8.8
CVE-2025-64672 - Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
8.4
CVE-2025-64671 - GitHub Copilot for Jetbrains Remote Code Execution Vulnerability
Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to execute code locally.
7.8
CVE-2025-64661 - Windows Shell Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally.
7.3
CVE-2025-62565 - Windows File Explorer Elevation of Privilege Vulnerability
Use after free in Windows Shell allows an authorized attacker to elevate privileges locally.
7.1
CVE-2025-62570 - Windows Camera Frame Server Monitor Information Disclosure Vulnerability
Improper access control in Windows Camera Frame Server Monitor allows an authorized attacker to disclose information locally.
7
CVE-2025-62569 - Microsoft Brokering File System Elevation of Privilege Vulnerability
Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
5.3
CVE-2025-62567 - Windows Hyper-V Denial of Service Vulnerability
Integer underflow (wrap or wraparound) in Windows Hyper-V allows an authorized attacker to deny service over a network.
7.8
CVE-2025-62560 - Microsoft Excel Remote Code Execution Vulnerability
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
7.8
CVE-2025-62559 - Microsoft Word Remote Code Execution Vulnerability
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
7.8
CVE-2025-62558 - Microsoft Word Remote Code Execution Vulnerability
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.