Common Vulnerabilities and Exposures (CVE)
CVE-2025-29817
Uncontrolled search path element in Power Automate allows an authorized attacker to disclose information over a network.
CVE-2025-24073
Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2025-24074
Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2025-29824
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-29823
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-29822
Incomplete list of disallowed inputs in Microsoft Office OneNote allows an unauthorized attacker to bypass a security feature locally.
CVE-2025-29820
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-29821
Improper input validation in Dynamics Business Central allows an authorized attacker to disclose information locally.
CVE-2025-29794
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-29796
User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-29792
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVE-2025-29793
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-29791
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-27750
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-27752
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.