1705 matches found
CVE-2023-32016
Technical details about CVE-2023-32016 are not publicly available in the provided connected documents. Monitor for updates from Microsoft and security feeds for affected products, vulnerable components, and fixes.
CVE-2024-43519
CVE-2024-43519 : Microsoft WDAC OLE DB provider for SQL Server is affected by a Remote Code Execution vulnerability. The CVSS v3.1 base score is 8.8 (HIGH); attack vector is NETWORK, with LOW attack complexity and no privileges required, but user interaction is required. The issue stems from the ...
CVE-2017-8695
CVE-2017-8695 is an information-disclosure vulnerability in Windows Uniscribe where Microsoft’s Graphics Component can leak memory contents when handling objects, exploitable via a specially crafted document or an untrusted webpage. Affected products span Windows versions from Windows Server 2008...
CVE-2024-38131
Technical details about CVE-2024-38131 are not publicly provided in the connected documents. The available material lacks product/version/root-cause/remediation specifics. Monitor official advisories/updates for concrete information.
CVE-2024-26180
Technical details about CVE-2024-26180 are not provided in the supplied documents. Monitor for updates from official advisories and affected vendors.
CVE-2024-26189
CVE-2024-26189 is a Secure Boot security feature bypass affecting Windows Secure Boot. The CVE is listed in the Windows Secure Boot table with CVSS v3.1 base score 8.0 (HIGH) and impact described as bypassing security measures. Connected sources corroborate a Secure Boot bypass characterization, ...
CVE-2025-21245
CVE-2025-21245 is a Windows Telephony Service remote code execution vulnerability. The CIRCL feed and CVE listings indicate it affects Windows Telephony Service with potential for executing code from an attacker-supplied payload (impact: execution of arbitrary code) and a CVSS v3.1 base score of ...
CVE-2024-26224
CVE-2024-26224 affects Windows DNS Server and is described as a remote code execution vulnerability. Connected sources (CNVD/NCSC tables) list the impact as allowing execution of arbitrary code or executing random code via the DNS service, with CVSS-like references around 7.2 (HIGH) impact, netwo...
CVE-2024-26250
CVE-2024-26250 is a Windows Secure Boot vulnerability categorized as a circumvention of security measures. The connected advisory (NCSC) lists CVE-2024-26250 under the Windows Secure Boot section with that impact. The available documents do not provide product version ranges or exact vulnerable c...
CVE-2024-28899
Technical details for CVE-2024-28899 are not publicly available in the provided documents. No affected products, root cause, exploit info, or remediation are specified here; monitor for updates.
CVE-2025-21417
CVE-2025-21417 is a Windows Telephony Service remote code execution vulnerability. CIRCL confirms the CVE with a high impact (CVSS 8.80, Execute code) within Windows Telephony Service; CNVD describes a remote code execution vulnerability in Windows Telephony Server. Microsoft has public security ...
CVE-2017-0277
CVE-2017-0277 describes a remote code execution vulnerability in the Microsoft Windows SMBv1 server. The SMBv1 service on affected Windows versions (Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold/R2, Windows RT 8.1, Windows 10 1511/1607/1703, Windows Server 2...
CVE-2017-0016
CVE-2017-0016 affects multiple Windows versions (Windows 10, 8.1, RT 8.1, Server 2012R2/2016) where SMBv2/v3 packet handling in the Server service is flawed, enabling a remote attacker to potentially cause a crash or execute arbitrary code via a crafted SMB request. The issue is tied to SMBv2/SMB...
CVE-2024-26220
CVE-2024-26220 affects Windows Mobile Hotspot and is described as an Information Disclosure vulnerability. The connected NCSC advisory lists CVE-2024-26220 with impact: Access to sensitive data and a CVSS v3.1 base score of 5.0 (Medium). No root-cause, affected build versions, or remediation deta...
CVE-2024-26233
CVE-2024-26233 is a Windows DNS Server remote code execution vulnerability. Connected sources confirm Microsoft DNS Server vulnerability with remote code execution impact; no full technical root-cause details are provided in the supplied documents. Public exploits are indicated by at least one co...
CVE-2024-26240
CVE-2024-26240 is a Windows Secure Boot vulnerability rated CVSS v3.1 base score 8.0 (AV: Adjacent, AC: Low, PR: None, UI: Required, S: Unchanged, C/I/A: High). The connected documents corroborate that this CVE involves bypassing or circumvention of Secure Boot security measures, with explicit no...
CVE-2024-49046
CVE-2024-49046 affects the Windows Win32 Kernel Subsystem and is categorized as an Elevation of Privilege vulnerability. The CVSS 3.1 vector indicates LOCAL exploitability with LOW attack complexity and LOW privileges required, but HIGH impact to confidentiality, integrity, and availability under...
CVE-2016-7212
CVE-2016-7212 affects multiple Windows versions (Vista SP2, Server 2008 SP2/R2 SP1, 7 SP1, 8.1, 2012 Gold/R2, RT 8.1, 10 up to 1607, and Server 2016) where a crafted image file can lead to remote code execution. Root cause: improper handling in the Windows image load feature. Impact is remote cod...
CVE-2020-1561
CVE-2020-1561 is a remote code execution in Microsoft Graphics Components caused by how objects are handled in memory. Trigger requires opening a specially crafted file. A security update fixes the memory handling to address the vulnerability. Connected sources note CVE-2020-1561 among Microsoft ...
CVE-2017-0161
CVE-2017-0161 is a Windows NetBT Session Services vulnerability described as a race condition when NetBT fails to maintain certain sequencing requirements, enabling a remote code execution in affected Windows releases. The CVE is present in Windows 7/8.1/10 and server SKUs listed in the initial d...
CVE-2024-26221
Technical details about CVE-2024-26221 are not publicly provided in the supplied documents. Monitor for updates from official advisories; current sources list the vulnerability as Windows DNS Server RCE, but no affected version/patch details are included here.
CVE-2024-26226
CVE-2024-26226 is a Windows DFS information disclosure vulnerability. The initial entry confirms the flaw affects Windows DFS and can lead to exposure of sensitive data (cconf. impact). The connected materials show related Windows security updates (KB5036896, KB5036899, KB5036922) addressing secu...
CVE-2024-26231
Technical details about CVE-2024-26231 are not publicly provided in the supplied connected documents. No affected products, versions, or fixes are specified. Monitor official sources for updates.
CVE-2024-30027
CVE-2024-30027 corresponds to an NTFS Elevation of Privilege vulnerability. Affected component: Windows NTFS (elevates privileges locally). Root cause details are not explicitly stated in the provided documents beyond the NTFS elevation claim. CVSS v3.1 base metrics indicate a High impact (7.8) w...
CVE-2024-30098
CVE-2024-30098 is referenced in multiple October 2025 Windows security updates (KB5066791, KB5066835, KB5066793, KB5066780, KB5066836, etc.). The connected documents describe a cryptographic hardening change: moving RSA-based smart card certificates from Cryptographic Service Provider (CSP) to Ke...
CVE-2025-21273
Technical details are not publicly provided in the supplied documents. The CVE-2025-21273 entry lacks explicit affected product versions, root cause, or remediation specifics in this set; monitor for updates from Microsoft/MSRC.
CVE-2017-0158
CVE-2017-0158 is a Windows scripting engine memory corruption vulnerability. The issue arises from improper handling/sanitization of in-memory handles in the Scripting Engine, enabling remote code execution when a user visits a malicious site or opens a crafted document. Affected platforms includ...
CVE-2024-20669
CVE-2024-20669 affects Microsoft Windows Secure Boot. It is a Local, High-Privilege vulnerability classed as a Secure Boot security feature bypass with a CVSS v3.1 base score of 6.7 (Impact: Confidentiality, Integrity, and Availability High). Connected sources confirm Windows Secure Boot-related ...
CVE-2024-26175
CVE-2024-26175 is a local-bypass vulnerability in Windows Secure Boot, enabling bypass of the Secure Boot security feature. Affected component: Windows Secure Boot. Root cause: security-measure bypass integrated into Secure Boot; the CVSSv3.1 base metrics indicate a High severity (7.8) with Local...
CVE-2024-26227
CVE-2024-26227 is a Windows DNS Server remote code execution vulnerability. The vulnerability affects Microsoft Windows DNS Server and is described in multiple sources as a remote code execution risk with network attack vector and high impact. Connected documents indicate that public exploits exi...
CVE-2024-49105
CVE-2024-49105 affects the Windows Remote Desktop Client. It enables remote code execution over the network; exploitation requires user interaction and high privileges, with high impacts to confidentiality, integrity, and availability. CVSS v3.1 base score 8.4 (Network, Low attack complexity, Pri...
CVE-2025-21211
Technical details about CVE-2025-21211 are not publicly provided in the supplied connected documents. Monitor for updates from official advisories; no confirmed affected products, vectors, or fixes are described here.
CVE-2025-21310
Technical details for CVE-2025-21310 are not publicly available in the provided documents. Monitor for updates from Microsoft and NVD.
CVE-2024-26241
CVE-2024-26241 is a Win32k elevation-of-privilege vulnerability in Windows. The OpenVAS entries list Win32K as the affected component with local exploitation, requiring low privileges and no user interaction, and causing high confidentiality, integrity, and availability impact. The CVSSv3.1 base ...
CVE-2024-38033
Technical details about CVE-2024-38033 are not provided in the supplied documents. Monitor for updates from Microsoft and vulnerability feeds for affected products, versions, and fixes.
CVE-2024-38159
CVE-2024-38159 affects Windows Network Virtualization. The vulnerability enables remote code execution over the network with high privileges required and no user interaction, reflected by CVSSv3.1: AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H (base 9.1). Microsoft and partners indicate updates exist to fi...
CVE-2024-38257
CVE-2024-38257 affects the Windows AllJoyn API, described as an Information Disclosure vulnerability. The CVSS vector indicates network access with no user interaction, low attack complexity, and no privileges required, with confidentiality impact high and other impacts none. Connected sources co...
CVE-2025-21260
Technical details about CVE-2025-21260 are not publicly provided in the connected documents. Monitor for updates from Microsoft and CVE sources for affected components, impact, and remediation.
CVE-2023-29359
Technical details about CVE-2023-29359 are not provided in the connected documents. The entries identify a GDI Elevation of Privilege vulnerability but do not specify affected products/versions, root cause, impact specifics, or remediation.
CVE-2024-26222
CVE-2024-26222 is a Windows DNS Server Remote Code Execution Vulnerability. Public docs identify affected software as Windows DNS Server and describe an RCE risk exploitable over the network with no user interaction. The NVD/Microsoft entries list a base score around 6.6–7.2 (MEDIUM–HIGH) and not...
CVE-2024-49120
Technical details for CVE-2024-49120 are not publicly available in the provided documents. Monitor for updates from Microsoft and security advisories; this dataset does not disclose affected products, vectors, or fixes.
CVE-2026-33828
CVE-2026-33828 affects Windows Device Health Attestation (DHA). The vulnerability is a trust boundary violation in Windows Attestation that allows an authorized local attacker to elevate privileges. CVSS v3.1 base metrics indicate high impact to confidentiality, integrity, and availability with l...
CVE-2024-26223
CVE-2024-26223 affects Windows DNS Server with a remote code execution vulnerability. According to the provided data, it is network‑accessible (AV:N) with high attack complexity (AC:H) and requires high privileges (PR:H); no user interaction is needed (UI:N). The impact is rated high for confiden...
CVE-2025-26645
CVE-2025-26645 affects the Windows Remote Desktop Client. The vulnerability is a relative path traversal in the Remote Desktop Client that allows an unauthenticated attacker to execute code over the network. According to the published metrics, the exploit requires network access with low attack c...
CVE-2017-8565
CVE-2017-8565 is a Windows PowerShell remote code execution vulnerability triggered when PSObject wraps a CIM Instance. Connected sources describe in detail that deserialization via PSObject, LosFormatter, ObjectStateFormatter (and related gadget chains) can enable remote code execution in PowerS...
CVE-2024-38140
CVE-2024-38140 is a Windows RMCAST (Reliable Multicast Transport Driver) remote code execution vulnerability rated CRITICAL (CVSS 3.1: 9.8). The entry indicates an in-network attacker could remotely execute arbitrary code, with no privileges required and no user interaction, under the RMCAST comp...
CVE-2024-49080
CVE-2024-49080 affects Windows IP Routing Management Snapin and is a remote code execution vulnerability. According to the Initial document, it has CVSS 3.1 base metrics: Network attack vector, low attack complexity, low privileges required, no user interaction, with impacts on confidentiality, i...
CVE-2025-21329
CVE-2025-21329 is a MapUrlToZone Security Feature Bypass in Windows. Public docs identify it as a bypass of a security feature (CVE-2025-21329) with CVSS v3.1 base metrics indicating NETWORK attack vector, low attack complexity, no privileges required, user interaction required, and a MEDIUM seve...
CVE-2017-0038
The connected material describes a Windows IO Manager bug class (two-step: kernel-mode Initiator sets INPC and IFAC without OFAC; Receiver uses RequestorMode) that can bypass security checks and enable privilege escalation. It clarifies that INPC disables MemAC and SecAC, while OFAC can re-enable...
CVE-2024-38041
CVE-2024-38041 is a Windows Kernel information disclosure vulnerability. The connected sources confirm the affected component as Windows Kernel with impact on confidentiality (C:H) and local attack vector (AV:L) with low attack complexity (AC:L) and no user interaction (UI:N). Privileges required...