Lucene search
+L
MicrosoftWindows Server 2025*

1374 matches found

CVE
CVE
added 2025/05/13 4:59 p.m.263 views

CVE-2025-30397

CVE-2025-30397 is a memory-corruption/Use-After-Free style vulnerability in the Microsoft Scripting Engine (jscript.dll) that enables remote code execution via specially crafted web content. The CVE’s affected component is the JScript/Windows Scripting Engine, with an attack vector over the netwo...

7.5CVSS7.5AI score0.21228EPSS
In wild
CVE
CVE
added 2026/06/09 5:5 p.m.260 views

CVE-2026-42904

CVE-2026-42904 is a Windows TCP/IP heap-based buffer overflow vulnerability that allows an unauthenticated attacker on an adjacent network to elevate privileges. The issue affects the Windows TCP/IP stack and is identified as a 9.6 (CRITICAL) CVSSv3.1 Base Score with attacker-friendly characteris...

9.6CVSS5.8AI score0.00438EPSS
CVE
CVE
added 2025/01/14 6:3 p.m.250 views

CVE-2025-21413

CVE-2025-21413 is a Windows Telephony Service remote code execution vulnerability. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) indicates network access, no privileges, user interaction required, with high impact to confidentiality, integrity, and availability. Connected sources conf...

8.8CVSS9AI score0.01086EPSS
CVE
CVE
added 2025/01/14 6:4 p.m.243 views

CVE-2025-21230

CVE-2025-21230 is a Denial-of-Service vulnerability in Microsoft Message Queuing (MSMQ). Connected CNVD entries explicitly describe a vulnerability in MSMQ that can be exploited to cause a DoS on the system, aligning with the CVSS vector in the CVE entry (Network, Privileges=None, User interactio...

7.5CVSS7.4AI score0.02634EPSS
CVE
CVE
added 2024/11/12 5:54 p.m.230 views

CVE-2024-43639

CVE-2024-43639 is a Windows Kerberos KDC Proxy Remote Code Execution vulnerability. Documents identify it as a Kerberos-related RCE affecting Windows Kerberos/KDC components, with CVSS v3.1 base score 9.8 (NETWORK, HIGH impact on confidentiality, integrity and availability; no user interaction). ...

9.8CVSS9.6AI score0.08749EPSS
CVE
CVE
added 2025/02/11 5:58 p.m.229 views

CVE-2025-21179

CVE-2025-21179 is a Windows DHCP Client Service Denial of Service vulnerability. Public details in the provided documents identify the vulnerability as affecting the Windows DHCP Client component and causing DoS, but the exact root cause, affected product versions, and exploit details are not spe...

4.8CVSS5.9AI score0.00726EPSS
CVE
CVE
added 2025/05/13 4:58 p.m.229 views

CVE-2025-32701

CVE-2025-32701 is a Windows CLFS driver use-after-free vulnerability that can allow an authorized attacker to elevate privileges locally. The weakness affects the Windows Common Log File System Driver and has a base CVSS v3.1 score of 7.8 (HIGH) with LOCAL attack vector, LOW attack complexity, an...

7.8CVSS7.5AI score0.01291EPSS
In wild
CVE
CVE
added 2025/05/13 4:58 p.m.227 views

CVE-2025-32709

CVE-2025-32709 is a local privilege-escalation due to a use-after-free in the Windows Ancillary Function Driver for WinSock (AFD) . Affected component: AFD in Windows networking stack. Root cause: use-after-free leading to arbitrary/privilege escalation. Impact: local elevation to administrator a...

7.8CVSS8.4AI score0.01658EPSS
In wild
CVE
CVE
added 2025/05/13 4:58 p.m.224 views

CVE-2025-32706

CVE-2025-32706 is an elevation-of-privilege flaw in Windows CLFS Driver (heap-based buffer overflow) that enables local privilege escalation. Affected product: Windows Common Log File System Driver. Base CVSS v3.1: 7.8 (HIGH); attack vector LOCAL, requires LOW privileges, no user interaction. Pub...

