Vulnerabilities
Vulnerable Software
Microsoft:  Security Vulnerabilities
A local privilege escalation vulnerability exists in the Foxit PDF Reader/Editor Update Service. During plugin installation, incorrect file system permissions are assigned to resources used by the update service. A local attacker with low privileges could modify or replace these resources, which are later executed by the service, resulting in execution of arbitrary code with SYSTEM privileges.
CVSS Score
8.8
EPSS Score
0.002
Published
2025-12-19
Improper neutralization of input during web page generation ('cross-site scripting') in Azure Cosmos DB allows an unauthorized attacker to perform spoofing over a network.
CVSS Score
8.3
EPSS Score
0.006
Published
2025-12-19
Improper neutralization of input during web page generation ('cross-site scripting') in Office Out-of-Box Experience allows an unauthorized attacker to perform spoofing over a network.
CVSS Score
8.2
EPSS Score
0.005
Published
2025-12-18
Improper control of generation of code ('code injection') in Azure Container Apps allows an unauthorized attacker to execute code over a network.
CVSS Score
10.0
EPSS Score
0.009
Published
2025-12-18
Improper authorization in Microsoft Partner Center allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
10.0
EPSS Score
0.007
Published
2025-12-18
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVSS Score
3.1
EPSS Score
0.002
Published
2025-12-18
Custom Question Answering Elevation of Privilege Vulnerability
CVSS Score
9.9
EPSS Score
0.007
Published
2025-12-18
'.../...//' in Microsoft Purview allows an authorized attacker to execute code over a network.
CVSS Score
7.2
EPSS Score
0.009
Published
2025-12-18
The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized code execution. Specifically, a third party can create a `inkscape.bat` file that defines a Windows batch script, capable of arbitrary code execution. When a user runs `jupyter nbconvert --to pdf` on a notebook containing SVG output to a PDF on a Windows platform from this directory, the `inkscape.bat` file is run unexpectedly. This issue has been patched in version 7.17.0.
CVSS Score
8.5
EPSS Score
0.002
Published
2025-12-17
Use after free in WebGPU in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS Score
8.8
EPSS Score
0.026
Published
2025-12-16


Contact Us

Shodan ® - All rights reserved