Common Vulnerability Analyzer Last Full Sync: Fri Jan 16 2026 23:46:49 GMT+0000 (Coordinated Universal Time)
1. ID: CVE-2026-21280
Assigner: psirt@adobe.com
Description: Illustrator versions 29.8.3, 30.0 and earlier are affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. If the application uses a search path to locate critical resources such as programs, an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed.
Published Date: Tue Jan 13 2026 19:16:25 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Wed Jan 14 2026 19:28:23 GMT+0000 (Coordinated Universal Time)
Intake Date: Wed Jan 14 2026 19:29:14 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.6
Base Severity: HIGH
LAST MODIFIED: 22 days ago
2. ID: CVE-2026-21267
Assigner: psirt@adobe.com
Description: Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed.
Published Date: Tue Jan 13 2026 19:16:24 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Wed Jan 14 2026 20:51:15 GMT+0000 (Coordinated Universal Time)
Intake Date: Wed Jan 14 2026 20:52:39 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.6
Base Severity: HIGH
LAST MODIFIED: 22 days ago
3. ID: CVE-2026-21268
Assigner: psirt@adobe.com
Description: Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed.
Published Date: Tue Jan 13 2026 19:16:24 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Wed Jan 14 2026 20:50:52 GMT+0000 (Coordinated Universal Time)
Intake Date: Wed Jan 14 2026 20:52:39 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.6
Base Severity: HIGH
LAST MODIFIED: 22 days ago
4. ID: CVE-2026-21271
Assigner: psirt@adobe.com
Description: Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed.
Published Date: Tue Jan 13 2026 19:16:24 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Wed Jan 14 2026 20:50:28 GMT+0000 (Coordinated Universal Time)
Intake Date: Wed Jan 14 2026 20:51:17 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.6
Base Severity: HIGH
LAST MODIFIED: 22 days ago
5. ID: CVE-2026-21272
Assigner: psirt@adobe.com
Description: Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could leverage this vulnerability to manipulate or inject malicious data into files on the system. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed.
Published Date: Tue Jan 13 2026 19:16:24 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Wed Jan 14 2026 20:49:33 GMT+0000 (Coordinated Universal Time)
Intake Date: Wed Jan 14 2026 20:51:17 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.6
Base Severity: HIGH
LAST MODIFIED: 22 days ago
6. ID: CVE-2026-20963
Assigner: secure@microsoft.com
Description: Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Published Date: Tue Jan 13 2026 18:16:24 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Wed Jan 14 2026 19:17:24 GMT+0000 (Coordinated Universal Time)
Intake Date: Wed Jan 14 2026 19:22:25 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: LOW
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 22 days ago
7. ID: CVE-2026-20953
Assigner: secure@microsoft.com
Description: Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Published Date: Tue Jan 13 2026 18:16:23 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Wed Jan 14 2026 19:56:25 GMT+0000 (Coordinated Universal Time)
Intake Date: Wed Jan 14 2026 19:58:48 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.4
Base Severity: HIGH
LAST MODIFIED: 22 days ago
8. ID: CVE-2026-20952
Assigner: secure@microsoft.com
Description: Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Published Date: Tue Jan 13 2026 18:16:22 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Wed Jan 14 2026 19:55:31 GMT+0000 (Coordinated Universal Time)
Intake Date: Wed Jan 14 2026 19:56:42 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.4
Base Severity: HIGH
LAST MODIFIED: 22 days ago
9. ID: CVE-2026-20947
Assigner: secure@microsoft.com
Description: Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Published Date: Tue Jan 13 2026 18:16:22 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Jan 16 2026 16:17:12 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Jan 16 2026 23:38:34 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 4 days
Privileges Required: LOW
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 20 days ago
10. ID: CVE-2026-20944
Assigner: secure@microsoft.com
Description: Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Published Date: Tue Jan 13 2026 18:16:21 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Jan 16 2026 16:15:25 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Jan 16 2026 23:38:34 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 4 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.4
Base Severity: HIGH
LAST MODIFIED: 20 days ago
11. ID: CVE-2026-20931
Assigner: secure@microsoft.com
Description: External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network.
Published Date: Tue Jan 13 2026 18:16:20 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Jan 16 2026 15:06:39 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Jan 16 2026 23:38:34 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 4 days
Privileges Required: LOW
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8
Base Severity: HIGH
LAST MODIFIED: 20 days ago
12. ID: CVE-2026-20868
Assigner: secure@microsoft.com
Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Published Date: Tue Jan 13 2026 18:16:16 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Jan 15 2026 15:45:10 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Jan 15 2026 16:04:49 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 21 days ago
13. ID: CVE-2026-20856
Assigner: secure@microsoft.com
Description: Improper input validation in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
Published Date: Tue Jan 13 2026 18:16:14 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Jan 15 2026 15:20:22 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Jan 15 2026 15:30:27 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.1
Base Severity: HIGH
LAST MODIFIED: 21 days ago
14. ID: CVE-2025-64155
Assigner: psirt@fortinet.com
Description: An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute unauthorized code or commands via crafted TCP requests.
Published Date: Tue Jan 13 2026 17:15:58 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Wed Jan 14 2026 21:37:40 GMT+0000 (Coordinated Universal Time)
Intake Date: Wed Jan 14 2026 21:40:02 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 9.8
Base Severity: CRITICAL
LAST MODIFIED: 21 days ago
15. ID: CVE-2025-25249
Assigner: psirt@fortinet.com
Description: A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4.0 through 6.4.16, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows attacker to execute unauthorized code or commands via specially crafted packets
Published Date: Tue Jan 13 2026 17:15:56 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Jan 16 2026 09:16:01 GMT+0000 (Coordinated Universal Time)
Intake Date: Wed Jan 14 2026 21:34:07 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.1
Base Severity: HIGH
LAST MODIFIED: 20 days ago
16. ID: CVE-2025-69274
Assigner: vuln@ca.com
Description: Authorization Bypass Through User-Controlled Key vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Privilege Escalation.This issue affects DX NetOps Spectrum: 24.3.10 and earlier.
Published Date: Mon Jan 12 2026 05:16:11 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Wed Jan 14 2026 16:48:55 GMT+0000 (Coordinated Universal Time)
Intake Date: Wed Jan 14 2026 17:20:28 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: LOW
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 22 days ago
17. ID: CVE-2025-69276
Assigner: vuln@ca.com
Description: Deserialization of Untrusted Data vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Object Injection.This issue affects DX NetOps Spectrum: 24.3.13 and earlier.
Published Date: Mon Jan 12 2026 05:16:11 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Wed Jan 14 2026 16:41:50 GMT+0000 (Coordinated Universal Time)
Intake Date: Wed Jan 14 2026 16:45:47 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: LOW
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 22 days ago
18. ID: CVE-2025-69269
Assigner: vuln@ca.com
Description: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows OS Command Injection.This issue affects DX NetOps Spectrum: 23.3.6 and earlier.
Published Date: Mon Jan 12 2026 05:16:10 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Wed Jan 14 2026 18:01:20 GMT+0000 (Coordinated Universal Time)
Intake Date: Wed Jan 14 2026 18:08:35 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 9.8
Base Severity: CRITICAL
LAST MODIFIED: 22 days ago
19. ID: CVE-2025-69270
Assigner: vuln@ca.com
Description: Information Exposure Through Query Strings in GET Request vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Session Hijacking.This issue affects DX NetOps Spectrum: 24.3.8 and earlier.
Published Date: Mon Jan 12 2026 05:16:10 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Wed Jan 14 2026 17:56:04 GMT+0000 (Coordinated Universal Time)
Intake Date: Wed Jan 14 2026 18:08:35 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 9.8
Base Severity: CRITICAL
LAST MODIFIED: 22 days ago
20. ID: CVE-2025-69258
Assigner: security@trendmicro.com
Description: A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations.
Published Date: Thu Jan 08 2026 13:15:42 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Jan 15 2026 19:18:37 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Jan 15 2026 19:20:15 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 8 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 9.8
Base Severity: CRITICAL
LAST MODIFIED: 21 days ago
21. ID: CVE-2024-58315
Assigner: disclosure@vulncheck.com
Description: Tosibox Key Service 3.3.0 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the service startup process by inserting malicious code in the system root path, enabling unauthorized code execution during application startup or system reboot.