7.8CVSS7.6AI score0.02129EPSS
In wild
CVE
CVE
added 2026/06/09 5:5 p.m.223 views

CVE-2026-45602

Technical details (affected product versions, root cause, exploit specifics, and remediation) are not publicly available in the provided documents. Monitor for updates from NVD and CVE List for CVE-2026-45602.

9.1CVSS5.4AI score0.00366EPSS
CVE
CVE
added 2024/12/10 5:49 p.m.207 views

CVE-2024-49084

CVE-2024-49084 is a Windows Kernel elevation-of-privilege issue (Windows Kernel). The connected sources list it under Windows Kernel with a CVSS v3.1 base score of 7.0 (local attack vector, high impact across confidentiality, integrity, and availability) and indicate the vulnerability allows obta...

7CVSS6.9AI score0.00434EPSS
CVE
CVE
added 2025/04/08 5:23 p.m.206 views

CVE-2025-21204

CVE-2025-21204 affects Windows Update Stack with improper link resolution before file access, enabling local privilege elevation for an authenticated user. Public documentation confirms the vulnerability and that Microsoft released fixes as part of April 2025 updates; patches include OS updates t...

7.8CVSS7.1AI score0.06776EPSS
CVE
CVE
added 2026/06/09 5:6 p.m.204 views

CVE-2026-42992

CVE-2026-42992 describes a heap-based buffer overflow in the Remote Desktop Client that could allow an unauthenticated attacker to execute code over the network. The vulnerability affects the Remote Desktop Client as described across multiple sources (NVD, CVE listings, and Microsoft’s advisory)....

7.5CVSS6AI score0.00461EPSS
CVE
CVE
added 2025/01/14 6:3 p.m.198 views

CVE-2025-21263

Technical details for CVE-2025-21263 are not publicly provided in the supplied connected documents. The materials reference Windows Digital Media Elevation of Privilege vulnerability but do not describe affected components, root cause, impact specifics, or fixes. Monitor updates from official sou...

6.6CVSS6.5AI score0.00744EPSS
CVE
CVE
added 2025/03/11 4:59 p.m.198 views

CVE-2025-24076

CVE-2025-24076 affects the Windows Cross Device Service, enabling local privilege escalation via improper access control. Public material confirms a local, low-privilege attacker can escalate to SYSTEM by exploiting DLL handling in the Cross Device Service (e.g., by replacing CrossDevice.Streamin...

7.3CVSS7.2AI score0.03035EPSS
CVE
CVE
added 2025/01/14 6:3 p.m.197 views

CVE-2025-21302

CVE-2025-21302 is a Windows Telephony Service Remote Code Execution vulnerability. The CVSS 3.1 base score is 8.8 (HIGH) with network access, low attack complexity, no privileges required, and user interaction required; impacts include confidentiality, integrity, and availability. The vulnerabili...

8.8CVSS9AI score0.01388EPSS
CVE
CVE
added 4 days ago197 views

CVE-2026-56155

CVE-2026-56155 affects Active Directory Federation Services (AD FS) with insufficient granularity in access control, enabling an authorized local attacker to escalate privileges. Documents indicate a Privilege Escalation impact and note updates have been released by Microsoft to address the vulne...

7.8CVSS6AI score0.00379EPSS
In wild
CVE
CVE
added 2024/12/10 5:49 p.m.188 views

CVE-2024-49082

CVE-2024-49082 is a Windows File Explorer information disclosure vulnerability. The connected data lists impact as access to sensitive data with CVSS 3.1 v3.1 vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N, score 6.8 (Medium). Concrete details about root cause or affected Windows versions are not fu...

6.8CVSS6.4AI score0.01569EPSS
CVE
CVE
added 2025/04/08 5:23 p.m.188 views

CVE-2025-27480

CVE-2025-27480 is described as a Remote Desktop Services/RDP remote code execution vulnerability with a network attack vector (no user interaction) and a base CVSS v3.1 score of 8.1 (HIGH). Public references include a GitHub exploit claiming a remote code execution path and Krebs-style coverage p...

