CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-64657 – Azure Application Gateway Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-64657
26 Nov 2025 — Stack-based buffer overflow in Azure Application Gateway allows an unauthorized attacker to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64657 • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-64656 – Azure Application Gateway Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-64656
26 Nov 2025 — Out-of-bounds read in Application Gateway allows an unauthorized attacker to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64656 • CWE-125: Out-of-bounds Read •
CVSS: 9.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-62459 – Microsoft Defender Portal Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2025-62459
20 Nov 2025 — Microsoft Defender Portal Spoofing Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62459 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-64660 – GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-64660
20 Nov 2025 — Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature over a network. Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64660 • CWE-284: Improper Access Control •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-62207 – Azure Monitor Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-62207
20 Nov 2025 — Azure Monitor Elevation of Privilege Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62207 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49752 – Azure Bastion Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-49752
20 Nov 2025 — Azure Bastion Elevation of Privilege Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49752 • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-59245 – Microsoft SharePoint Online Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-59245
20 Nov 2025 — Microsoft SharePoint Online Elevation of Privilege Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59245 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-61835 – Substance3D - Stager | Integer Underflow (Wrap or Wraparound) (CWE-191)
https://notcve.org/view.php?id=CVE-2025-61835
11 Nov 2025 — Substance3D - Stager versions 3.1.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. • https://helpx.adobe.com/security/products/substance3d_stager/apsb25-113.html • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-61833 – Substance3D - Stager | Out-of-bounds Read (CWE-125)
https://notcve.org/view.php?id=CVE-2025-61833
11 Nov 2025 — Substance3D - Stager versions 3.1.5 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. • https://helpx.adobe.com/security/products/substance3d_stager/apsb25-113.html • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-64531 – Substance3D - Stager | Use After Free (CWE-416)
https://notcve.org/view.php?id=CVE-2025-64531
11 Nov 2025 — Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. • https://helpx.adobe.com/security/products/substance3d_stager/apsb25-113.html • CWE-416: Use After Free •