Vulnerabilities > Microsoft

DATE CVE VULNERABILITY TITLE RISK
2025-05-13 CVE-2025-30377 Use After Free vulnerability in Microsoft products
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
local
low complexity
microsoft CWE-416
7.8
7.8
2025-05-13 CVE-2025-30378 Deserialization of Untrusted Data vulnerability in Microsoft Sharepoint Server
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.
local
high complexity
microsoft CWE-502
7.0
7.0
2025-05-13 CVE-2025-30382 Deserialization of Untrusted Data vulnerability in Microsoft Sharepoint Server
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.
local
low complexity
microsoft CWE-502
7.8
7.8
2025-05-13 CVE-2025-30384 Deserialization of Untrusted Data vulnerability in Microsoft Sharepoint Server
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.
local
high complexity
microsoft CWE-502
7.0
7.0
2025-05-13 CVE-2025-30385 Use After Free vulnerability in Microsoft products
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
local
low complexity
microsoft CWE-416
7.8
7.8
2025-05-13 CVE-2025-30386 Use After Free vulnerability in Microsoft products
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
local
low complexity
microsoft CWE-416
7.8
7.8
2025-05-13 CVE-2025-30387 Path Traversal vulnerability in Microsoft Azure AI Document Intelligence Studio
Improper limitation of a pathname to a restricted directory ('path traversal') in Azure allows an unauthorized attacker to elevate privileges over a network.
network
low complexity
microsoft CWE-22
critical
 9.8
9.8
2025-05-13 CVE-2025-30388 Heap-based Buffer Overflow vulnerability in Microsoft products
Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
local
low complexity
microsoft CWE-122
7.8
7.8
2025-05-13 CVE-2025-30394 Sensitive Data Storage in Improperly Locked Memory vulnerability in Microsoft products
Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network.
network
high complexity
microsoft CWE-591
5.9
5.9
2025-05-13 CVE-2025-30397 Type Confusion vulnerability in Microsoft products
Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.
network
high complexity
microsoft CWE-843
7.5
7.5