8.1CVSS8AI score0.09617EPSS
CVE
CVE
added 2026/06/09 5:5 p.m.186 views

CVE-2026-48576

CVE-2026-48576 is a Windows Secure Boot vulnerability described as a protection mechanism failure enabling a local attacker with high privileges to bypass a security feature. The available documents specify a local attack vector with low complexity and no user interaction, and a base CVSS 3.1 sco...

7.9CVSS7.1AI score0.01028EPSS
CVE
CVE
added 2024/12/10 5:49 p.m.185 views

CVE-2024-49115

CVE-2024-49115 is a vulnerability in Windows Remote Desktop Services that enables remote code execution. The connected documents indicate an impact of code execution with high severity (CVSS-like values around 8+ in vendor/intelligence summaries) and publicly referenced exploit potential, with re...

8.1CVSS8.3AI score0.01098EPSS
CVE
CVE
added 2025/02/11 5:58 p.m.185 views

CVE-2025-21351

CVE-2025-21351 is a Windows AD DS API Denial of Service vulnerability. The initial record notes a network‑vector DoS impacting AD DS APIs with a CVSS v3.1 base score of 7.5 (HIGH) and no user interaction required. Connected documents indicate Microsoft has released updates addressing vulnerabilit...

7.5CVSS7.9AI score0.02385EPSS
CVE
CVE
added 2026/06/09 5:5 p.m.183 views

CVE-2026-45586

Technical details (affected product/component, root cause, impact, versions, or exploit information) are not publicly available in the provided documents. Monitor for updates.

7.8CVSS5.4AI score0.03028EPSS
CVE
CVE
added 2024/11/12 5:53 p.m.179 views

CVE-2024-43625

CVE-2024-43625 is a Microsoft Windows VMSwitch elevation-of-privilege vulnerability (CVSSv3.1: 8.1, LOCAL, no user interaction). Affected component is the Windows VMSwitch; the exposed impact is potential total compromise with high confidentiality, integrity, and availability impact. Publicly dis...

8.1CVSS7.9AI score0.00661EPSS
CVE
CVE
added 2025/01/14 6:4 p.m.178 views

CVE-2025-21341

Technical details for CVE-2025-21341 are not provided in the supplied documents. Public disclosures describe it as Windows Digital Media Elevation of Privilege, but no specifics on vulnerable component, versions, exploit or fix are included. Monitor for updates.

6.6CVSS6.5AI score0.00684EPSS
CVE
CVE
added 2024/12/10 5:49 p.m.175 views

CVE-2024-49132

CVE-2024-49132 affects Windows Remote Desktop Services and is a remote code execution vulnerability exploitable over the network (attack vector: network; no privileges required; user interaction not needed). The CVSSv3.1 base score is 8.1 (HIGH) with high impact on confidentiality, integrity, and...

8.1CVSS8.2AI score0.01079EPSS
CVE
CVE
added 2024/12/10 5:49 p.m.174 views

CVE-2024-49128

CVE-2024-49128 describes a vulnerability in Windows Remote Desktop Services where sensitive data is stored in improperly locked memory. This can allow an unauthenticated, network-based attacker to execute code remotely. The CVSS 3.1 vector provided indicates network access as the attack vector, h...

8.1CVSS8.9AI score0.01154EPSS
CVE
CVE
added 2025/01/14 6:4 p.m.171 views

CVE-2025-21327

CVE-2025-21327 is a Windows Digital Media elevation-of-privilege vulnerability. The CVSS3.1 base vector indicates physical access required, low attack complexity and low privileges, with high impact on confidentiality, integrity, and availability (base score 6.6, medium). The connected data confi...

6.6CVSS6.5AI score0.00744EPSS
CVE
CVE
added 2026/04/14 4:58 p.m.171 views

CVE-2026-33829

CVE-2026-33829 concerns the Windows Snipping Tool and is assigned a CVSSv3.1 base score of 4.3 (Medium). The vulnerability is described with a network attack vector but requires user interaction and does not affect integrity or availability, with confidentiality impact listed as Low. The metric i...

