Vulnerability Details

CVE-2025-30320 • published on May 13, 2025 InDesign Desktop versions ID19.5.2, ID20.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-30318 • published on May 13, 2025 InDesign Desktop versions ID19.5.2, ID20.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-30319 • published on May 13, 2025 InDesign Desktop versions ID19.5.2, ID20.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-0035 • published on May 13, 2025 Unquoted search path within AMD Cloud Manageability Service can allow a local attacker to escalate privileges, potentially resulting in arbitrary code execution.

CVE-2025-47280 • published on May 13, 2025 Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior to versions 13.4.2 and 15.1.2, the 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workflow configured vulnerable, as it allows sending the message from a trusted system and address, potentially bypassing spam and email client security systems. This issue affects all (supported) versions Umbraco Forms and is patched in 13.4.2 and 15.1.2. Unpatched or unsupported versions can workaround this issue by using the `Send email with template (Razor)` workflow instead or writing a custom workflow type. To avoid accidentally using the vulnerable workflow again, the `SendEmail` workflow type can be removed using a composer available in the GitHub Security Advisory for this vulnerability.

CVE-2024-36321 • published on May 13, 2025 Unquoted search path within AIM-T Manageability Service can allow a local attacker to escalate privileges, potentially resulting in arbitrary code execution.

CVE-2024-6364 • published on May 13, 2025 A vulnerability in Absolute Persistence® versions before 2.8 exists when it is not activated. This may allow a skilled attacker with both physical access to the device, and full hostile network control, to initiate OS commands on the device. To remediate this vulnerability, update the device firmware to the latest available version. Please contact the device manufacturer for upgrade instructions or contact Absolute Security, see reference below.

CVE-2025-24063 • published on May 13, 2025 Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2025-32707 • published on May 13, 2025 Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.

CVE-2025-32705 • published on May 13, 2025 Out-of-bounds read in Microsoft Office Outlook allows an unauthorized attacker to execute code locally.

CVE-2025-32704 • published on May 13, 2025 Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-32702 • published on May 13, 2025 Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally.

CVE-2025-30397 • published on May 13, 2025 Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.

CVE-2025-30388 • published on May 13, 2025 Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.

CVE-2025-30385 • published on May 13, 2025 Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

CVE-2025-29974 • published on May 13, 2025 Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose information over an adjacent network.

CVE-2025-29963 • published on May 13, 2025 Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.

CVE-2025-29962 • published on May 13, 2025 Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.

CVE-2025-29961 • published on May 13, 2025 Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

CVE-2025-29958 • published on May 13, 2025 Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Recent Vulnerabilities