CVE-2025-61663 Grub2: missing unregister call for normal commands may lead to use-after-free
Published December 13, 2025
Information published.
Microsoft Security Response Center Blog Alerts
CVE-2025-61662 Grub2: missing unregister call for gettext command may lead to use-after-free
Published December 13, 2025
Information published.
CVE-2025-49175 Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: out-of-bounds read in x rendering extension animated cursors
Published December 12, 2025
Information published.
CVE-2025-39927 ceph: fix race condition validating r_parent before applying state
Published December 12, 2025
Information published.
Chromium: CVE-2025-14373 Inappropriate implementation in Toolbar
Published December 12, 2025
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
CVE-2025-49176 Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in big requests extension
Published December 12, 2025
Information published.
CVE-2025-49177 Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: data leak in xfixes extension's xfixessetclientdisconnectmode
Published December 12, 2025
Information published.
CVE-2025-49179 Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in x record extension
Published December 12, 2025
Information published.
CVE-2025-47912 Insufficient validation of bracketed IPv6 hostnames in net/url
Published December 12, 2025
Information published.
CVE-2025-58188 Panic when validating certificates with DSA public keys in crypto/x509
Published December 12, 2025
Information published.
