21767 matches found
Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability
Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally...
Remote Desktop Spoofing Vulnerability
Insufficient UI warning of dangerous operations in Remote Desktop Client allows an unauthorized attacker to perform spoofing over a network...
Azure Service Fabric Runtime Elevation of Privilege Vulnerability
Improper link resolution before file access 'link following' in Service Fabric allows an authorized attacker to elevate privileges locally...
AMD: CVE-2024-36350 Transient Scheduler Attack in Store Queue
The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protecti...
Windows Graphics Component Elevation of Privilege Vulnerability
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally...
Windows SmartScreen Security Feature Bypass Vulnerability
Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network...
Microsoft SQL Server Information Disclosure Vulnerability
Use of uninitialized resource in SQL Server allows an unauthorized attacker to disclose information over a network...
Microsoft SharePoint Remote Code Execution Vulnerability
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...
Microsoft Word Remote Code Execution Vulnerability
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally...
Microsoft Virtual Hard Disk Remote Code Execution Vulnerability
Integer overflow or wraparound in Virtual Hard Disk VHDX allows an unauthorized attacker to execute code locally...
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Out-of-bounds read in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to disclose information over a network...
Windows Shell Elevation of Privilege Vulnerability
Numeric truncation error in Windows Shell allows an authorized attacker to elevate privileges locally...
Windows Event Tracing Elevation of Privilege Vulnerability
Use after free in Windows Event Tracing allows an authorized attacker to elevate privileges locally...
Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability
Sensitive data storage in improperly locked memory in Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges over an adjacent network...
HID Class Driver Elevation of Privilege Vulnerability
Integer overflow or wraparound in HID class driver allows an authorized attacker to elevate privileges locally...
Remote Desktop Client Remote Code Execution Vulnerability
Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network...
Windows BitLocker Security Feature Bypass Vulnerability
Acceptance of extraneous untrusted data with trusted data in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack...
Windows BitLocker Security Feature Bypass Vulnerability
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack...
Windows Update Service Elevation of Privilege Vulnerability
Improper link resolution before file access 'link following' in Windows Update Service allows an authorized attacker to elevate privileges locally...
Windows BitLocker Security Feature Bypass Vulnerability
Time-of-check time-of-use toctou race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack...
Windows Storage VSP Driver Elevation of Privilege Vulnerability
Improper input validation in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally...
Windows Kerberos Denial of Service Vulnerability
Out-of-bounds read in Windows Kerberos allows an authorized attacker to deny service over a network...
Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability
Double free in Windows SSDP Service allows an authorized attacker to elevate privileges locally...
Microsoft Configuration Manager Remote Code Execution Vulnerability
Improper neutralization of special elements used in an sql command 'sql injection' in Microsoft Configuration Manager allows an authorized attacker to execute code over an adjacent network...
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...
Microsoft SQL Server Remote Code Execution Vulnerability
Heap-based buffer overflow in SQL Server allows an authorized attacker to execute code over a network...
Microsoft Excel Information Disclosure Vulnerability
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally...
Microsoft PC Manager Elevation of Privilege Vulnerability
Improper access control in Microsoft PC Manager allows an authorized attacker to elevate privileges locally...
Microsoft Brokering File System Elevation of Privilege Vulnerability
Null pointer dereference in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally...
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...
Windows Event Tracing Elevation of Privilege Vulnerability
Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate privileges locally...
Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability
Buffer over-read in Virtual Hard Disk VHDX allows an unauthorized attacker to elevate privileges locally...
Windows Kernel Information Disclosure Vulnerability
Processor optimization removal or modification of security-critical code in Windows Kernel allows an authorized attacker to disclose information locally...
Microsoft Teams Elevation of Privilege Vulnerability
Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network...
Windows Notification Elevation of Privilege Vulnerability
Use after free in Windows Notification allows an authorized attacker to elevate privileges locally...
Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability
Use after free in Windows KDC Proxy Service KPSSVC allows an unauthorized attacker to execute code over a network...
GitHub: CVE-2025-48386 Git Credential Helper Vulnerability
CVE-2025-48386 is regarding a vulnerability in Git where the wincred credential helper uses a static buffer target as a unique key for storing and comparing against internal storage. This credential helper does not properly bounds check the available space remaining in the buffer before appending...
GitHub: CVE-2025-48385 Git Protocol Injection Vulnerability
CVE-2025-48385 is regarding a vulnerability in Git where when cloning a repository Git knows to optionally fetch a bundle advertised by the remote server, which allows the server-side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised...
GitHub: CVE-2025-48384 Git Symlink Vulnerability
CVE-2025-48384 is regarding a vulnerability in Git where when reading a config value, Git strips any trailing carriage return and line feed CRLF. When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a...
GitHub: CVE-2025-27614 Gitk Arbitrary Code Execution Vulnerability
CVE-2025-27614 is regarding a vulnerability in Gitk where a Git repository can be crafted in such a way that a user who has cloned the repository can be tricked into running any script supplied by the attacker by invoking gitk filename, where filename has a particular structure. GitHub created th...
Windows Input Method Editor (IME) Elevation of Privilege Vulnerability
Use after free in Microsoft Input Method Editor IME allows an authorized attacker to elevate privileges locally...
Windows Input Method Editor (IME) Elevation of Privilege Vulnerability
Out-of-bounds read in Microsoft Input Method Editor IME allows an authorized attacker to elevate privileges locally...
Windows TCP/IP Driver Elevation of Privilege Vulnerability
Null pointer dereference in Windows TCP/IP allows an authorized attacker to elevate privileges locally...
Windows Transport Driver Interface (TDI) Translation Driver Information Disclosure Vulnerability
Out-of-bounds read in Windows TDX.sys allows an authorized attacker to disclose information locally...
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...
Windows Virtualization-Based Security (VBS) Elevation of Privilege Vulnerability
Protection mechanism failure in Windows Virtualization-Based Security VBS Enclave allows an authorized attacker to elevate privileges locally...
Microsoft PC Manager Elevation of Privilege Vulnerability
Improper link resolution before file access 'link following' in Microsoft PC Manager allows an authorized attacker to elevate privileges locally...