CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4832 matches found

NVD•added 2025/04/08 6:15 p.m.•20 views

CVE-2025-26648

Sensitive data storage in improperly locked memory in Windows Kernel allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00421EPSS

Exploits0References1

NVD•added 2025/04/08 6:15 p.m.•39 views

CVE-2025-21204

Improper link resolution before file access 'link following' in Windows Update Stack allows an authorized attacker to elevate privileges locally...

7.8CVSS0.06394EPSS

Exploits1References3

OSV•added 2025/04/08 6:15 p.m.•0 views

UBUNTU-CVE-2025-26675

Out-of-bounds read in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally...

7.8CVSS5.7AI score0.00515EPSS

Exploits0References3

CVE•added 2025/04/08 5:24 p.m.•107 views

CVE-2025-29804

CVE-2025-29804 is an elevation-of-privilege vulnerability in Microsoft Visual Studio caused by improper access control. A local attacker with LOW privileges and requiring user interaction could elevate privileges on affected Visual Studio components. Public notes reference affected Visual Studio ...

7.3CVSS7.1AI score0.0105EPSS

Exploits0References1Affected Software1

CVE•added 2025/04/08 5:24 p.m.•103 views

CVE-2025-27735

CVE-2025-27735 affects Windows Virtualization-Based Security (VBS) Enclave. The root cause is insufficient verification of data authenticity, enabling an authorized local attacker to bypass a security feature. The connected NCSC listing labels the impact as bypassing a security measure with CVSS ...

6CVSS7.1AI score0.0035EPSS

Exploits0References1Affected Software13

CVE•added 2025/04/08 5:24 p.m.•137 views

CVE-2025-27736

Technical details about CVE-2025-27736 (affected product/versions/root cause/fix) are not disclosed in the provided connected documents. Monitor Microsoft advisories and CVE records for updates and remediation information.

5.5CVSS6.6AI score0.00705EPSS

Exploits0References1Affected Software12

CVE•added 2025/04/08 5:23 p.m.•94 views

CVE-2025-26649

CVE-2025-26649 describes a race condition in Windows Secure Channel (concurrent execution using a shared resource with improper synchronization) that could allow a locally authenticated user to elevate privileges. Primary sources (MSRC/NVD) confirm the vulnerability exists in the Windows Secure C...

7CVSS7.2AI score0.00336EPSS

Exploits0References1Affected Software6

CVE•added 2025/04/08 5:23 p.m.•126 views

CVE-2025-26648

CVE-2025-26648 affects the Windows Kernel. Description: sensitive data stored in memory that is not properly locked can allow an authorized locally authenticated attacker to elevate privileges. The issue is listed under Windows Kernel vulnerabilities (CVE-2025-26648) with high impact (local Privi...

7.8CVSS7.1AI score0.00421EPSS

Exploits0References1Affected Software15

CVE•added 2025/04/08 5:23 p.m.•102 views

CVE-2025-26639

CVE-2025-26639 is a Windows USB Print Driver elevation-of-privilege vulnerability caused by an integer overflow/wraparound in the driver. The issue can be triggered locally by an authorized user with low privileges and no user interaction, potentially allowing a takeover of SYSTEM-level rights. M...

7.8CVSS7.3AI score0.00489EPSS

Exploits0References1Affected Software8

CVE•added 2025/04/08 5:23 p.m.•116 views

CVE-2025-24058

CVE-2025-24058 describes an elevation-of-privilege in the Windows DWM Core Library caused by improper input validation. The vulnerability enables a locally authenticated attacker to escalate privileges (local vector, no user interaction required per CVSS: High, with base score 7.8). Connected sou...

7.8CVSS7.1AI score0.00529EPSS

Exploits0References1Affected Software10

CVE•added 2025/04/08 5:23 p.m.•191 views

CVE-2025-21204

CVE-2025-21204 affects Windows Update Stack with improper link resolution before file access, enabling local privilege elevation for an authenticated user. Public documentation confirms the vulnerability and that Microsoft released fixes as part of April 2025 updates; patches include OS updates t...

7.8CVSS7.1AI score0.06394EPSS

Exploits1References3Affected Software15

CVE•added 2025/04/08 5:23 p.m.•93 views

CVE-2025-24073

CVE-2025-24073 affects the Windows DWM Core Library and stems from improper input validation, enabling a locally authorized attacker to elevate privileges. The vulnerability is described with a base CVSS v3.1 score of 7.8 (High) and local attack vector with low complexity, requiring low privilege...

7.8CVSS7.1AI score0.00529EPSS

Exploits0References1Affected Software13

CVE•added 2025/04/08 5:23 p.m.•110 views

CVE-2025-24074

CVE-2025-24074 affects Microsoft Windows DWM Core Library. It is an Elevation of Privilege due to improper input validation, enabling local privilege escalation with a CVSSv3.1 base score of 7.8 (LOCAL, LOW attack complexity, NO user interaction). Impacted components include the DWM Core Library;...

7.8CVSS7.1AI score0.00529EPSS

Exploits0References1Affected Software10

CVE•added 2025/04/08 5:23 p.m.•121 views

CVE-2025-27475

CVE-2025-27475 is a Windows Update Stack elevation-of-privilege vulnerability. Description: sensitive data stored in improperly locked memory within the Windows Update Stack can enable a locally authenticated attacker to escalate privileges. CVSS v3.1 metrics indicate LOCAL attack vector, HIGH im...

7CVSS7.1AI score0.0032EPSS

Exploits0References1Affected Software3

CVE•added 2025/04/08 5:23 p.m.•82 views

CVE-2025-27476

CVE-2025-27476 is a Windows Digital Media use-after-free vulnerability that enables local privilege escalation on an affected system. Governance: the initial description confirms local elevation of privileges; connected Microsoft advisories and NVD entries indicate Windows Digital Media is the af...

7.8CVSS7.5AI score0.00555EPSS

Exploits0References1Affected Software9