Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
11,881 matching · page 201/238Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-61833(opens NVD record) | High | 7.8 | Substance3D - Stager versions 3.1.5 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Nov 11, 2025 |
| CVE-2025-62453(opens NVD record) | Medium | 5.0 | Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature locally. | Nov 11, 2025 |
| CVE-2025-62452(opens NVD record) | High | 8.0 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. | Nov 11, 2025 |
| CVE-2025-62449(opens NVD record) | Medium | 6.8 | Improper limitation of a pathname to a restricted directory ('path traversal') in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally. | Nov 11, 2025 |
| CVE-2025-62222(opens NVD record) | High | 8.8 | Improper neutralization of special elements used in a command ('command injection') in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network. | Nov 11, 2025 |
| CVE-2025-62220(opens NVD record) | High | 8.8 | Heap-based buffer overflow in Windows Subsystem for Linux GUI allows an unauthorized attacker to execute code over a network. | Nov 11, 2025 |
| CVE-2025-62219(opens NVD record) | High | 7.0 | Double free in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally. | Nov 11, 2025 |
| CVE-2025-62218(opens NVD record) | High | 7.0 | Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally. | Nov 11, 2025 |
| CVE-2025-62217(opens NVD record) | High | 7.0 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | Nov 11, 2025 |
| CVE-2025-62216(opens NVD record) | High | 7.8 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | Nov 11, 2025 |
| CVE-2025-62215(opens NVD record) | High | 7.0 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally. | Nov 11, 2025 |
| CVE-2025-62214(opens NVD record) | Medium | 6.7 | Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code locally. | Nov 11, 2025 |
| CVE-2025-62213(opens NVD record) | High | 7.0 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | Nov 11, 2025 |
| CVE-2025-62211(opens NVD record) | High | 8.7 | Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network. | Nov 11, 2025 |
| CVE-2025-62210(opens NVD record) | High | 8.7 | Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network. | Nov 11, 2025 |
| CVE-2025-62209(opens NVD record) | Medium | 5.5 | Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally. | Nov 11, 2025 |
| CVE-2025-62208(opens NVD record) | Medium | 5.5 | Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally. | Nov 11, 2025 |
| CVE-2025-62206(opens NVD record) | Medium | 6.5 | Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network. | Nov 11, 2025 |
| CVE-2025-62205(opens NVD record) | High | 7.8 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | Nov 11, 2025 |
| CVE-2025-62204(opens NVD record) | High | 8.0 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | Nov 11, 2025 |
| CVE-2025-62203(opens NVD record) | High | 7.8 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | Nov 11, 2025 |
| CVE-2025-62202(opens NVD record) | High | 7.1 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | Nov 11, 2025 |
| CVE-2025-62201(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | Nov 11, 2025 |
| CVE-2025-62200(opens NVD record) | High | 7.8 | Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | Nov 11, 2025 |
| CVE-2025-62199(opens NVD record) | High | 7.8 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | Nov 11, 2025 |
| CVE-2025-61831(opens NVD record) | High | 7.8 | Illustrator versions 28.7.10, 29.8.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Nov 11, 2025 |
| CVE-2025-61820(opens NVD record) | High | 7.8 | Illustrator versions 28.7.10, 29.8.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Nov 11, 2025 |
| CVE-2025-61819(opens NVD record) | High | 7.8 | Photoshop Desktop versions 26.8.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Nov 11, 2025 |
| CVE-2025-60728(opens NVD record) | Medium | 4.3 | Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network. | Nov 11, 2025 |
| CVE-2025-60727(opens NVD record) | High | 7.8 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | Nov 11, 2025 |
| CVE-2025-60726(opens NVD record) | High | 7.1 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | Nov 11, 2025 |
| CVE-2025-60724(opens NVD record) | Critical | 9.8 | Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network. | Nov 11, 2025 |
| CVE-2025-60723(opens NVD record) | Medium | 6.3 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to deny service over a network. | Nov 11, 2025 |
| CVE-2025-60722(opens NVD record) | Medium | 6.5 | Improper limitation of a pathname to a restricted directory ('path traversal') in OneDrive for Android allows an authorized attacker to elevate privileges over a network. | Nov 11, 2025 |
| CVE-2025-60721(opens NVD record) | High | 7.8 | Privilege context switching error in Windows Administrator Protection allows an authorized attacker to elevate privileges locally. | Nov 11, 2025 |
| CVE-2025-60720(opens NVD record) | High | 7.8 | Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally. | Nov 11, 2025 |
| CVE-2025-60719(opens NVD record) | High | 7.0 | Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | Nov 11, 2025 |
| CVE-2025-60718(opens NVD record) | High | 7.8 | Untrusted search path in Windows Administrator Protection allows an authorized attacker to elevate privileges locally. | Nov 11, 2025 |
| CVE-2025-60717(opens NVD record) | High | 7.0 | Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally. | Nov 11, 2025 |
| CVE-2025-60716(opens NVD record) | High | 7.0 | Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally. | Nov 11, 2025 |
| CVE-2025-60715(opens NVD record) | High | 8.0 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. | Nov 11, 2025 |
| CVE-2025-60714(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Windows OLE allows an unauthorized attacker to execute code locally. | Nov 11, 2025 |
| CVE-2025-60713(opens NVD record) | High | 7.8 | Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally. | Nov 11, 2025 |
| CVE-2025-60710(opens NVD record) | High | 7.8 | Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally. | Nov 11, 2025 |
| CVE-2025-60709(opens NVD record) | High | 7.8 | Out-of-bounds read in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | Nov 11, 2025 |
| CVE-2025-60708(opens NVD record) | Medium | 6.5 | Untrusted pointer dereference in Storvsp.sys Driver allows an authorized attacker to deny service locally. | Nov 11, 2025 |
| CVE-2025-60707(opens NVD record) | High | 7.8 | Use after free in Multimedia Class Scheduler Service (MMCSS) allows an authorized attacker to elevate privileges locally. | Nov 11, 2025 |
| CVE-2025-60706(opens NVD record) | Medium | 5.5 | Out-of-bounds read in Windows Hyper-V allows an authorized attacker to disclose information locally. | Nov 11, 2025 |
| CVE-2025-60705(opens NVD record) | High | 7.8 | Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally. | Nov 11, 2025 |
| CVE-2025-60704(opens NVD record) | High | 7.5 | Missing cryptographic step in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network. | Nov 11, 2025 |