CVE-2025-32704 - Microsoft Office Excel Buffer Over-read Remote Code Execution Vulnerability
CVE ID : CVE-2025-32704
Published : May 13, 2025, 5:16 p.m. | 2 hours, 7 minutes ago
Description : Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32704
Published : May 13, 2025, 5:16 p.m. | 2 hours, 7 minutes ago
Description : Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32705 - Microsoft Office Outlook Out-of-bounds Read Remote Code Execution Vulnerability
CVE ID : CVE-2025-32705
Published : May 13, 2025, 5:16 p.m. | 2 hours, 7 minutes ago
Description : Out-of-bounds read in Microsoft Office Outlook allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32705
Published : May 13, 2025, 5:16 p.m. | 2 hours, 7 minutes ago
Description : Out-of-bounds read in Microsoft Office Outlook allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32706 - Windows Common Log File System Driver Local Privilege Escalation Vulnerability
CVE ID : CVE-2025-32706
Published : May 13, 2025, 5:16 p.m. | 2 hours, 7 minutes ago
Description : Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32706
Published : May 13, 2025, 5:16 p.m. | 2 hours, 7 minutes ago
Description : Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32707 - Windows NTFS Out-of-bounds Read Privilege Elevation
CVE ID : CVE-2025-32707
Published : May 13, 2025, 5:16 p.m. | 2 hours, 7 minutes ago
Description : Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32707
Published : May 13, 2025, 5:16 p.m. | 2 hours, 7 minutes ago
Description : Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32709 - "Windows Ancillary Function Driver for WinSock Use-After-Free Privilege Escalation Vulnerability"
CVE ID : CVE-2025-32709
Published : May 13, 2025, 5:16 p.m. | 2 hours, 7 minutes ago
Description : Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32709
Published : May 13, 2025, 5:16 p.m. | 2 hours, 7 minutes ago
Description : Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3757 - OpenPubkey Invalid JWS Signature Verification
CVE ID : CVE-2025-3757
Published : May 13, 2025, 5:16 p.m. | 2 hours, 7 minutes ago
Description : Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3757
Published : May 13, 2025, 5:16 p.m. | 2 hours, 7 minutes ago
Description : Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47280 - Umbraco Forms Email Injection Vulnerability
CVE ID : CVE-2025-47280
Published : May 13, 2025, 5:16 p.m. | 2 hours, 7 minutes ago
Description : Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior to versions 13.4.2 and 15.1.2, the 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workflow configured vulnerable, as it allows sending the message from a trusted system and address, potentially bypassing spam and email client security systems. This issue affects all (supported) versions Umbraco Forms and is patched in 13.4.2 and 15.1.2. Unpatched or unsupported versions can workaround this issue by using the `Send email with template (Razor)` workflow instead or writing a custom workflow type. To avoid accidentally using the vulnerable workflow again, the `SendEmail` workflow type can be removed using a composer available in the GitHub Security Advisory for this vulnerability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47280
Published : May 13, 2025, 5:16 p.m. | 2 hours, 7 minutes ago
Description : Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior to versions 13.4.2 and 15.1.2, the 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workflow configured vulnerable, as it allows sending the message from a trusted system and address, potentially bypassing spam and email client security systems. This issue affects all (supported) versions Umbraco Forms and is patched in 13.4.2 and 15.1.2. Unpatched or unsupported versions can workaround this issue by using the `Send email with template (Razor)` workflow instead or writing a custom workflow type. To avoid accidentally using the vulnerable workflow again, the `SendEmail` workflow type can be removed using a composer available in the GitHub Security Advisory for this vulnerability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4658 - OpenPubkey/OPKSSH JWS Signature Verification Bypass
CVE ID : CVE-2025-4658
Published : May 13, 2025, 5:16 p.m. | 2 hours, 7 minutes ago
Description : Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. As OPKSSH depends on the OpenPubkey library for authentication, this vulnerability in OpenPubkey also applies to OPKSSH versions prior to 0.5.0 and would allow an attacker to bypass OPKSSH authentication.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4658
Published : May 13, 2025, 5:16 p.m. | 2 hours, 7 minutes ago
Description : Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. As OPKSSH depends on the OpenPubkey library for authentication, this vulnerability in OpenPubkey also applies to OPKSSH versions prior to 0.5.0 and would allow an attacker to bypass OPKSSH authentication.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-31358 - AMD Manageability API DLL Hijacking Privilege Escalation Vulnerability
CVE ID : CVE-2023-31358
Published : May 13, 2025, 6:15 p.m. | 1 hour, 7 minutes ago
