Aggregator

A vulnerability was found in Microsoft SQL Server. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to heap-based buffer overflow. The identification of this vulnerability is CVE-2025-49717. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic has been found in Microsoft SQL Server. Affected is an unknown function. The manipulation leads to uninitialized resource. This vulnerability is traded as CVE-2025-49718. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Microsoft Office and classified as critical. This vulnerability affects unknown code. The manipulation leads to deserialization. This vulnerability was named CVE-2025-47994. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, was found in Microsoft Office. This affects an unknown part. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2025-49696. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Word and classified as critical. This issue affects some unknown processing. The manipulation leads to use after free. The identification of this vulnerability is CVE-2025-49698. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Office. It has been classified as problematic. Affected is an unknown function. The manipulation leads to use after free. This vulnerability is traded as CVE-2025-49699. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Word. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to use after free. This vulnerability is known as CVE-2025-49700. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical has been found in Microsoft Office. This affects an unknown part. The manipulation leads to type confusion. This vulnerability is uniquely identified as CVE-2025-49702. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

苹果在iOS 26中推出新API，允许开发者在欧盟市场开发替代电话和信息的应用程序。这些应用可拨打电话、发送短信和RCS消息，但需开发者在欧盟注册Apple Developer账户。该功能目前仅限于欧盟用户，并计划于秋季正式发布后上线。

A vulnerability, which was classified as critical, has been found in Microsoft Office. Affected by this issue is some unknown functionality. The manipulation leads to use after free. This vulnerability is handled as CVE-2025-49695. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft SharePoint Server. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to improper authorization. This vulnerability is handled as CVE-2025-49701. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in Microsoft Word. This vulnerability affects unknown code. The manipulation leads to use after free. This vulnerability was named CVE-2025-49703. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, has been found in Microsoft SharePoint. This issue affects some unknown processing. The manipulation leads to code injection. The identification of this vulnerability is CVE-2025-49704. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Microsoft SharePoint Server and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper authentication. This vulnerability is known as CVE-2025-49706. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical has been found in Microsoft Windows. Affected is an unknown function of the component Credential Security Support Provider Protocol. The manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2025-47987. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in Microsoft Azure Monitor Agent. Affected by this vulnerability is an unknown functionality. The manipulation leads to code injection. This vulnerability is known as CVE-2025-47988. The attack needs to be done within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows. It has been classified as critical. This affects an unknown part of the component AppX Deployment Service. The manipulation leads to link following. This vulnerability is uniquely identified as CVE-2025-48820. Attacking locally is a requirement. There is no exploit available. It is recommended to apply a patch to fix this issue.

根据国家信息安全漏洞库（CNNVD）统计，本周（2025年6月30日至2025年7月6日）安全漏洞情况如下

Протокол обновлён: расширения, API и поддержка буферов.

A critical information disclosure vulnerability in Microsoft SQL Server, designated as CVE-2025-49719, allows unauthorized attackers to access sensitive data over network connections.  This vulnerability stems from improper input validation within SQL Server’s processing mechanisms, enabling attackers to disclose uninitialized memory contents without requiring authentication or user interaction.  Key Takeaways1. Critical SQL Server bug (CVE-2025-49719) exposes […]

The post Microsoft SQL Server 0-Day Vulnerability Exposes Sensitive Data Over Network appeared first on Cyber Security News.