Skip to main content
CVE-2025-60726 HIGH This Month

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure 365 Apps Excel +3
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-60724 CRITICAL This Week

Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Heap Overflow Office Office Long Term Servicing Channel +14
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-60723 MEDIUM This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to deny service over a network. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Microsoft Information Disclosure Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-60722 MEDIUM This Month

Improper limitation of a pathname to a restricted directory ('path traversal') in OneDrive for Android allows an authorized attacker to elevate privileges over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Google Onedrive Android
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-60721 HIGH This Month

Privilege context switching error in Windows Administrator Protection allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 11 24h2 Windows 11 25h2 Windows
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-60720 HIGH This Month

Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +12
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-60719 HIGH This Month

Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +12
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-60718 HIGH This Month

Untrusted search path in Windows Administrator Protection allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 11 24h2 Windows 11 25h2 Windows
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-60717 HIGH This Month

Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Microsoft Use After Free Windows 10 1809 +9
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-60716 HIGH This Month

Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Microsoft Use After Free Windows 10 1809 +10
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-60715 HIGH This Month

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Heap Overflow Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-60714 HIGH This Month

Heap-based buffer overflow in Windows OLE allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Heap Overflow Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-60713 HIGH This Month

Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows Server 2016 Windows Server 2019 Windows Server 2022 +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-60709 HIGH This Month

Out-of-bounds read in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-60708 MEDIUM This Month

Untrusted pointer dereference in Storvsp.sys Driver allows an authorized attacker to deny service locally. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Windows 10 1607 Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +9
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-60707 HIGH This Month

Use after free in Multimedia Class Scheduler Service (MMCSS) allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-60706 MEDIUM This Month

Out-of-bounds read in Windows Hyper-V allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-60705 HIGH This Month

Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows 10 1607 Windows 10 1809 Windows 10 21h2 +12
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-60704 HIGH This Month

Missing cryptographic step in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Authentication Bypass Windows 10 1607 Windows 10 1809 Windows 10 21h2 +12
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-60703 HIGH This Month

Untrusted pointer dereference in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +12
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-59515 HIGH This Month

Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Microsoft Use After Free Windows 10 1809 +9
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-59514 HIGH This Month

Improper privilege management in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Windows 10 1607 Windows 10 1809 Windows 10 21h2 +11
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-59513 MEDIUM This Month

Out-of-bounds read in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-59512 HIGH This Month

Improper access control in Customer Experience Improvement Program (CEIP) allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Windows 10 1607 Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +10
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-59511 HIGH This Month

External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +8
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-59510 MEDIUM This Month

Improper link resolution before file access ('link following') in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to deny service locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +11
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-59509 MEDIUM This Month

Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +8
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-59508 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Microsoft Information Disclosure Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-59507 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Microsoft Information Disclosure Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-59506 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Microsoft Information Disclosure Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-59505 HIGH This Month

Double free in Windows Smart Card allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +11
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-59504 HIGH This Month

Heap-based buffer overflow in Azure Monitor Agent allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Heap Overflow Azure Monitor Agent
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-59499 HIGH This Month

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Sql Server 2016 Sql Server 2017 Sql Server 2019 Sql Server 2022
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-59240 MEDIUM This Month

Exposure of sensitive information to an unauthorized actor in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft 365 Apps Excel Office +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-47179 MEDIUM This Month

Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Configuration Manager 2403 Configuration Manager 2409 Configuration Manager 2503
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2025-61832 HIGH This Month

InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Indesign
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-61824 HIGH This Month

InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Indesign
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-61818 HIGH This Month

InCopy versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE Use After Free Incopy
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-61817 HIGH This Month

InCopy versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE Use After Free Incopy
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-61816 HIGH This Month

InCopy versions 20.5, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Incopy
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-61815 HIGH This Month

InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE Use After Free Indesign
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-61814 HIGH This Month

InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE Use After Free Indesign
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-35972 MEDIUM This Month

Uncontrolled search path for the Intel MPI Library before version 2021.16 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-35971 HIGH This Month

Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Intel Microsoft Memory Corruption Denial Of Service +1
NVD
CVSS 4.0
8.3
EPSS
0.1%
CVE-2025-35968 HIGH This Month

Protection mechanism failure in the UEFI firmware for the Slim Bootloader within firmware may allow an escalation of privilege. Rated high severity (CVSS 7.1). No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-35967 HIGH This Month

Out-of-bounds read for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Intel Microsoft Denial Of Service +1
NVD
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-35963 HIGH This Month

Insufficient control flow management for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Denial Of Service Microsoft Windows
NVD
CVSS 4.0
8.3
EPSS
0.0%
CVE-2025-33202 MEDIUM This Month

NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where an attacker could cause a stack overflow by sending extra-large payloads. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Microsoft Nvidia Denial Of Service +2
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-33186 HIGH This Month

NVIDIA AIStore contains a vulnerability in AuthN. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia Information Disclosure Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-33185 MEDIUM This Month

NVIDIA AIStore contains a vulnerability in AuthN where an unauthenticated user may cause information disclosure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia Information Disclosure Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.0%
Prev Page 3 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy