Skip to main content

Windows 10 1507

1094 CVEs product

Monthly

CVE-2025-62209 MEDIUM This Month

Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-62208 MEDIUM This Month

Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-59214 MEDIUM This Month

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +14
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-55234 HIGH This Month

SMB Server might be susceptible to relay attacks depending on the configuration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-55226 MEDIUM This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to execute code locally. Rated medium severity (CVSS 6.7). No vendor patch available.

Information Disclosure Race Condition Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-54918 HIGH This Month

Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-54917 MEDIUM Monitor

Protection mechanism failure in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-54916 HIGH This Month

Stack-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Stack Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54915 MEDIUM This Month

Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2025-54913 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows UI XAML Maps MapControlSettings allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8). No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 1507 Windows 10 1607 +12
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-54912 HIGH This Month

Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54911 HIGH This Month

Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-54895 HIGH This Month

Integer overflow or wraparound in Windows SPNEGO Extended Negotiation allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8). No vendor patch available.

Buffer Overflow Microsoft Integer Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54894 HIGH This Month

Local Security Authority Subsystem Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54116 HIGH This Week

Improper access control in Windows MultiPoint Services allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-54112 HIGH This Week

Use after free in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +12
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-54111 HIGH This Week

Use after free in Windows UI XAML Phone DatePickerFlyout allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8). No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54110 HIGH This Week

Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Integer Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-54109 MEDIUM This Month

Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2025-54107 MEDIUM Monitor

Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-54104 MEDIUM This Month

Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2025-54101 MEDIUM Monitor

Use after free in Windows SMBv3 Client allows an authorized attacker to execute code over a network. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +12
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2025-54099 HIGH This Week

Stack-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Buffer Overflow Microsoft Stack Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-54098 HIGH This Week

Improper access control in Windows Hyper-V allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54094 MEDIUM This Month

Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2025-54093 HIGH This Week

Time-of-check time-of-use (toctou) race condition in Windows TCP/IP allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-54091 HIGH This Week

Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53810 MEDIUM This Month

Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2025-53808 MEDIUM This Month

Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2025-53804 MEDIUM This Month

Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-53803 MEDIUM This Month

Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-53801 HIGH This Month

Untrusted pointer dereference in Windows DWM allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53799 MEDIUM This Month

Use of uninitialized resource in Windows Imaging Component allows an unauthorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Office Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-55230 HIGH This Week

Untrusted pointer dereference in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-55229 MEDIUM This Month

Improper verification of cryptographic signature in Windows Certificates allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Jwt Attack Windows 10 1507 Windows 10 1607 +12
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-53789 HIGH This Month

Missing authentication for critical function in Windows StateRepository API allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53778 HIGH CERT-EU This Month

Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-53766 CRITICAL CERT-EU This Week

Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Office Windows 10 1507 +15
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-53726 HIGH This Week

Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-53725 HIGH This Week

Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-53724 HIGH This Week

Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-53723 HIGH This Week

Numeric truncation error in Windows Hyper-V allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53722 HIGH Act Now

Uncontrolled resource consumption in Windows Remote Desktop Services allows an unauthorized attacker to deny service over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.2% and no vendor patch available.

Denial Of Service Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.5
EPSS
10.2%
CVE-2025-53718 HIGH This Week

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-53155 HIGH This Week

Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53154 HIGH This Week

Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Microsoft Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53152 HIGH This Week

Use after free in Desktop Windows Manager allows an authorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +12
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53149 HIGH POC This Week

Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2025-53147 HIGH This Week

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-53145 HIGH This Week

Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2025-53144 HIGH This Week

Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2025-53143 HIGH This Week

Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2025-53141 HIGH This Week

Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Microsoft Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53140 HIGH This Week

Use after free in Kernel Transaction Manager allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-53137 HIGH This Month

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-53136 MEDIUM This Month

Exposure of sensitive information to an unauthorized actor in Windows NT OS Kernel allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-53135 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-53134 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-53132 HIGH This Week

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-50177 HIGH CERT-EU This Week

Use after free in Windows Message Queuing allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Microsoft Race Condition Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-50173 HIGH This Week

Weak authentication in Windows Installer allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-50167 HIGH This Week

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-50166 MEDIUM This Month

Integer overflow or wraparound in Windows Distributed Transaction Coordinator allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Integer Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-50161 HIGH This Week

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-50159 HIGH This Week

Use after free in Remote Access Point-to-Point Protocol (PPP) EAP-TLS allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-50158 HIGH This Week

Time-of-check time-of-use (toctou) race condition in Windows NTFS allows an unauthorized attacker to disclose information locally. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-50155 HIGH This Week

Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-50154 MEDIUM POC THREAT This Month

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 15.1%.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
15.1%
CVE-2025-50153 HIGH This Week

Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +12
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49762 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-49761 HIGH This Month

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49743 MEDIUM This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7). No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2025-49744 HIGH POC PATCH This Week

Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Microsoft Heap Overflow Buffer Overflow Windows 10 22h2 Windows Server 2016 +11
NVD Exploit-DB
CVSS 3.1
7.0
EPSS
0.9%
CVE-2025-49742 HIGH PATCH This Week

Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally.

