This Month

InCopy versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE Use After Free Incopy
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-61816 HIGH This Month

InCopy versions 20.5, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Incopy
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-61815 HIGH This Month

InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE Use After Free Indesign
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-61814 HIGH This Month

InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE Use After Free Indesign
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-35971 HIGH This Month

Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Intel Microsoft Memory Corruption Denial Of Service +1
NVD
CVSS 4.0
8.3
EPSS
0.1%
CVE-2025-35968 HIGH This Month

Protection mechanism failure in the UEFI firmware for the Slim Bootloader within firmware may allow an escalation of privilege. Rated high severity (CVSS 7.1). No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-35967 HIGH This Month

Out-of-bounds read for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Intel Microsoft Denial Of Service +1
NVD
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-35963 HIGH This Month

Insufficient control flow management for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Denial Of Service Microsoft Windows
NVD
CVSS 4.0
8.3
EPSS
0.0%
CVE-2025-33186 HIGH This Month

NVIDIA AIStore contains a vulnerability in AuthN. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia Information Disclosure Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-33178 HIGH This Month

NVIDIA NeMo Framework for all platforms contains a vulnerability in the bert services component where malicious data created by an attacker may cause a code injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure RCE Nvidia Code Injection Nemo
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-33029 HIGH This Month

Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Intel Microsoft Memory Corruption Denial Of Service +1
NVD
CVSS 4.0
8.3
EPSS
0.0%
CVE-2025-33000 HIGH This Month

Improper input validation for some Intel QuickAssist Technology before version 2.6.0 within Ring 3: User Applications may allow an escalation of privilege. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Quickassist Technology
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-32091 HIGH This Month

Incorrect default permissions in some firmware for the Intel(R) Arc(TM) B-series GPUs within Ring 1: Device Drivers may allow an escalation of privilege. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
8.4
EPSS
0.0%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy