Microsoft: Security Vulnerabilities
Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
9.0
EPSS Score
0.001
Published
2025-07-18
No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVSS Score
6.3
EPSS Score
0.001
Published
2025-07-11
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVSS Score
5.4
EPSS Score
0.0
Published
2025-07-11
Improper input validation in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally.
CVSS Score
5.6
EPSS Score
0.001
Published
2025-07-11
Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-07-10
Server-Side Request Forgery (SSRF) in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via
mod_rewrite or apache expressions that pass unvalidated request input.
This issue affects Apache HTTP Server: from 2.4.0 through 2.4.63.
Note: The Apache HTTP Server Project will be setting a higher bar for accepting vulnerability reports regarding SSRF via UNC paths.
The server offers limited protection against administrators directing the server to open UNC paths.
Windows servers should limit the hosts they will connect over via SMB based on the nature of NTLM authentication.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-07-10
IBM OpenPages with Watson 8.3 and 9.0 could allow an authenticated user to obtain sensitive information that should only be available to privileged users.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-07-09
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-07-08
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-07-08
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-07-08