4.3CVSS5.8AI score0.03447EPSS
Web
CVE
CVE
added 2026/05/19 11:30 p.m.169 views

CVE-2026-45585

CVE-2026-45585 concerns a Windows security feature bypass publicly referred to as “YellowKey.” The CVE entry notes a mitigation path provided by Microsoft to protect against the vulnerability until an update is released. The CVSSv3.1 metrics indicate a MEDIUM base score (6.8) with physical attack...

6.8CVSS5.9AI score0.01249EPSS
CVE
CVE
added 2025/02/11 5:58 p.m.168 views

CVE-2025-21377

Technical details for CVE-2025-21377 are not publicly provided in the supplied documents. No affected products, root cause, impact, or remediation are specified here. Monitor for updates in the connected feeds.

6.5CVSS7.4AI score0.23168EPSS
CVE
CVE
added 2025/03/11 4:58 p.m.163 views

CVE-2025-24035

CVE-2025-24035 affects Windows Remote Desktop Services. The connected data corroborates a remote code execution risk over a network, arising from memory handling (sensitive data stored in improperly locked memory). The impact is described as executing arbitrary code, with the network as the attac...

8.1CVSS8.2AI score0.01744EPSS
CVE
CVE
added 2025/01/14 6:4 p.m.161 views

CVE-2025-21245

CVE-2025-21245 is a Windows Telephony Service remote code execution vulnerability. The CIRCL feed and CVE listings indicate it affects Windows Telephony Service with potential for executing code from an attacker-supplied payload (impact: execution of arbitrary code) and a CVSS v3.1 base score of ...

8.8CVSS9AI score0.01653EPSS
CVE
CVE
added 2025/01/14 6:4 p.m.161 views

CVE-2025-21311

CVE-2025-21311 is a Windows NTLMv1 Elevation of Privilege vulnerability. Affected product: Windows NTLM V1. The issue is remotely exploitable over the network with no user interaction required and can lead to a complete compromise of the target (CVSS v3.1: 9.8, Confidentiality, Integrity and Avai...

9.8CVSS9.5AI score0.02169EPSS
CVE
CVE
added 2025/01/14 6:4 p.m.159 views

CVE-2025-21417

CVE-2025-21417 is a Windows Telephony Service remote code execution vulnerability. CIRCL confirms the CVE with a high impact (CVSS 8.80, Execute code) within Windows Telephony Service; CNVD describes a remote code execution vulnerability in Windows Telephony Server. Microsoft has public security ...

8.8CVSS9AI score0.01148EPSS
CVE
CVE
added 2025/07/08 4:57 p.m.158 views

CVE-2025-48799

CVE-2025-48799 is an Elevation of Privilege flaw in Windows Update Service (wuauserv) described as: improper link resolution before file access ('link following') can allow an authorized local attacker to elevate to NT AUTHORITY\SYSTEM when Windows 10/11 systems have at least two drives and Stora...

7.8CVSS6.5AI score0.0103EPSS
CVE
CVE
added 2024/11/12 5:53 p.m.157 views

CVE-2024-49046

CVE-2024-49046 affects the Windows Win32 Kernel Subsystem and is categorized as an Elevation of Privilege vulnerability. The CVSS 3.1 vector indicates LOCAL exploitability with LOW attack complexity and LOW privileges required, but HIGH impact to confidentiality, integrity, and availability under...

7.8CVSS7.6AI score0.00443EPSS
CVE
CVE
added 2025/01/17 12:28 a.m.156 views

CVE-2025-21325

CVE-2025-21325 is described as a Windows Secure Kernel Mode Elevation of Privilege vulnerability. The provided data include a CVSS 3.1 vector indicating a local, low-complexity attack requiring low privileges with no user interaction, and impact to confidentiality, integrity, and availability rat...

7.8CVSS7.7AI score0.00433EPSS
CVE
CVE
added 2025/01/14 6:4 p.m.155 views

CVE-2025-21273

Technical details are not publicly provided in the supplied documents. The CVE-2025-21273 entry lacks explicit affected product versions, root cause, or remediation specifics in this set; monitor for updates from Microsoft/MSRC.

