Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2025-03-11 CVE-2025-25008 Improper link resolution before file access ('link following') in Microsoft Windows allows an authorized attacker to elevate privileges locally.
local
low complexity
CWE-59
7.1
2025-03-11 CVE-2025-26627 Improper neutralization of special elements used in a command ('command injection') in Azure Arc allows an authorized attacker to elevate privileges locally.
local
high complexity
CWE-77
7.0
2025-03-11 CVE-2025-26629 Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
local
low complexity
CWE-416
7.8
2025-03-11 CVE-2025-26630 Use after free in Microsoft Office Access allows an unauthorized attacker to execute code locally.
local
low complexity
CWE-416
7.8
2025-03-11 CVE-2025-26631 Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally.
local
low complexity
CWE-427
7.3
2025-03-11 CVE-2025-26634 Heap-based buffer overflow in Windows Core Messaging allows an authorized attacker to elevate privileges over a network.
network
high complexity
CWE-122
7.5
2025-03-11 CVE-2025-26645 Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
network
low complexity
CWE-23
8.8
2025-03-11 CVE-2025-27172 Out-of-bounds Write vulnerability in Adobe Substance 3D Designer
Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
local
low complexity
adobe CWE-787
7.8
2025-03-11 CVE-2025-27363 An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files.
network
high complexity
freetype debian
8.1
2025-03-11 CVE-2025-2193 Path Traversal vulnerability in Mrcms 3.1.2
A vulnerability has been found in MRCMS 3.1.2 and classified as critical.
network
low complexity
mrcms CWE-22
8.1