Published Date: Tue Dec 30 2025 23:15:48 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Jan 16 2026 19:16:15 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Jan 09 2026 22:05:30 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 10 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.4
Base Severity: HIGH
LAST MODIFIED: 20 days ago
References:
22. ID: CVE-2025-13941
Assigner: 14984358-7092-470d-8f34-ade47a7658a2
Description: A local privilege escalation vulnerability exists in the Foxit PDF Reader/Editor Update Service. During plugin installation, incorrect file system permissions are assigned to resources used by the update service. A local attacker with low privileges could modify or replace these resources, which are later executed by the service, resulting in execution of arbitrary code with SYSTEM privileges.
Published Date: Fri Dec 19 2025 02:16:04 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Tue Dec 23 2025 17:35:55 GMT+0000 (Coordinated Universal Time)
Intake Date: Tue Dec 23 2025 17:38:17 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 5 days
Privileges Required: LOW
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 44 days ago
23. ID: CVE-2025-64675
Assigner: secure@microsoft.com
Description: Improper neutralization of input during web page generation ('cross-site scripting') in Azure Cosmos DB allows an unauthorized attacker to perform spoofing over a network.
Published Date: Fri Dec 19 2025 00:15:52 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Jan 16 2026 17:25:03 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Jan 16 2026 23:38:33 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 29 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: LOW
Base Score: 8.3
Base Severity: HIGH
LAST MODIFIED: 20 days ago
24. ID: CVE-2025-65041
Assigner: secure@microsoft.com
Description: Improper authorization in Microsoft Partner Center allows an unauthorized attacker to elevate privileges over a network.
Published Date: Thu Dec 18 2025 22:16:01 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Tue Jan 06 2026 16:05:51 GMT+0000 (Coordinated Universal Time)
Intake Date: Tue Jan 06 2026 16:07:42 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 19 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 10
Base Severity: CRITICAL
LAST MODIFIED: 30 days ago
25. ID: CVE-2025-64677
Assigner: secure@microsoft.com
Description: Improper neutralization of input during web page generation ('cross-site scripting') in Office Out-of-Box Experience allows an unauthorized attacker to perform spoofing over a network.
Published Date: Thu Dec 18 2025 22:16:01 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Jan 16 2026 17:28:14 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Jan 16 2026 23:38:33 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 30 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: LOW
Availability Impact: NONE
Base Score: 8.2
Base Severity: HIGH
LAST MODIFIED: 20 days ago
26. ID: CVE-2025-65037
Assigner: secure@microsoft.com
Description: Improper control of generation of code ('code injection') in Azure Container Apps allows an unauthorized attacker to execute code over a network.
Published Date: Thu Dec 18 2025 22:16:01 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Jan 15 2026 21:55:28 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Jan 15 2026 21:56:32 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 28 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 10
Base Severity: CRITICAL
LAST MODIFIED: 20 days ago
27. ID: CVE-2025-64663
Assigner: secure@microsoft.com
Description: Custom Question Answering Elevation of Privilege Vulnerability
Published Date: Thu Dec 18 2025 22:16:00 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Jan 16 2026 19:53:36 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Jan 16 2026 23:38:33 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 30 days
Privileges Required: LOW
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 9.9
Base Severity: CRITICAL
LAST MODIFIED: 20 days ago
28. ID: CVE-2025-20393
Assigner: psirt@cisco.com
Description: A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to execute arbitrary system commands on an affected device with root privileges. This vulnerability is due to insufficient validation of HTTP requests by the Spam Quarantine feature. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges.
Published Date: Wed Dec 17 2025 17:15:48 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Jan 16 2026 14:00:12 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Dec 18 2025 15:52:17 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 23 hours
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 10
Base Severity: CRITICAL
LAST MODIFIED: 20 days ago
29. ID: CVE-2025-14765
Assigner: chrome-cve-admin@google.com
Description: Use after free in WebGPU in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Published Date: Tue Dec 16 2025 23:15:44 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Dec 18 2025 19:53:39 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Dec 18 2025 19:55:29 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 49 days ago
30. ID: CVE-2025-14766
Assigner: chrome-cve-admin@google.com
Description: Out of bounds read and write in V8 in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Published Date: Tue Dec 16 2025 23:15:44 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Tue Dec 23 2025 17:06:24 GMT+0000 (Coordinated Universal Time)
Intake Date: Tue Dec 23 2025 17:07:43 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 7 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 44 days ago
31. ID: CVE-2025-14174
Assigner: chrome-cve-admin@google.com
Description: Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Published Date: Fri Dec 12 2025 20:15:39 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Mon Dec 15 2025 15:16:08 GMT+0000 (Coordinated Universal Time)
Intake Date: Mon Dec 15 2025 16:05:24 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 52 days ago
References:
32. ID: CVE-2025-44016
Assigner: psirt@teamviewer.com
Description: A vulnerability in TeamViewer DEX Client (former 1E client) - Content Distribution Service (NomadBranch.exe) prior version 25.11 for Windows allows malicious actors to bypass file integrity validation via a crafted request. By providing a valid hash for a malicious file, an attacker can cause the service to incorrectly validate and process the file as trusted, enabling arbitrary code execution under the Nomad Branch service context.