Description : A DLL hijacking vulnerability in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-31358
Published : May 13, 2025, 6:15 p.m. | 1 hour, 7 minutes ago
Description : A DLL hijacking vulnerability in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-31359 - AMD Manageability API Privilege Escalation Vulnerability
CVE ID : CVE-2023-31359
Published : May 13, 2025, 6:15 p.m. | 1 hour, 7 minutes ago
Description : Incorrect default permissions in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-31359
Published : May 13, 2025, 6:15 p.m. | 1 hour, 7 minutes ago
Description : Incorrect default permissions in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27197 - Adobe Lightroom Out-of-Bounds Write Arbitrary Code Execution Vulnerability
CVE ID : CVE-2025-27197
Published : May 13, 2025, 6:15 p.m. | 1 hour, 7 minutes ago
Description : Lightroom Desktop versions 8.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27197
Published : May 13, 2025, 6:15 p.m. | 1 hour, 7 minutes ago
Description : Lightroom Desktop versions 8.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30322 - Substance3D Painter Out-of-Bounds Write Vulnerability
CVE ID : CVE-2025-30322
Published : May 13, 2025, 6:15 p.m. | 1 hour, 7 minutes ago
Description : Substance3D - Painter versions 11.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30322
Published : May 13, 2025, 6:15 p.m. | 1 hour, 7 minutes ago
Description : Substance3D - Painter versions 11.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30324 - Adobe Photoshop Integer Underflow Arbitrary Code Execution Vulnerability
CVE ID : CVE-2025-30324
Published : May 13, 2025, 6:15 p.m. | 1 hour, 7 minutes ago
Description : Photoshop Desktop versions 26.5, 25.12.2 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30324
Published : May 13, 2025, 6:15 p.m. | 1 hour, 7 minutes ago
Description : Photoshop Desktop versions 26.5, 25.12.2 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30325 - Adobe Photoshop Integer Overflow Arbitrary Code Execution
CVE ID : CVE-2025-30325
Published : May 13, 2025, 6:15 p.m. | 1 hour, 7 minutes ago
Description : Photoshop Desktop versions 26.5, 25.12.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30325
Published : May 13, 2025, 6:15 p.m. | 1 hour, 7 minutes ago
Description : Photoshop Desktop versions 26.5, 25.12.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30326 - Adobe Photoshop Uninitialized Pointer Access Vulnerability
CVE ID : CVE-2025-30326
Published : May 13, 2025, 6:15 p.m. | 1 hour, 7 minutes ago
Description : Photoshop Desktop versions 26.5, 25.12.2 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30326
Published : May 13, 2025, 6:15 p.m. | 1 hour, 7 minutes ago
Description : Photoshop Desktop versions 26.5, 25.12.2 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30328 - Animate Out-of-Bounds Write Arbitrary Code Execution Vulnerability
CVE ID : CVE-2025-30328
Published : May 13, 2025, 6:15 p.m. | 1 hour, 7 minutes ago
Description : Animate versions 24.0.8, 23.0.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30328
Published : May 13, 2025, 6:15 p.m. | 1 hour, 7 minutes ago
Description : Animate versions 24.0.8, 23.0.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30329 - Adobe Animate NULL Pointer Dereference Denial-of-Service
CVE ID : CVE-2025-30329
Published : May 13, 2025, 6:15 p.m. | 1 hour, 7 minutes ago
Description : Animate versions 24.0.8, 23.0.11 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30329
Published : May 13, 2025, 6:15 p.m. | 1 hour, 7 minutes ago
Description : Animate versions 24.0.8, 23.0.11 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30330 - Adobe Illustrator Heap-based Buffer Overflow Vulnerability
CVE ID : CVE-2025-30330
Published : May 13, 2025, 6:15 p.m. | 1 hour, 7 minutes ago
Description : Illustrator versions 29.3, 28.7.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30330
Published : May 13, 2025, 6:15 p.m. | 1 hour, 7 minutes ago
Description : Illustrator versions 29.3, 28.7.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43545 - Adobe Bridge Uninitialized Pointer Remote Code Execution Vulnerability
CVE ID : CVE-2025-43545
Published : May 13, 2025, 6:15 p.m. | 1 hour, 7 minutes ago
Description : Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43545
Published : May 13, 2025, 6:15 p.m. | 1 hour, 7 minutes ago
Description : Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43546 - Oracle Bridge Integer Underflow Vulnerability
CVE ID : CVE-2025-43546
Published : May 13, 2025, 6:15 p.m. | 1 hour, 7 minutes ago
Description : Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43546
Published : May 13, 2025, 6:15 p.m. | 1 hour, 7 minutes ago
Description : Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43547 - Bridge File Integer Overflow Arbitrary Code Execution
CVE ID : CVE-2025-43547
Published : May 13, 2025, 6:15 p.m. | 1 hour, 7 minutes ago
Description : Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43547
Published : May 13, 2025, 6:15 p.m. | 1 hour, 7 minutes ago
Description : Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...