1374 matches found
CVE-2025-30397
CVE-2025-30397 is a memory-corruption/Use-After-Free style vulnerability in the Microsoft Scripting Engine (jscript.dll) that enables remote code execution via specially crafted web content. The CVE’s affected component is the JScript/Windows Scripting Engine, with an attack vector over the netwo...
CVE-2026-42904
CVE-2026-42904 is a Windows TCP/IP heap-based buffer overflow vulnerability that allows an unauthenticated attacker on an adjacent network to elevate privileges. The issue affects the Windows TCP/IP stack and is identified as a 9.6 (CRITICAL) CVSSv3.1 Base Score with attacker-friendly characteris...
CVE-2025-21413
CVE-2025-21413 is a Windows Telephony Service remote code execution vulnerability. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) indicates network access, no privileges, user interaction required, with high impact to confidentiality, integrity, and availability. Connected sources conf...
CVE-2025-21230
CVE-2025-21230 is a Denial-of-Service vulnerability in Microsoft Message Queuing (MSMQ). Connected CNVD entries explicitly describe a vulnerability in MSMQ that can be exploited to cause a DoS on the system, aligning with the CVSS vector in the CVE entry (Network, Privileges=None, User interactio...
CVE-2024-43639
CVE-2024-43639 is a Windows Kerberos KDC Proxy Remote Code Execution vulnerability. Documents identify it as a Kerberos-related RCE affecting Windows Kerberos/KDC components, with CVSS v3.1 base score 9.8 (NETWORK, HIGH impact on confidentiality, integrity and availability; no user interaction). ...
CVE-2025-21179
CVE-2025-21179 is a Windows DHCP Client Service Denial of Service vulnerability. Public details in the provided documents identify the vulnerability as affecting the Windows DHCP Client component and causing DoS, but the exact root cause, affected product versions, and exploit details are not spe...
CVE-2025-32701
CVE-2025-32701 is a Windows CLFS driver use-after-free vulnerability that can allow an authorized attacker to elevate privileges locally. The weakness affects the Windows Common Log File System Driver and has a base CVSS v3.1 score of 7.8 (HIGH) with LOCAL attack vector, LOW attack complexity, an...
CVE-2025-32709
CVE-2025-32709 is a local privilege-escalation due to a use-after-free in the Windows Ancillary Function Driver for WinSock (AFD) . Affected component: AFD in Windows networking stack. Root cause: use-after-free leading to arbitrary/privilege escalation. Impact: local elevation to administrator a...
CVE-2025-32706
CVE-2025-32706 is an elevation-of-privilege flaw in Windows CLFS Driver (heap-based buffer overflow) that enables local privilege escalation. Affected product: Windows Common Log File System Driver. Base CVSS v3.1: 7.8 (HIGH); attack vector LOCAL, requires LOW privileges, no user interaction. Pub...
CVE-2026-45602
Technical details (affected product versions, root cause, exploit specifics, and remediation) are not publicly available in the provided documents. Monitor for updates from NVD and CVE List for CVE-2026-45602.
CVE-2024-49084
CVE-2024-49084 is a Windows Kernel elevation-of-privilege issue (Windows Kernel). The connected sources list it under Windows Kernel with a CVSS v3.1 base score of 7.0 (local attack vector, high impact across confidentiality, integrity, and availability) and indicate the vulnerability allows obta...
CVE-2025-21204
CVE-2025-21204 affects Windows Update Stack with improper link resolution before file access, enabling local privilege elevation for an authenticated user. Public documentation confirms the vulnerability and that Microsoft released fixes as part of April 2025 updates; patches include OS updates t...
CVE-2026-42992
CVE-2026-42992 describes a heap-based buffer overflow in the Remote Desktop Client that could allow an unauthenticated attacker to execute code over the network. The vulnerability affects the Remote Desktop Client as described across multiple sources (NVD, CVE listings, and Microsoft’s advisory)....
CVE-2025-21263
Technical details for CVE-2025-21263 are not publicly provided in the supplied connected documents. The materials reference Windows Digital Media Elevation of Privilege vulnerability but do not describe affected components, root cause, impact specifics, or fixes. Monitor updates from official sou...
CVE-2025-24076
CVE-2025-24076 affects the Windows Cross Device Service, enabling local privilege escalation via improper access control. Public material confirms a local, low-privilege attacker can escalate to SYSTEM by exploiting DLL handling in the Cross Device Service (e.g., by replacing CrossDevice.Streamin...
CVE-2025-21302
CVE-2025-21302 is a Windows Telephony Service Remote Code Execution vulnerability. The CVSS 3.1 base score is 8.8 (HIGH) with network access, low attack complexity, no privileges required, and user interaction required; impacts include confidentiality, integrity, and availability. The vulnerabili...