Published Date: Thu Dec 11 2025 12:16:25 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Wed Jan 14 2026 19:57:03 GMT+0000 (Coordinated Universal Time)
Intake Date: Wed Jan 14 2026 19:58:48 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 35 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 22 days ago
33. ID: CVE-2025-64538
Assigner: psirt@adobe.com
Description: Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by injecting malicious scripts into a web page that are executed in the context of the victim's browser. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. Exploitation of this issue requires user interaction in that a victim must visit a crafted malicious page.
Published Date: Wed Dec 10 2025 19:16:15 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Dec 12 2025 19:58:16 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Dec 12 2025 19:59:35 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: NONE
Base Score: 9.3
Base Severity: CRITICAL
LAST MODIFIED: 55 days ago
34. ID: CVE-2025-64539
Assigner: psirt@adobe.com
Description: Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by injecting malicious scripts into a web page that are executed in the context of the victim's browser. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. Exploitation of this issue requires user interaction in that a victim must visit a crafted malicious page.
Published Date: Wed Dec 10 2025 19:16:15 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Dec 12 2025 19:58:13 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Dec 12 2025 19:59:35 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: NONE
Base Score: 9.3
Base Severity: CRITICAL
LAST MODIFIED: 55 days ago
35. ID: CVE-2025-64537
Assigner: psirt@adobe.com
Description: Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by injecting malicious scripts into a web page that are executed in the context of the victim's browser. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. Exploitation of this issue requires user interaction in that a victim must visit a crafted malicious page.
Published Date: Wed Dec 10 2025 19:16:14 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Dec 12 2025 19:58:19 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Dec 12 2025 19:59:35 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: NONE
Base Score: 9.3
Base Severity: CRITICAL
LAST MODIFIED: 55 days ago
36. ID: CVE-2025-61808
Assigner: psirt@adobe.com
Description: ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could lead to arbitrary code execution by a high priviledged attacker. Exploitation of this issue does not require user interaction and scope is changed.
Published Date: Wed Dec 10 2025 00:16:09 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Dec 12 2025 19:04:17 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Dec 12 2025 19:05:20 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: HIGH
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 9.1
Base Severity: CRITICAL
LAST MODIFIED: 55 days ago
37. ID: CVE-2025-61809
Assigner: psirt@adobe.com
Description: ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access. Exploitation of this issue does not require user interaction and scope is unchanged.
Published Date: Wed Dec 10 2025 00:16:09 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Dec 12 2025 19:04:51 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Dec 12 2025 19:05:20 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: NONE
Base Score: 9.1
Base Severity: CRITICAL
LAST MODIFIED: 55 days ago
38. ID: CVE-2025-61810
Assigner: psirt@adobe.com
Description: ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. A high privileged attacker could exploit this vulnerability by providing maliciously crafted serialized data to the application. Exploitation of this issue requires user interaction and scope is changed.
Published Date: Wed Dec 10 2025 00:16:09 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Dec 12 2025 19:05:29 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Dec 12 2025 19:07:30 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: HIGH
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.4
Base Severity: HIGH
LAST MODIFIED: 55 days ago
39. ID: CVE-2025-61811
Assigner: psirt@adobe.com
Description: ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. A high privileged attacker could leverage this vulnerability to bypass security measures and execute malicious code. Exploitation of this issue does not require user interaction and scope is changed.
