Windows 11 24h2 Security Vulnerabilities and Issues — Windows 11 24h2 CVE List

Lucene search

MicrosoftWindows 11 24h2

36 matches found

CVE•added 2025/05/13 5:15 p.m.•362 views

CVE-2025-29974

Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose information over an adjacent network.

5.7CVSS5.6AI score0.00087EPSS

CVE•added 2025/05/13 5:16 p.m.•175 views

CVE-2025-30397

Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.

7.5CVSS7.5AI score0.20545EPSS

CVE•added 2025/05/13 5:16 p.m.•170 views

CVE-2025-30400

Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.

7.8CVSS7.5AI score0.0373EPSS

CVE•added 2025/05/13 5:16 p.m.•163 views

CVE-2025-32709

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

7.8CVSS8AI score0.04268EPSS

CVE•added 2025/05/13 5:16 p.m.•157 views

CVE-2025-32706

Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

7.8CVSS7.6AI score0.1367EPSS

CVE•added 2025/05/13 5:16 p.m.•152 views

CVE-2025-32701

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

7.8CVSS7.5AI score0.04229EPSS

CVE•added 2025/05/13 5:15 p.m.•77 views

CVE-2025-29966

Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network.

8.8CVSS8.1AI score0.0017EPSS

CVE•added 2025/05/13 5:15 p.m.•68 views

CVE-2025-29837

Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to disclose information locally.

5.5CVSS6.7AI score0.00074EPSS

CVE•added 2025/05/13 5:15 p.m.•65 views

CVE-2025-29971

Out-of-bounds read in Web Threat Defense (WTD.sys) allows an unauthorized attacker to deny service over a network.

7.5CVSS7.4AI score0.00164EPSS

CVE•added 2025/05/13 5:15 p.m.•60 views

CVE-2025-29969

Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network.

7.5CVSS7.6AI score0.00073EPSS

CVE•added 2025/05/13 5:15 p.m.•58 views

CVE-2025-24063

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

7.8CVSS7.8AI score0.00066EPSS

CVE•added 2025/05/13 5:15 p.m.•58 views

CVE-2025-29962

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.

8.8CVSS9.1AI score0.00083EPSS

CVE•added 2025/05/13 5:15 p.m.•57 views

CVE-2025-29841

Concurrent execution using shared resource with improper synchronization ('race condition') in Universal Print Management Service allows an authorized attacker to elevate privileges locally.

7CVSS6.9AI score0.00047EPSS

CVE•added 2025/05/13 5:15 p.m.•56 views

CVE-2025-29964

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.

8.8CVSS9.1AI score0.00083EPSS

CVE•added 2025/05/13 5:15 p.m.•54 views

CVE-2025-29967

Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.

8.8CVSS8.1AI score0.0017EPSS

CVE•added 2025/05/13 5:15 p.m.•53 views

CVE-2025-29842

Acceptance of extraneous untrusted data with trusted data in UrlMon allows an unauthorized attacker to bypass a security feature over a network.

7.5CVSS7.7AI score0.00035EPSS

CVE•added 2025/05/13 5:15 p.m.•52 views

CVE-2025-29833

Time-of-check time-of-use (toctou) race condition in Windows Virtual Machine Bus allows an unauthorized attacker to execute code locally.

7.7CVSS7.7AI score0.00046EPSS

CVE•added 2025/05/13 5:15 p.m.•51 views

CVE-2025-29829

Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally.

5.5CVSS6.8AI score0.0014EPSS

CVE•added 2025/05/13 5:15 p.m.•51 views

CVE-2025-29835

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

6.5CVSS6.5AI score0.0009EPSS

CVE•added 2025/05/13 5:15 p.m.•51 views

CVE-2025-29970

Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.

7.8CVSS8.1AI score0.00066EPSS

CVE•added 2025/05/13 5:16 p.m.•51 views

CVE-2025-30388

Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.

7.8CVSS8AI score0.00079EPSS

CVE•added 2025/05/13 5:15 p.m.•50 views

CVE-2025-27468

Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally.

7CVSS7AI score0.00047EPSS

CVE•added 2025/05/13 5:15 p.m.•50 views

CVE-2025-29836

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

6.5CVSS6.5AI score0.00074EPSS

CVE•added 2025/05/13 5:15 p.m.•50 views

CVE-2025-29839

Out-of-bounds read in Windows File Server allows an unauthorized attacker to disclose information locally.

4CVSS6.6AI score0.00052EPSS

CVE•added 2025/05/13 5:15 p.m.•50 views

CVE-2025-29959

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

6.5CVSS6.4AI score0.00229EPSS

CVE•added 2025/05/13 5:15 p.m.•49 views

CVE-2025-29963

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.

8.8CVSS8AI score0.00083EPSS

CVE•added 2025/05/13 5:15 p.m.•48 views

CVE-2025-29960

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

6.5CVSS6.3AI score0.00074EPSS

CVE•added 2025/05/13 5:15 p.m.•48 views

CVE-2025-29961

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

6.5CVSS6.3AI score0.00074EPSS

CVE•added 2025/05/13 5:15 p.m.•47 views

CVE-2025-29955

Improper input validation in Windows Hyper-V allows an unauthorized attacker to deny service locally.

6.2CVSS6.5AI score0.00113EPSS

CVE•added 2025/05/13 5:16 p.m.•47 views

CVE-2025-30385

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

7.8CVSS7.5AI score0.00066EPSS

CVE•added 2025/05/13 5:15 p.m.•46 views

CVE-2025-29832

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

6.5CVSS6.5AI score0.00074EPSS

CVE•added 2025/05/13 5:15 p.m.•46 views

CVE-2025-29838

Null pointer dereference in Windows Drivers allows an unauthorized attacker to elevate privileges locally.

7.4CVSS7.1AI score0.0006EPSS

CVE•added 2025/05/13 5:15 p.m.•46 views

CVE-2025-29957

Uncontrolled resource consumption in Windows Deployment Services allows an unauthorized attacker to deny service locally.

6.2CVSS7AI score0.0043EPSS

CVE•added 2025/05/13 5:15 p.m.•45 views

CVE-2025-29830

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

6.5CVSS6.9AI score0.00223EPSS

CVE•added 2025/05/13 5:15 p.m.•45 views

CVE-2025-29956

Buffer over-read in Windows SMB allows an authorized attacker to disclose information over a network.

5.4CVSS6.7AI score0.00079EPSS

CVE•added 2025/05/13 5:15 p.m.•45 views

CVE-2025-29958

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

6.5CVSS6.6AI score0.00229EPSS