8.8CVSS9AI score0.01242EPSS
CVE
CVE
added 2024/12/10 8:6 p.m.153 views

CVE-2024-49105

CVE-2024-49105 affects the Windows Remote Desktop Client. It enables remote code execution over the network; exploitation requires user interaction and high privileges, with high impacts to confidentiality, integrity, and availability. CVSS v3.1 base score 8.4 (Network, Low attack complexity, Pri...

8.4CVSS8.6AI score0.01507EPSS
CVE
CVE
added 2025/01/14 6:4 p.m.153 views

CVE-2025-21211

Technical details about CVE-2025-21211 are not publicly provided in the supplied connected documents. Monitor for updates from official advisories; no confirmed affected products, vectors, or fixes are described here.

6.8CVSS6.6AI score0.00757EPSS
CVE
CVE
added 2025/01/14 6:4 p.m.153 views

CVE-2025-21310

Technical details for CVE-2025-21310 are not publicly available in the provided documents. Monitor for updates from Microsoft and NVD.

6.6CVSS6.5AI score0.00818EPSS
CVE
CVE
added 2025/01/14 6:4 p.m.152 views

CVE-2025-21275

Technical details about CVE-2025-21275 (Windows App Package Installer Elevation of Privilege) are not provided in the supplied documents. Public specifics on affected product/version/root cause/impact/fix are not available here; monitor for authoritative updates from Microsoft/CVE records.

7.8CVSS7.7AI score0.00606EPSS
CVE
CVE
added 2025/01/14 6:3 p.m.150 views

CVE-2025-21260

Technical details about CVE-2025-21260 are not publicly provided in the connected documents. Monitor for updates from Microsoft and CVE sources for affected components, impact, and remediation.

6.6CVSS6.5AI score0.00818EPSS
CVE
CVE
added 2024/12/10 5:49 p.m.148 views

CVE-2024-49120

Technical details for CVE-2024-49120 are not publicly available in the provided documents. Monitor for updates from Microsoft and security advisories; this dataset does not disclose affected products, vectors, or fixes.

8.1CVSS8.3AI score0.01079EPSS
CVE
CVE
added 2025/08/12 5:10 p.m.148 views

CVE-2025-50165

CVE-2025-50165 targets the Windows/Microsoft Graphics Component through an untrusted pointer dereference in JPEG decoding, enabling remote code execution. Exploitation relies on specially crafted images (e.g., JPEG metadata segments) to trigger code execution without user interaction on affected ...

9.8CVSS7.4AI score0.03549EPSS
CVE
CVE
added 2025/01/14 6:4 p.m.147 views

CVE-2025-21329

CVE-2025-21329 is a MapUrlToZone Security Feature Bypass in Windows. Public docs identify it as a bypass of a security feature (CVE-2025-21329) with CVSS v3.1 base metrics indicating NETWORK attack vector, low attack complexity, no privileges required, user interaction required, and a MEDIUM seve...

4.3CVSS4.6AI score0.01488EPSS
CVE
CVE
added 2024/12/10 5:49 p.m.146 views

CVE-2024-49080

CVE-2024-49080 affects Windows IP Routing Management Snapin and is a remote code execution vulnerability. According to the Initial document, it has CVSS 3.1 base metrics: Network attack vector, low attack complexity, low privileges required, no user interaction, with impacts on confidentiality, i...

8.8CVSS8.9AI score0.01703EPSS
CVE
CVE
added 2025/02/11 5:58 p.m.146 views

CVE-2025-21369

CVE-2025-21369 is listed by the NCSC advisory as a vulnerability in Microsoft Windows’ Digest Authentication that enables executing arbitrary code. The advisory attributes an overall high severity (CVSS v3.1 base 8.80) with a network attack vector and impact. The connected document confirms the v...

8.8CVSS8.8AI score0.02284EPSS
CVE
CVE
added 2025/02/11 5:58 p.m.146 views

CVE-2025-21419

CVE-2025-21419 is a Windows Setup cleanup vulnerability that enables local elevation of privilege. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H) indicates an attacker with low privileges and local access can achieve high integrity and availability impact, without user interaction. The...

7.1CVSS7.6AI score0.0071EPSS
Total number of security vulnerabilities1374