Common Vulnerabilities and Exposures (CVE)

CVE-2025-60722

Nov 21, 2025 19:06:52 UTC

Improper limitation of a pathname to a restricted directory ('path traversal') in OneDrive for Android allows an authorized attacker to elevate privileges over a network.

CVE-2025-60719

Nov 21, 2025 19:06:51 UTC

Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2025-62216

Nov 21, 2025 19:06:50 UTC

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2025-62210

Nov 21, 2025 19:06:50 UTC

Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network.

CVE-2025-62206

Nov 21, 2025 19:06:49 UTC

Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network.

CVE-2025-62199

Nov 21, 2025 19:06:49 UTC

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2025-60728

Nov 21, 2025 19:06:48 UTC

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.

CVE-2025-60727

Nov 21, 2025 19:06:47 UTC

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-60726

Nov 21, 2025 19:06:47 UTC

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

CVE-2025-60710

Nov 21, 2025 19:06:46 UTC

Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.

CVE-2025-60709

Nov 21, 2025 19:06:45 UTC

Out-of-bounds read in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

CVE-2025-60708

Nov 21, 2025 19:06:45 UTC

Untrusted pointer dereference in Storvsp.sys Driver allows an authorized attacker to deny service locally.

CVE-2025-60707

Nov 21, 2025 19:06:44 UTC

Use after free in Multimedia Class Scheduler Service (MMCSS) allows an authorized attacker to elevate privileges locally.

CVE-2025-60706

Nov 21, 2025 19:06:44 UTC

Out-of-bounds read in Windows Hyper-V allows an authorized attacker to disclose information locally.

CVE-2025-60705

Nov 21, 2025 19:06:43 UTC

Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.