CVE-2026-56155
CVE-2026-56155 affects Active Directory Federation Services (AD FS) with insufficient granularity in access control, enabling an authorized local attacker to escalate privileges. Documents indicate a Privilege Escalation impact and note updates have been released by Microsoft to address the vulne...
CVE-2024-49082
CVE-2024-49082 is a Windows File Explorer information disclosure vulnerability. The connected data lists impact as access to sensitive data with CVSS 3.1 v3.1 vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N, score 6.8 (Medium). Concrete details about root cause or affected Windows versions are not fu...
CVE-2025-27480
CVE-2025-27480 is described as a Remote Desktop Services/RDP remote code execution vulnerability with a network attack vector (no user interaction) and a base CVSS v3.1 score of 8.1 (HIGH). Public references include a GitHub exploit claiming a remote code execution path and Krebs-style coverage p...
CVE-2026-48576
CVE-2026-48576 is a Windows Secure Boot vulnerability described as a protection mechanism failure enabling a local attacker with high privileges to bypass a security feature. The available documents specify a local attack vector with low complexity and no user interaction, and a base CVSS 3.1 sco...
CVE-2024-49115
CVE-2024-49115 is a vulnerability in Windows Remote Desktop Services that enables remote code execution. The connected documents indicate an impact of code execution with high severity (CVSS-like values around 8+ in vendor/intelligence summaries) and publicly referenced exploit potential, with re...
CVE-2025-21351
CVE-2025-21351 is a Windows AD DS API Denial of Service vulnerability. The initial record notes a network‑vector DoS impacting AD DS APIs with a CVSS v3.1 base score of 7.5 (HIGH) and no user interaction required. Connected documents indicate Microsoft has released updates addressing vulnerabilit...
CVE-2026-45586
Technical details (affected product/component, root cause, impact, versions, or exploit information) are not publicly available in the provided documents. Monitor for updates.
CVE-2024-43625
CVE-2024-43625 is a Microsoft Windows VMSwitch elevation-of-privilege vulnerability (CVSSv3.1: 8.1, LOCAL, no user interaction). Affected component is the Windows VMSwitch; the exposed impact is potential total compromise with high confidentiality, integrity, and availability impact. Publicly dis...
CVE-2025-21341
Technical details for CVE-2025-21341 are not provided in the supplied documents. Public disclosures describe it as Windows Digital Media Elevation of Privilege, but no specifics on vulnerable component, versions, exploit or fix are included. Monitor for updates.
CVE-2024-49132
CVE-2024-49132 affects Windows Remote Desktop Services and is a remote code execution vulnerability exploitable over the network (attack vector: network; no privileges required; user interaction not needed). The CVSSv3.1 base score is 8.1 (HIGH) with high impact on confidentiality, integrity, and...
CVE-2024-49128
CVE-2024-49128 describes a vulnerability in Windows Remote Desktop Services where sensitive data is stored in improperly locked memory. This can allow an unauthenticated, network-based attacker to execute code remotely. The CVSS 3.1 vector provided indicates network access as the attack vector, h...
CVE-2025-21327
CVE-2025-21327 is a Windows Digital Media elevation-of-privilege vulnerability. The CVSS3.1 base vector indicates physical access required, low attack complexity and low privileges, with high impact on confidentiality, integrity, and availability (base score 6.6, medium). The connected data confi...
CVE-2026-33829
CVE-2026-33829 concerns the Windows Snipping Tool and is assigned a CVSSv3.1 base score of 4.3 (Medium). The vulnerability is described with a network attack vector but requires user interaction and does not affect integrity or availability, with confidentiality impact listed as Low. The metric i...
CVE-2026-45585
CVE-2026-45585 concerns a Windows security feature bypass publicly referred to as “YellowKey.” The CVE entry notes a mitigation path provided by Microsoft to protect against the vulnerability until an update is released. The CVSSv3.1 metrics indicate a MEDIUM base score (6.8) with physical attack...
CVE-2025-21377
Technical details for CVE-2025-21377 are not publicly provided in the supplied documents. No affected products, root cause, impact, or remediation are specified here. Monitor for updates in the connected feeds.
CVE-2025-24035
CVE-2025-24035 affects Windows Remote Desktop Services. The connected data corroborates a remote code execution risk over a network, arising from memory handling (sensitive data stored in improperly locked memory). The impact is described as executing arbitrary code, with the network as the attac...
