Total
706 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-59717 | 1 Digitalocean | 1 Do-markdownit | 2025-09-19 | 5.4 Medium |
| In the @digitalocean/do-markdownit package through 1.16.1 (in npm), the callout and fence_environment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string (instead of an array). | ||||
| CVE-2025-54915 | 2025-09-18 | 6.7 Medium | ||
| Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54109 | 2025-09-18 | 6.7 Medium | ||
| Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54104 | 2025-09-18 | 6.7 Medium | ||
| Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54094 | 2025-09-18 | 6.7 Medium | ||
| Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-53810 | 2025-09-18 | 6.7 Medium | ||
| Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-53808 | 2025-09-18 | 6.7 Medium | ||
| Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55236 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-09-18 | 7.3 High |
| Time-of-check time-of-use (toctou) race condition in Graphics Kernel allows an authorized attacker to execute code locally. | ||||
| CVE-2025-8000 | 1 Ashlar | 1 Cobalt | 2025-09-18 | N/A |
| Ashlar-Vellum Cobalt LI File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of LI files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26051. | ||||
| CVE-2025-7999 | 1 Ashlar | 1 Cobalt | 2025-09-18 | N/A |
| Ashlar-Vellum Cobalt AR File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of AR files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26049. | ||||
| CVE-2025-7995 | 1 Ashlar | 1 Cobalt | 2025-09-18 | N/A |
| Ashlar-Vellum Cobalt CO File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25981. | ||||
| CVE-2025-8005 | 1 Ashlar | 1 Cobalt | 2025-09-18 | N/A |
| Ashlar-Vellum Cobalt XE File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XE files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26237. | ||||
| CVE-2025-8002 | 1 Ashlar | 1 Cobalt | 2025-09-18 | N/A |
| Ashlar-Vellum Cobalt CO File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26233. | ||||
| CVE-2025-50155 | 1 Microsoft | 19 Server, Windows, Windows 10 1507 and 16 more | 2025-09-17 | 7.8 High |
| Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-53739 | 1 Microsoft | 13 365, 365 Apps, Excel and 10 more | 2025-09-17 | 7.8 High |
| Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-53726 | 1 Microsoft | 21 Server, Windows, Windows 10 and 18 more | 2025-09-17 | 7.8 High |
| Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-53725 | 1 Microsoft | 21 Server, Windows, Windows 10 and 18 more | 2025-09-17 | 7.8 High |
| Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-53724 | 1 Microsoft | 17 Windows, Windows 10 1507, Windows 10 1607 and 14 more | 2025-09-17 | 7.8 High |
| Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-53145 | 1 Microsoft | 21 Windows, Windows 10, Windows 10 1507 and 18 more | 2025-09-17 | 8.8 High |
| Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. | ||||
| CVE-2025-53144 | 1 Microsoft | 20 Windows, Windows 10, Windows 10 1507 and 17 more | 2025-09-17 | 8.8 High |
| Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. | ||||