Microsoft: Security Vulnerabilities
Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.001
Published
2025-08-12
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVSS Score
8.8
EPSS Score
0.057
Published
2025-08-12
The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-08-12
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVSS Score
6.7
EPSS Score
0.001
Published
2025-08-12
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to perform spoofing over a network.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-08-12
Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.
CVSS Score
6.8
EPSS Score
0.003
Published
2025-08-12
User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-08-12
Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally.
CVSS Score
7.9
EPSS Score
0.001
Published
2025-08-12
Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-08-12
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-08-12