8.3
CVE-2025-62459 - Microsoft Defender Portal Spoofing Vulnerability
Microsoft Defender Portal Spoofing Vulnerability
5.7
CVE-2025-64660 - GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability
Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature over a network.
8.6
CVE-2025-62207 - Azure Monitor Elevation of Privilege Vulnerability
Azure Monitor Elevation of Privilege Vulnerability
10
CVE-2025-49752 - Azure Bastion Elevation of Privilege Vulnerability
Azure Bastion Elevation of Privilege Vulnerability
9.8
CVE-2025-59245 - Microsoft SharePoint Online Elevation of Privilege Vulnerability
Microsoft SharePoint Online Elevation of Privilege Vulnerability
8.8
CVE-2025-64655 - Dynamics OmniChannel SDK Storage Containers Elevation of Privilege Vulnerability
Improper authorization in Dynamics OmniChannel SDK Storage Containers allows an unauthorized attacker to elevate privileges over a network.
8.8
CVE-2025-36072 - IBM webMethods Integration Deserialization
IBM webMethods Integration 10.11 through 10.11_Core_Fix22, 10.15 through 10.15_Core_Fix22, and 11.1 through 11.1_Core_Fix6 IBM webMethods Integration allow an authenticated user to execute arbitrary code on the system, caused by the deserialization of untrusted object graphs data.
7.5
CVE-2025-13087 - Command Injection in Opto22 Groov REST API
A vulnerability exists in the Opto22 Groov Manage REST API on GRV-EPIC and groov RIO Products that allows remote code execution with root privileges. When a POST request is executed against the vulnerable endpoint, the application reads certain header details and unsafely uses these values to buildโฆ
6.1
CVE-2025-36153 - IBM Concert Cross-Site Scripting
IBM Concert 1.0.0 through 2.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
5.1
CVE-2025-36158 - IBM Concert Information Disclosure
IBM Concert 1.0.0 through 2.0.0 could allow a local user with specific permission to obtain sensitive information from files due to uncontrolled recursive directory copying.