Security
Headlines
HeadlinesLatestCVEs

Tag

#Security Vulnerability

CVE-2025-53760: Microsoft SharePoint Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.

Microsoft Security Response Center
Open in Source
#vulnerability#microsoft#ssrf#auth#Microsoft Office SharePoint#Security Vulnerability
CVE-2025-25005: Microsoft Exchange Server Tampering Vulnerability

Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network.

CVE-2025-33051: Microsoft Exchange Server Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network.

CVE-2025-53773: GitHub Copilot and Visual Studio Remote Code Execution Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** Exploitation of this vulnerability requires that a user trigger the payload in the application.

CVE-2025-53772: Web Deploy Remote Code Execution Vulnerability

Deserialization of untrusted data in Visual Studio allows an authorized attacker to execute code locally.

CVE-2025-49745: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to perform spoofing over a network.

CVE-2025-49751: Windows Hyper-V Denial of Service Vulnerability

Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.