CVE-2025-64658

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Shell allows an authorized attacker to elevate privileges locally...

CVE-2025-62569

Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally...

(Pwn2Own) oFono CUSD Stack-based Buffer Overflow Code Execution Vulnerability

This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of responses from AT+CUSD...

CVE-2025-64658

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Shell allows an authorized attacker to elevate privileges locally...

CVE-2025-62569

Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally...

CVE-2025-62469

Concurrent execution using shared resource with improper synchronization 'race condition' in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally...

CVE-2025-62221

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally...

CVE-2025-62455

Improper input validation in Windows Message Queuing allows an authorized attacker to elevate privileges locally...

EUVD-2025-202228

Null pointer dereference in Windows DirectX allows an authorized attacker to deny service locally...

EUVD-2025-202232

Improper access control in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally...

EUVD-2025-202249

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...

CVE-2025-2296

EDK2 contains a vulnerability in BIOS where an attacker may cause “ Improper Input Validation” by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary command execution and impacting Confidentiality, Integrity, and...

Windows Projected File System Elevation of Privilege Vulnerability

Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally...

Windows Camera Frame Server Monitor Information Disclosure Vulnerability

Improper access control in Windows Camera Frame Server Monitor allows an authorized attacker to disclose information locally...

Windows Projected File System Elevation of Privilege Vulnerability

Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally...

PT-2025-50188

Name of the Vulnerable Software and Affected Versions Microsoft Office Excel affected versions not specified Description An out-of-bounds read issue exists in Microsoft Office Excel. This flaw could allow a remote attacker to execute arbitrary code on the affected system. Recommendations At the...

PT-2025-50157

Name of the Vulnerable Software and Affected Versions Windows Message Queuing affected versions not specified Description A flaw in input validation within Windows Message Queuing can allow a local attacker to gain higher privileges on a system. This issue enables an authorized attacker to elevat...

PT-2025-50159

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description An issue exists in the Windows Cloud Files Mini Filter Driver that could allow a local attacker to gain elevated privileges. The issue is an out-of-bounds read condition. This could allow an...

CVE-2025-13876 Rareprob HD Video Player All Formats App com.rocks.music.videoplayer path traversal

A security vulnerability has been detected in Rareprob HD Video Player All Formats App 12.1.372 on Android. Impacted is an unknown function of the component com.rocks.music.videoplayer. The manipulation leads to path traversal. The attack needs to be performed locally. The exploit has been...

CVE-2025-20789

In GPU pdma, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS10117741; Issue ID: MSV-4538...