Shodan
Vulnerabilities
Vulnerable Software
Microsoft:  Security Vulnerabilities
CVE-2025-66498
A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing U3D data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting in memory corruption.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-12-19
CVE-2025-66493
A use-after-free vulnerability exists in the AcroForm handling of Foxit PDF Reader and Foxit PDF Editor before 2025.2.1,14.0.1 and 13.2.1 on Windows . When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed or dereferenced, potentially allowing a remote attacker to execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.001
Published
2025-12-19
CVE-2025-13941
A local privilege escalation vulnerability exists in the Foxit PDF Reader/Editor Update Service. During plugin installation, incorrect file system permissions are assigned to resources used by the update service. A local attacker with low privileges could modify or replace these resources, which are later executed by the service, resulting in execution of arbitrary code with SYSTEM privileges.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-12-19
CVE-2025-64675
Improper neutralization of input during web page generation ('cross-site scripting') in Azure Cosmos DB allows an unauthorized attacker to perform spoofing over a network.
CVSS Score
8.3
EPSS Score
0.001
Published
2025-12-19
CVE-2025-64677
Improper neutralization of input during web page generation ('cross-site scripting') in Office Out-of-Box Experience allows an unauthorized attacker to perform spoofing over a network.
CVSS Score
8.2
EPSS Score
0.001
Published
2025-12-18
CVE-2025-65037
Improper control of generation of code ('code injection') in Azure Container Apps allows an unauthorized attacker to execute code over a network.
CVSS Score
10.0
EPSS Score
0.001
Published
2025-12-18
CVE-2025-65041
Improper authorization in Microsoft Partner Center allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
10.0
EPSS Score
0.001
Published
2025-12-18
CVE-2025-65046
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVSS Score
3.1
EPSS Score
0.001
Published
2025-12-18
CVE-2025-64663
Custom Question Answering Elevation of Privilege Vulnerability
CVSS Score
9.9
EPSS Score
0.001
Published
2025-12-18
CVE-2025-64676
'.../...//' in Microsoft Purview allows an authorized attacker to execute code over a network.
CVSS Score
7.2
EPSS Score
0.001
Published
2025-12-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved