CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49715 – Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-49715
20 Jun 2025 — Exposure of private personal information to an unauthorized actor in Dynamics 365 FastTrack Implementation Assets allows an unauthorized attacker to disclose information over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49715 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-32711 – M365 Copilot Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-32711
11 Jun 2025 — Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network. • https://github.com/daryllundy/cve-2025-32711 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.6EPSS: 0%CPEs: 6EXPL: 0CVE-2025-30399 – .NET and Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-30399
11 Jun 2025 — Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network. A remote code execution vulnerability in .NET 8.0 and 9.0. An attacker who can place malicious files in specific locations may trigger unintended code execution when the .NET runtime loads these files. It was discovered that .NET did not properly validate search path in Microsoft.NETCore.App.Runtime. An attacker could possibly use this issue to execute arbitrary code. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30399 • CWE-426: Untrusted Search Path CWE-427: Uncontrolled Search Path Element •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32717 – Microsoft Word Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-32717
10 Jun 2025 — Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32717 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47968 – Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-47968
10 Jun 2025 — Improper input validation in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47968 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-47176 – Microsoft Outlook Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-47176
10 Jun 2025 — '.../...//' in Microsoft Office Outlook allows an authorized attacker to execute code locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47176 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-47175 – Microsoft PowerPoint Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-47175
10 Jun 2025 — Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47175 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-47174 – Microsoft Excel Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-47174
10 Jun 2025 — Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47174 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-47173 – Microsoft Office Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-47173
10 Jun 2025 — Improper input validation in Microsoft Office allows an unauthorized attacker to execute code locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47173 • CWE-641: Improper Restriction of Names for Files and Other Resources •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2025-47172 – Microsoft SharePoint Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-47172
10 Jun 2025 — Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47172 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •