CVE-2025-29842

Acceptance of extraneous untrusted data with trusted data in UrlMon allows an unauthorized attacker to bypass a security feature over a network.

CVE-2025-47981

Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.

CVE-2017-8712

The Windows Hyper-V component on Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability". This CVE ID i...

CVE-2025-21389

Windows upnphost.dll Denial of Service Vulnerability

CVE-2025-29833

Time-of-check time-of-use (toctou) race condition in Windows Virtual Machine Bus allows an unauthorized attacker to execute code locally.

CVE-2025-49740

Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network.

CVE-2016-7258

The kernel in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 mishandles page-fault system calls, which allows local users to obtain sensitive information from arbitrary processes via a crafted application, aka "Windows Kernel Memory Address Information Disclosure Vulnerability."

CVE-2017-8623

Windows Hyper-V in Windows 10 1607, 1703, and Windows Server 2016 allows a denial of service vulnerability when it fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability".

CVE-2017-8702

Windows Error Reporting (WER) in Microsoft Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows an attacker to gain greater access to sensitive information and system functionality, due to the way that WER handles and executes files, aka "Windows Elevation of Privilege Vulnerability".

CVE-2025-24065

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

CVE-2025-27468

Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally.

CVE-2025-29829

Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally.

CVE-2025-29835

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

CVE-2025-29836

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

CVE-2025-32718

Integer overflow or wraparound in Windows SMB allows an authorized attacker to elevate privileges locally.

CVE-2025-32719

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

CVE-2025-29839

Out-of-bounds read in Windows File Server allows an unauthorized attacker to disclose information locally.

CVE-2025-29959

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

CVE-2025-33063

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

CVE-2017-8692

The Windows Uniscribe component on Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows remote code execution vulnerability when it fails to properly handle objects in memory, aka "Uniscribe Remote Code Executi...

CVE-2025-29960

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

CVE-2025-48817

Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

CVE-2025-21331

Windows Installer Elevation of Privilege Vulnerability

CVE-2025-29961

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

CVE-2025-29968

Improper input validation in Active Directory Certificate Services (AD CS) allows an authorized attacker to deny service over a network.

CVE-2025-32713

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

CVE-2025-29832

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

CVE-2025-29957

Uncontrolled resource consumption in Windows Deployment Services allows an unauthorized attacker to deny service locally.

CVE-2025-30385

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

CVE-2025-32721

Improper link resolution before file access ('link following') in Windows Recovery Driver allows an authorized attacker to elevate privileges locally.

CVE-2025-33057

Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network.

CVE-2025-48000

Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.

CVE-2025-49691

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over an adjacent network.

CVE-2025-29830

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

CVE-2025-29958

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

CVE-2025-32716

Out-of-bounds read in Windows Media allows an authorized attacker to elevate privileges locally.

CVE-2025-33058

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

CVE-2025-48822

Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.

CVE-2025-50154

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.

CVE-2025-29956

Buffer over-read in Windows SMB allows an authorized attacker to disclose information over a network.

CVE-2025-32714

Improper access control in Windows Installer allows an authorized attacker to elevate privileges locally.

CVE-2025-49721

Heap-based buffer overflow in Windows Fast FAT Driver allows an unauthorized attacker to elevate privileges locally.

CVE-2025-47973

Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.

CVE-2025-48824

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

CVE-2025-49689

Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.

CVE-2025-49735

Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network.

CVE-2025-49760

External control of file name or path in Windows Storage allows an authorized attacker to perform spoofing over a network.

CVE-2025-47971

Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.

CVE-2025-49683

Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execute code locally.

CVE-2025-49716

Uncontrolled resource consumption in Windows Netlogon allows an unauthorized attacker to deny service over a network.