Microsoft Heap Overflow Buffer Overflow Windows 10 21h2 Windows Server 2008 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49740 HIGH PATCH This Week

Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network.

Microsoft Authentication Bypass Windows Server 2019 Windows 10 22h2 Windows Server 2025 +11
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49732 HIGH PATCH This Week

Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Microsoft Heap Overflow Buffer Overflow Windows 10 1809 Windows 10 22h2 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49730 HIGH POC PATCH This Week

Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally.

Microsoft Heap Overflow Buffer Overflow Windows Server 2012 Windows 10 22h2 +14
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2025-49727 HIGH PATCH This Week

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

Microsoft Heap Overflow Buffer Overflow Windows Server 2025 Windows 11 22h2 +14
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-49722 MEDIUM PATCH This Month

Uncontrolled resource consumption in Windows Print Spooler Components allows an authorized attacker to deny service over an adjacent network.

Microsoft Denial Of Service Windows 10 21h2 Windows Server 2016 Windows 10 1507 +13
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2025-49721 HIGH PATCH This Week

Heap-based buffer overflow in Windows Fast FAT Driver allows an unauthorized attacker to elevate privileges locally.

Microsoft Heap Overflow Buffer Overflow Windows Server 2012 Windows Server 2019 +14
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49691 HIGH PATCH This Week

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over an adjacent network.

Microsoft Heap Overflow Buffer Overflow Windows 10 1607 Windows 11 22h2 +12
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-49689 HIGH PATCH This Week

Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.

Information Disclosure Buffer Overflow Windows Server 2022 23h2 Windows Server 2019 Windows 10 22h2 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49687 HIGH PATCH This Week

Out-of-bounds read in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure Buffer Overflow Windows 10 22h2 Windows 11 23h2 +12
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49686 HIGH PATCH This Week

Null pointer dereference in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

Microsoft Null Pointer Dereference Denial Of Service Windows Server 2022 Windows Server 2019 +14
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49684 MEDIUM PATCH This Month

Buffer over-read in Storage Port Driver allows an authorized attacker to disclose information locally.

Buffer Overflow Windows 10 1507 Windows Server 2016 Windows Server 2019 Windows Server 2025 +11
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-49683 HIGH POC PATCH This Week

Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execute code locally.

Heap Overflow Buffer Overflow Windows 10 22h2 Windows 10 21h2 Windows 11 24h2 +13
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-49680 HIGH PATCH This Week

Improper link resolution before file access ('link following') in Windows Performance Recorder allows an authorized attacker to deny service locally.

Microsoft Information Disclosure Windows 11 24h2 Windows Server 2025 Windows 10 21h2 +11
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-49679 HIGH PATCH This Week

A privilege escalation vulnerability in Numeric truncation error in Windows Shell (CVSS 7.8) that allows an authorized attacker. High severity vulnerability requiring prompt remediation.

Microsoft Information Disclosure Windows 10 22h2 Windows Server 2019 Windows Server 2016 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49678 HIGH PATCH This Week

Null pointer dereference in Windows NTFS allows an authorized attacker to elevate privileges locally.

Microsoft Race Condition Denial Of Service Windows Server 2016 Windows 10 22h2 +14
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-49675 HIGH PATCH This Week

Use after free in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.

Use After Free Memory Corruption Denial Of Service Windows Server 2025 Windows 10 22h2 +14
NVD
CVSS 3.1
7.8
EPSS
0.1%
EPSS 0% CVSS 5.5
MEDIUM This Month

Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1507 +14
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1507 +14
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 +16
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Month

SMB Server might be susceptible to relay attacks depending on the configuration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 +14
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to execute code locally. Rated medium severity (CVSS 6.7). No vendor patch available.

Information Disclosure Race Condition Windows 10 1507 +15
NVD
EPSS 0% CVSS 8.8
HIGH This Month

Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 +15
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

Protection mechanism failure in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 +15
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Stack-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Stack Overflow +16
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure +16
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows UI XAML Maps MapControlSettings allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8). No vendor patch available.

Information Disclosure Microsoft Race Condition +14
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +17
NVD
EPSS 0% CVSS 7.3
HIGH This Month

Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +17
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Integer overflow or wraparound in Windows SPNEGO Extended Negotiation allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8). No vendor patch available.

Buffer Overflow Microsoft Integer Overflow +16
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Local Security Authority Subsystem Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Windows 10 1507 +15
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Improper access control in Windows MultiPoint Services allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 +13
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Use after free in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free +14
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Use after free in Windows UI XAML Phone DatePickerFlyout allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8). No vendor patch available.