Published Date: Wed Dec 10 2025 00:16:09 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Tue Dec 16 2025 16:15:58 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Dec 12 2025 19:07:30 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: HIGH
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.4
Base Severity: HIGH
LAST MODIFIED: 51 days ago
40. ID: CVE-2025-61812
Assigner: psirt@adobe.com
Description: ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could allow a high privileged attacker to gain arbitrary code execution. Exploitation of this issue does not require user interaction.
Published Date: Wed Dec 10 2025 00:16:09 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Dec 12 2025 19:59:21 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Dec 12 2025 19:59:35 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: HIGH
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.4
Base Severity: HIGH
LAST MODIFIED: 55 days ago
41. ID: CVE-2025-61813
Assigner: psirt@adobe.com
Description: ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files on the server. Exploitation of this issue does not require user interaction and scope is changed.
Published Date: Wed Dec 10 2025 00:16:09 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Dec 12 2025 19:07:39 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Dec 12 2025 19:09:25 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: NONE
Availability Impact: LOW
Base Score: 8.2
Base Severity: HIGH
LAST MODIFIED: 55 days ago
42. ID: CVE-2025-64671
Assigner: secure@microsoft.com
Description: Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to execute code locally.
Published Date: Tue Dec 09 2025 18:16:06 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Dec 12 2025 13:57:32 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Dec 12 2025 13:58:35 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.4
Base Severity: HIGH
LAST MODIFIED: 55 days ago
43. ID: CVE-2025-64672
Assigner: secure@microsoft.com
Description: Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
Published Date: Tue Dec 09 2025 18:16:06 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Dec 12 2025 13:47:01 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Dec 12 2025 13:50:10 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: LOW
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 55 days ago
44. ID: CVE-2025-64678
Assigner: secure@microsoft.com
Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Published Date: Tue Dec 09 2025 18:16:06 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Wed Dec 10 2025 19:02:35 GMT+0000 (Coordinated Universal Time)
Intake Date: Wed Dec 10 2025 19:05:14 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 57 days ago
45. ID: CVE-2025-64447
Assigner: psirt@fortinet.com
Description: A reliance on cookies without validation and integrity checking vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to execute arbitrary operations on the system via crafted HTTP or HTTPS request via forged cookies, requiring prior knowledge of the FortiWeb serial number.
Published Date: Tue Dec 09 2025 18:16:05 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Tue Dec 09 2025 20:40:27 GMT+0000 (Coordinated Universal Time)
Intake Date: Tue Dec 09 2025 20:42:16 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 hours
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.1
Base Severity: HIGH
LAST MODIFIED: 58 days ago
46. ID: CVE-2025-62557
Assigner: secure@microsoft.com
Description: Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Published Date: Tue Dec 09 2025 18:16:01 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Wed Dec 10 2025 15:41:46 GMT+0000 (Coordinated Universal Time)
Intake Date: Wed Dec 10 2025 15:47:01 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 22 hours
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.4
Base Severity: HIGH
LAST MODIFIED: 57 days ago
47. ID: CVE-2025-62550
Assigner: secure@microsoft.com
Description: Out-of-bounds write in Azure Monitor Agent allows an authorized attacker to execute code over a network.
Published Date: Tue Dec 09 2025 18:16:00 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Wed Dec 10 2025 19:23:31 GMT+0000 (Coordinated Universal Time)
Intake Date: Wed Dec 10 2025 19:24:59 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: LOW
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 57 days ago
48. ID: CVE-2025-62554
Assigner: secure@microsoft.com
Description: Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
Published Date: Tue Dec 09 2025 18:16:00 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Wed Dec 10 2025 18:37:25 GMT+0000 (Coordinated Universal Time)
Intake Date: Wed Dec 10 2025 18:39:13 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.4
Base Severity: HIGH
LAST MODIFIED: 57 days ago
49. ID: CVE-2025-62549
Assigner: secure@microsoft.com
Description: Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Published Date: Tue Dec 09 2025 18:15:59 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Wed Dec 24 2025 15:16:01 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Dec 12 2025 20:06:47 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 4 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 43 days ago
References:
50. ID: CVE-2025-62456
Assigner: secure@microsoft.com
Description: Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an authorized attacker to execute code over a network.
Published Date: Tue Dec 09 2025 18:15:57 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Dec 12 2025 20:03:27 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Dec 12 2025 20:04:48 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 4 days
Privileges Required: LOW
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 55 days ago