3863 matches found
CVE-2025-33063
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-21331
Windows Installer Elevation of Privilege Vulnerability
CVE-2025-29832
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-29957
Uncontrolled resource consumption in Windows Deployment Services allows an unauthorized attacker to deny service locally.
CVE-2025-30385
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-48000
Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.
CVE-2025-29830
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-29958
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-32713
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-49691
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over an adjacent network.
CVE-2025-29956
Buffer over-read in Windows SMB allows an authorized attacker to disclose information over a network.
CVE-2025-32721
Improper link resolution before file access ('link following') in Windows Recovery Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-33057
Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network.
CVE-2025-48822
Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
CVE-2025-32714
Improper access control in Windows Installer allows an authorized attacker to elevate privileges locally.
CVE-2025-32716
Out-of-bounds read in Windows Media allows an authorized attacker to elevate privileges locally.
CVE-2025-33058
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-49721
Heap-based buffer overflow in Windows Fast FAT Driver allows an unauthorized attacker to elevate privileges locally.
CVE-2025-49716
Uncontrolled resource consumption in Windows Netlogon allows an unauthorized attacker to deny service over a network.
CVE-2025-49689
Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.
CVE-2025-48824
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-53766
Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.
CVE-2025-49744
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2025-49724
Use after free in Windows Connected Devices Platform Service allows an unauthorized attacker to execute code over a network.
CVE-2025-47971
Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.
CVE-2025-49667
Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
CVE-2025-49683
Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execute code locally.
CVE-2025-49753
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-47998
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-47991
Use after free in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.
CVE-2025-53778
Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.
CVE-2025-48818
Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2025-49686
Null pointer dereference in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2025-47972
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges over a network.
CVE-2025-48804
Acceptance of extraneous untrusted data with trusted data in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2025-49723
Missing authorization in Windows StateRepository API allows an authorized attacker to perform tampering locally.
CVE-2025-48003
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2025-48800
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2025-48823
Cryptographic issues in Windows Cryptographic Services allows an unauthorized attacker to disclose information over a network.
CVE-2025-48815
Access of resource using incompatible type ('type confusion') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
CVE-2025-49669
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-49670
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-49722
Uncontrolled resource consumption in Windows Print Spooler Components allows an authorized attacker to deny service over an adjacent network.
CVE-2025-55234
SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks.The SMB Server already supports mechanisms for hardening against rel...
CVE-2025-47980
Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an unauthorized attacker to disclose information locally.
CVE-2025-47986
Use after free in Universal Print Management Service allows an authorized attacker to elevate privileges locally.
CVE-2025-48816
Integer overflow or wraparound in HID class driver allows an authorized attacker to elevate privileges locally.
CVE-2025-49659
Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.
CVE-2025-49663
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-49675
Use after free in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.