21727 matches found
NTLM Hash Disclosure Spoofing Vulnerability
External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network...
Cert CC: CVE-2025-2884 Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation
CVE-2025-2884 is regarding a vulnerability in TCG TPM2.0 Reference implementation's CryptHmacSign helper function that is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. CERT/CC created this CVE on their behalf. The documente...
Windows Health and Optimized Experiences Elevation of Privilege Vulnerability
Improper link resolution before file access 'link following' in Windows Health and Optimized Experiences Service allows an authorized attacker to elevate privileges locally...
Microsoft PowerPoint Remote Code Execution Vulnerability
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally...
Microsoft Excel Information Disclosure Vulnerability
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally...
Microsoft Office Denial of Service Vulnerability
Uncaught exception in Microsoft Office allows an unauthorized attacker to deny service locally...
Microsoft Office Visio Remote Code Execution Vulnerability
Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally...
Microsoft Office Remote Code Execution Vulnerability
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally...
Microsoft Excel Remote Code Execution Vulnerability
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally...
Microsoft Excel Remote Code Execution Vulnerability
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally...
Microsoft Excel Remote Code Execution Vulnerability
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally...
Microsoft Word Remote Code Execution Vulnerability
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally...
Microsoft Windows File Explorer Spoofing Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network...
Configuration Manager Elevation of Privilege Vulnerability
Improper neutralization of special elements used in an sql command 'sql injection' in Microsoft Configuration Manager allows an unauthorized attacker to elevate privileges over an adjacent network...
Windows Push Notification Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally...
Microsoft Word Remote Code Execution Vulnerability
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally...
Windows MapUrlToZone Information Disclosure Vulnerability
Out-of-bounds read in Windows MapUrlToZone allows an unauthorized attacker to disclose information over a network...
Windows Graphics Component Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization 'race condition' in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally...
Windows State Repository API Server File Information Disclosure Vulnerability
Insertion of sensitive information into log file in Windows StateRepository API allows an authorized attacker to disclose information locally...
Windows Search Service Denial of Service Vulnerability
Improper input validation in Microsoft Windows Search Component allows an authorized attacker to deny service locally...
Windows ETL Channel Information Disclosure Vulnerability
Insertion of sensitive information into log file in Windows ETL Channel allows an authorized attacker to disclose information locally...
Windows Kernel Elevation of Privilege Vulnerability
Use of uninitialized resource in Windows Kernel allows an authorized attacker to elevate privileges locally...
Windows Management Services Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Management Services allows an authorized attacker to elevate privileges locally...
Storport.sys Driver Elevation of Privilege Vulnerability
Buffer over-read in Storport.sys Driver allows an authorized attacker to elevate privileges locally...
Windows Connected Devices Platform Service Elevation of Privilege Vulnerability
Heap-based buffer overflow in Connected Devices Platform Service Cdpsvc allows an authorized attacker to elevate privileges locally...
Microsoft Failover Cluster Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Failover Cluster allows an authorized attacker to disclose information locally...
Microsoft Brokering File System Elevation of Privilege Vulnerability
Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally...
Windows Kernel Elevation of Privilege Vulnerability
Improper input validation in Windows Kernel allows an authorized attacker to elevate privileges locally...
Storage Spaces Direct Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows High Availability Services allows an authorized attacker to disclose information locally...
Microsoft Windows File Explorer Spoofing Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network...
Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally...
Remote Desktop Protocol Remote Code Execution Vulnerability
Use after free in Windows Remote Desktop allows an unauthorized attacker to execute code locally...
Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally...
Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally...
Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally...
Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally...
Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally...
Windows Local Session Manager (LSM) Denial of Service Vulnerability
Improper validation of specified type of input in Windows Local Session Manager LSM allows an authorized attacker to deny service over a network...
Windows Connected Devices Platform Service Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally...
Windows SMB Server Elevation of Privilege Vulnerability
Improper access control in Windows SMB Server allows an authorized attacker to elevate privileges over a network...
Windows COM+ Event System Service Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows COM allows an authorized attacker to elevate privileges locally...
Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally...
Remote Desktop Client Remote Code Execution Vulnerability
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network...
Windows Cryptographic Services Information Disclosure Vulnerability
Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally...
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...
DirectX Graphics Kernel Denial of Service Vulnerability
Null pointer dereference in Windows DirectX allows an authorized attacker to deny service over a network...
Azure Local Elevation of Privilege Vulnerability
Heap-based buffer overflow in Azure Local allows an authorized attacker to elevate privileges locally...
Windows Kernel Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally...
Windows WLAN AutoConfig Service Information Disclosure Vulnerability
Out-of-bounds read in Windows WLAN Auto Config Service allows an authorized attacker to disclose information locally...
NtQueryInformation Token function (ntifs.h) Elevation of Privilege Vulnerability
Time-of-check time-of-use toctou race condition in NtQueryInformation Token function ntifs.h allows an authorized attacker to elevate privileges locally...