CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2025-26646 – .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2025-26646
13 May 2025 — External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network. A flaw was found in .NET and Visual Studio. This vulnerability allows an attacker to use specially crafted input to spoof trusted content or identities, potentially misleading users or systems. This issue requires user interaction and limited privileges but can lead to unauthorized actions or escalation due to incorrect identity or content validati... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26646 • CWE-73: External Control of File Name or Path CWE-290: Authentication Bypass by Spoofing •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2025-24063 – Kernel Streaming Service Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-24063
13 May 2025 — Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24063 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2025-32707 – NTFS Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-32707
13 May 2025 — Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32707 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-32705 – Microsoft Outlook Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-32705
13 May 2025 — Out-of-bounds read in Microsoft Office Outlook allows an unauthorized attacker to execute code locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32705 • CWE-125: Out-of-bounds Read •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32704 – Microsoft Excel Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-32704
13 May 2025 — Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32704 • CWE-126: Buffer Over-read •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-32702 – Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-32702
13 May 2025 — Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32702 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.6EPSS: 11%CPEs: 26EXPL: 0CVE-2025-30397 – Microsoft Windows Scripting Engine Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2025-30397
13 May 2025 — Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network. Microsoft Windows Scripting Engine contains a type confusion vulnerability that allows an unauthorized attacker to execute code over a network via a specially crafted URL. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30397 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 30EXPL: 0CVE-2025-30388 – Windows Graphics Component Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-30388
13 May 2025 — Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30388 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2025-30385 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-30385
13 May 2025 — Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30385 • CWE-416: Use After Free •
CVSS: 6.1EPSS: 0%CPEs: 26EXPL: 0CVE-2025-29974 – Windows Kernel Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-29974
13 May 2025 — Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose information over an adjacent network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29974 • CWE-125: Out-of-bounds Read CWE-191: Integer Underflow (Wrap or Wraparound) •