Memory Corruption Denial Of Service Use After Free +15
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Integer Overflow +16
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure +16
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 +15
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure +16
NVD
EPSS 0% CVSS 4.8
MEDIUM Monitor

Use after free in Windows SMBv3 Client allows an authorized attacker to execute code over a network. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +14
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Stack-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Buffer Overflow Microsoft Stack Overflow +16
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Improper access control in Windows Hyper-V allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 +15
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure +16
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Time-of-check time-of-use (toctou) race condition in Windows TCP/IP allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 +15
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft +15
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure +16
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure +16
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 +14
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 +14
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Untrusted pointer dereference in Windows DWM allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 +11
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Use of uninitialized resource in Windows Imaging Component allows an unauthorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Office +16
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Untrusted pointer dereference in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 +15
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Improper verification of cryptographic signature in Windows Certificates allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Jwt Attack +14
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Missing authentication for critical function in Windows StateRepository API allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 +13
NVD
EPSS 0% CVSS 8.8
HIGH This Month

Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 +15
NVD
EPSS 0% CVSS 9.8
CRITICAL This Week

Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft +17
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure +15
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure +15
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure +15
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Numeric truncation error in Windows Hyper-V allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft +15
NVD
EPSS 10% CVSS 7.5
HIGH Act Now

Uncontrolled resource consumption in Windows Remote Desktop Services allows an unauthorized attacker to deny service over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.2% and no vendor patch available.

Denial Of Service Microsoft Windows 10 1507 +15
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free +17
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft +15
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Microsoft +16
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Use after free in Desktop Windows Manager allows an authorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +14
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Windows 10 1507 +15
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free +17
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure +16
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure +16
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure +16
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Microsoft +16
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Use after free in Kernel Transaction Manager allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free +16
NVD
EPSS 0% CVSS 7.0
HIGH This Month

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free +17
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Exposure of sensitive information to an unauthorized actor in Windows NT OS Kernel allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 +15
NVD
EPSS 0% CVSS 7.0
HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Microsoft Race Condition +15
NVD
EPSS 0% CVSS 7.0
HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 +15
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Race Condition +16
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Use after free in Windows Message Queuing allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Microsoft Race Condition +16
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Weak authentication in Windows Installer allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 +15
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Microsoft Race Condition +15
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Integer overflow or wraparound in Windows Distributed Transaction Coordinator allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Integer Overflow +16
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft +16
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Use after free in Remote Access Point-to-Point Protocol (PPP) EAP-TLS allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +15
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Time-of-check time-of-use (toctou) race condition in Windows NTFS allows an unauthorized attacker to disclose information locally. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 +15
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft +15
NVD
EPSS 15% CVSS 6.5
MEDIUM POC THREAT This Month

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 15.1%.

Microsoft Information Disclosure Windows 10 1507 +15
NVD GitHub Exploit-DB
EPSS 0% CVSS 7.8
HIGH This Week

Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +14
NVD
EPSS 0% CVSS 7.0
HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Microsoft Race Condition +16
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +17
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7). No vendor patch available.

Information Disclosure Microsoft Race Condition +15
NVD
EPSS 1% CVSS 7.0
HIGH POC PATCH This Week

Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Microsoft Heap Overflow Buffer Overflow +13
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally.

Microsoft Heap Overflow Buffer Overflow +15
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network.

Microsoft Authentication Bypass Windows Server 2019 +13
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Microsoft Heap Overflow Buffer Overflow +15
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally.

Microsoft Heap Overflow Buffer Overflow +16
NVD Exploit-DB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

Microsoft Heap Overflow Buffer Overflow +16
NVD
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

Uncontrolled resource consumption in Windows Print Spooler Components allows an authorized attacker to deny service over an adjacent network.

Microsoft Denial Of Service Windows 10 21h2 +15
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Heap-based buffer overflow in Windows Fast FAT Driver allows an unauthorized attacker to elevate privileges locally.

Microsoft Heap Overflow Buffer Overflow +16
NVD
EPSS 0% CVSS 8.0
HIGH PATCH This Week

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over an adjacent network.

Microsoft Heap Overflow Buffer Overflow +14
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.

Information Disclosure Buffer Overflow Windows Server 2022 23h2 +15
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out-of-bounds read in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure Buffer Overflow +14
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Null pointer dereference in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

Microsoft Null Pointer Dereference Denial Of Service +16
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Buffer over-read in Storage Port Driver allows an authorized attacker to disclose information locally.

Buffer Overflow Windows 10 1507 Windows Server 2016 +13
NVD
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execute code locally.

Heap Overflow Buffer Overflow Windows 10 22h2 +15
NVD Exploit-DB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Improper link resolution before file access ('link following') in Windows Performance Recorder allows an authorized attacker to deny service locally.

Microsoft Information Disclosure Windows 11 24h2 +13
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A privilege escalation vulnerability in Numeric truncation error in Windows Shell (CVSS 7.8) that allows an authorized attacker. High severity vulnerability requiring prompt remediation.

Microsoft Information Disclosure Windows 10 22h2 +15
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Null pointer dereference in Windows NTFS allows an authorized attacker to elevate privileges locally.

Microsoft Race Condition Denial Of Service +16
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use after free in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.

Use After Free Memory Corruption Denial Of Service +16
NVD
Page 1 of 13 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy