2183 matches found
CVE-2025-50171
Missing authorization in Remote Desktop Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-55234
SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks.The SMB Server already supports mechanisms for hardening against rel...
CVE-2025-48003
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2025-48800
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2025-48823
Cryptographic issues in Windows Cryptographic Services allows an unauthorized attacker to disclose information over a network.
CVE-2025-48815
Access of resource using incompatible type ('type confusion') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
CVE-2025-49669
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-49670
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-49722
Uncontrolled resource consumption in Windows Print Spooler Components allows an authorized attacker to deny service over an adjacent network.
CVE-2025-47980
Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an unauthorized attacker to disclose information locally.
CVE-2025-47986
Use after free in Universal Print Management Service allows an authorized attacker to elevate privileges locally.
CVE-2025-48816
Integer overflow or wraparound in HID class driver allows an authorized attacker to elevate privileges locally.
CVE-2025-49659
Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.
CVE-2025-49663
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-49675
Use after free in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-49685
Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally.
CVE-2025-47976
Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
CVE-2025-47978
Out-of-bounds read in Windows Kerberos allows an authorized attacker to deny service over a network.
CVE-2025-47982
Improper input validation in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-47984
Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.
CVE-2025-47987
Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally.
CVE-2025-48001
Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2025-48802
Improper certificate validation in Windows SMB allows an authorized attacker to perform spoofing over a network.
CVE-2025-48814
Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an unauthorized attacker to bypass a security feature over a network.
CVE-2025-48819
Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.
CVE-2025-49658
Out-of-bounds read in Windows TDX.sys allows an authorized attacker to disclose information locally.
CVE-2025-49661
Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2025-49674
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-49684
Buffer over-read in Storage Port Driver allows an authorized attacker to disclose information locally.
CVE-2025-49726
Use after free in Windows Notification allows an authorized attacker to elevate privileges locally.
CVE-2025-49730
Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally.
CVE-2025-49732
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2025-47985
Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate privileges locally.
CVE-2025-47999
Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.
CVE-2025-48803
Missing support for integrity check in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
CVE-2025-48805
Heap-based buffer overflow in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally.
CVE-2025-48806
Use after free in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally.
CVE-2025-48820
Improper link resolution before file access ('link following') in Windows AppX Deployment Service allows an authorized attacker to elevate privileges locally.
CVE-2025-48821
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.
CVE-2025-49657
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-49660
Use after free in Windows Event Tracing allows an authorized attacker to elevate privileges locally.
CVE-2025-49664
Exposure of sensitive information to an unauthorized actor in Windows User-Mode Driver Framework Host allows an authorized attacker to disclose information locally.
CVE-2025-49666
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to execute code over a network.
CVE-2025-49668
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-49671
Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-49678
Null pointer dereference in Windows NTFS allows an authorized attacker to elevate privileges locally.
CVE-2025-49679
Numeric truncation error in Windows Shell allows an authorized attacker to elevate privileges locally.
CVE-2025-49682
Use after free in Windows Media allows an authorized attacker to elevate privileges locally.
CVE-2025-49729
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-49733
Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.