CVE-2025-21245
CVE-2025-21245 is a Windows Telephony Service remote code execution vulnerability. The CIRCL feed and CVE listings indicate it affects Windows Telephony Service with potential for executing code from an attacker-supplied payload (impact: execution of arbitrary code) and a CVSS v3.1 base score of ...
CVE-2025-21311
CVE-2025-21311 is a Windows NTLMv1 Elevation of Privilege vulnerability. Affected product: Windows NTLM V1. The issue is remotely exploitable over the network with no user interaction required and can lead to a complete compromise of the target (CVSS v3.1: 9.8, Confidentiality, Integrity and Avai...
CVE-2025-21417
CVE-2025-21417 is a Windows Telephony Service remote code execution vulnerability. CIRCL confirms the CVE with a high impact (CVSS 8.80, Execute code) within Windows Telephony Service; CNVD describes a remote code execution vulnerability in Windows Telephony Server. Microsoft has public security ...
CVE-2025-48799
CVE-2025-48799 is an Elevation of Privilege flaw in Windows Update Service (wuauserv) described as: improper link resolution before file access ('link following') can allow an authorized local attacker to elevate to NT AUTHORITY\SYSTEM when Windows 10/11 systems have at least two drives and Stora...
CVE-2024-49046
CVE-2024-49046 affects the Windows Win32 Kernel Subsystem and is categorized as an Elevation of Privilege vulnerability. The CVSS 3.1 vector indicates LOCAL exploitability with LOW attack complexity and LOW privileges required, but HIGH impact to confidentiality, integrity, and availability under...
CVE-2025-21325
CVE-2025-21325 is described as a Windows Secure Kernel Mode Elevation of Privilege vulnerability. The provided data include a CVSS 3.1 vector indicating a local, low-complexity attack requiring low privileges with no user interaction, and impact to confidentiality, integrity, and availability rat...
CVE-2025-21273
Technical details are not publicly provided in the supplied documents. The CVE-2025-21273 entry lacks explicit affected product versions, root cause, or remediation specifics in this set; monitor for updates from Microsoft/MSRC.
CVE-2024-49105
CVE-2024-49105 affects the Windows Remote Desktop Client. It enables remote code execution over the network; exploitation requires user interaction and high privileges, with high impacts to confidentiality, integrity, and availability. CVSS v3.1 base score 8.4 (Network, Low attack complexity, Pri...
CVE-2025-21211
Technical details about CVE-2025-21211 are not publicly provided in the supplied connected documents. Monitor for updates from official advisories; no confirmed affected products, vectors, or fixes are described here.
CVE-2025-21310
Technical details for CVE-2025-21310 are not publicly available in the provided documents. Monitor for updates from Microsoft and NVD.
CVE-2025-21275
Technical details about CVE-2025-21275 (Windows App Package Installer Elevation of Privilege) are not provided in the supplied documents. Public specifics on affected product/version/root cause/impact/fix are not available here; monitor for authoritative updates from Microsoft/CVE records.
CVE-2025-21260
Technical details about CVE-2025-21260 are not publicly provided in the connected documents. Monitor for updates from Microsoft and CVE sources for affected components, impact, and remediation.
CVE-2024-49120
Technical details for CVE-2024-49120 are not publicly available in the provided documents. Monitor for updates from Microsoft and security advisories; this dataset does not disclose affected products, vectors, or fixes.
CVE-2025-50165
CVE-2025-50165 targets the Windows/Microsoft Graphics Component through an untrusted pointer dereference in JPEG decoding, enabling remote code execution. Exploitation relies on specially crafted images (e.g., JPEG metadata segments) to trigger code execution without user interaction on affected ...
CVE-2025-21329
CVE-2025-21329 is a MapUrlToZone Security Feature Bypass in Windows. Public docs identify it as a bypass of a security feature (CVE-2025-21329) with CVSS v3.1 base metrics indicating NETWORK attack vector, low attack complexity, no privileges required, user interaction required, and a MEDIUM seve...
CVE-2024-49080
CVE-2024-49080 affects Windows IP Routing Management Snapin and is a remote code execution vulnerability. According to the Initial document, it has CVSS 3.1 base metrics: Network attack vector, low attack complexity, low privileges required, no user interaction, with impacts on confidentiality, i...
CVE-2025-21369
CVE-2025-21369 is listed by the NCSC advisory as a vulnerability in Microsoft Windows’ Digest Authentication that enables executing arbitrary code. The advisory attributes an overall high severity (CVSS v3.1 base 8.80) with a network attack vector and impact. The connected document confirms the v...
CVE-2025-21419
CVE-2025-21419 is a Windows Setup cleanup vulnerability that enables local elevation of privilege. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H) indicates an attacker with low privileges and local access can achieve high integrity and availability impact, without user interaction. The...