Page 13 of 20561 results (0.007 seconds)

CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0

CVE-2025-29815 – Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2025-29815

04 Apr 2025 — Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network. Use after free en Microsoft Edge (basado en Chromium) permite que un atacante autorizado ejecute código a través de una red. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29815 • CWE-416: Use After Free •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2025-25001 – Microsoft Edge for iOS Spoofing Vulnerability

https://notcve.org/view.php?id=CVE-2025-25001

04 Apr 2025 — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. La neutralización incorrecta de la entrada durante la generación de páginas web ('cross-site scripting') en Microsoft Edge (basado en Chromium) permite que un atacante no autorizado realice suplantación de identidad a través de una red. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-25001 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2025-25000 – Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2025-25000

03 Apr 2025 — Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. El acceso a un recurso mediante un tipo incompatible ('confusión de tipos') en Microsoft Edge (basado en Chromium) permite que un atacante no autorizado ejecute código a través de una red. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-25000 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0

CVE-2025-21384 – Azure Health Bot Elevation of Privilege Vulnerability

https://notcve.org/view.php?id=CVE-2025-21384

01 Apr 2025 — An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21384 • CWE-693: Protection Mechanism Failure •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2025-29795 – Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability

https://notcve.org/view.php?id=CVE-2025-29795

23 Mar 2025 — Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29795 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2025-29806 – Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2025-29806

23 Mar 2025 — No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29806 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2025-29814 – Microsoft Partner Center Elevation of Privilege Vulnerability

https://notcve.org/view.php?id=CVE-2025-29814

21 Mar 2025 — Improper authorization in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network. • https://github.com/SatiresHashi/CVE-2025-29814 • CWE-20: Improper Input Validation •

CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0

CVE-2025-29807 – Microsoft Dataverse Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2025-29807

21 Mar 2025 — Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29807 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-502: Deserialization of Untrusted Data •

CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2025-24053 – Microsoft Dataverse Elevation of Privilege Vulnerability

https://notcve.org/view.php?id=CVE-2025-24053

13 Mar 2025 — Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24053 • CWE-285: Improper Authorization •

CVSS: 10.0EPSS: 0%CPEs: 28EXPL: 0

CVE-2025-26645 – Remote Desktop Client Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2025-26645

11 Mar 2025 — Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26645 • CWE-23: Relative Path Traversal CWE-284: Improper Access Control •