Total
6546 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-48812 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-07-15 | N/A | 5.5 MEDIUM |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | |||||
| CVE-2025-49658 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-15 | N/A | 5.5 MEDIUM |
| Out-of-bounds read in Windows TDX.sys allows an authorized attacker to disclose information locally. | |||||
| CVE-2025-49657 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2025-07-15 | N/A | 8.8 HIGH |
| Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-48816 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-15 | N/A | 7.8 HIGH |
| Integer overflow or wraparound in HID class driver allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-48822 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2025-07-15 | N/A | 8.6 HIGH |
| Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-48002 | 1 Microsoft | 2 Windows 11 24h2, Windows Server 2025 | 2025-07-15 | N/A | 5.7 MEDIUM |
| Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to disclose information over an adjacent network. | |||||
| CVE-2025-47996 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-15 | N/A | 7.8 HIGH |
| Integer underflow (wrap or wraparound) in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-53014 | 2025-07-14 | N/A | N/A | ||
| ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the `InterpretImageFilename` function. The issue stems from an off-by-one error that causes out-of-bounds memory access when processing format strings containing consecutive percent signs (`%%`). Versions 7.1.2-0 and 6.9.13-26 fix the issue. | |||||
| CVE-2025-27165 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2025-07-14 | N/A | 5.5 MEDIUM |
| Substance3D - Stager versions 3.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-47978 | 1 Microsoft | 3 Windows Server 2022, Windows Server 2022 23h2, Windows Server 2025 | 2025-07-14 | N/A | 6.5 MEDIUM |
| Out-of-bounds read in Windows Kerberos allows an authorized attacker to deny service over a network. | |||||
| CVE-2025-43587 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2025-07-14 | N/A | 5.5 MEDIUM |
| After Effects versions 25.2, 24.6.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-7464 | 2025-07-12 | N/A | 3.7 LOW | ||
| A vulnerability classified as problematic has been found in osrg GoBGP up to 3.37.0. Affected is the function SplitRTR of the file pkg/packet/rtr/rtr.go. The manipulation leads to out-of-bounds read. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The name of the patch is e748f43496d74946d14fed85c776452e47b99d64. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2025-21167 | 1 Adobe | 1 Substance 3d Designer | 2025-07-11 | N/A | 5.5 MEDIUM |
| Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-21168 | 1 Adobe | 1 Substance 3d Designer | 2025-07-11 | N/A | 5.5 MEDIUM |
| Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-43584 | 1 Adobe | 1 Substance 3d Viewer | 2025-07-11 | N/A | 5.5 MEDIUM |
| Substance3D - Viewer versions 0.22 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-47135 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2025-07-11 | N/A | 5.5 MEDIUM |
| Dimension versions 4.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-13169 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | N/A | N/A |
| An out-of-bounds read in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges. | |||||
| CVE-2025-20152 | 1 Cisco | 1 Identity Services Engine | 2025-07-11 | N/A | 8.6 HIGH |
| A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain RADIUS requests. An attacker could exploit this vulnerability by sending a specific authentication request to a network access device (NAD) that uses Cisco ISE for authentication, authorization, and accounting (AAA). A successful exploit could allow the attacker to cause Cisco ISE to reload. | |||||
| CVE-2025-49525 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2025-07-10 | N/A | 5.5 MEDIUM |
| Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-30313 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2025-07-10 | N/A | 5.5 MEDIUM |
| Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||