Skip to main content

Windows Server 2008

3078 CVEs product

Monthly

CVE-2025-53132 HIGH This Week

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-50177 HIGH CERT-EU This Week

Use after free in Windows Message Queuing allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Microsoft Race Condition Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-50173 HIGH This Week

Weak authentication in Windows Installer allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-50166 MEDIUM This Month

Integer overflow or wraparound in Windows Distributed Transaction Coordinator allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Integer Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-50164 HIGH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Windows Server 2008 Windows Server 2012 +6
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-50163 HIGH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Windows Server 2008 Windows Server 2012 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-50162 HIGH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Windows Server 2008 Windows Server 2012 +6
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-50161 HIGH This Week

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-50160 HIGH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Windows Server 2008 Windows Server 2012 +6
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-50158 HIGH This Week

Time-of-check time-of-use (toctou) race condition in Windows NTFS allows an unauthorized attacker to disclose information locally. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-50157 MEDIUM This Month

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2008 Windows Server 2012 Windows Server 2016 +5
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2025-50156 MEDIUM This Month

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2008 Windows Server 2012 Windows Server 2016 +5
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2025-50154 MEDIUM POC THREAT This Month

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 15.1%.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
15.1%
CVE-2025-50153 HIGH This Week

Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +12
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49762 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-49761 HIGH This Month

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49757 HIGH This Month

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Windows Server 2008 Windows Server 2012 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49743 MEDIUM This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7). No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2025-49753 HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2025 Windows Server 2019 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49742 HIGH PATCH This Week

Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally.

Microsoft Heap Overflow Buffer Overflow Windows 10 21h2 Windows Server 2008 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49732 HIGH PATCH This Week

Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Microsoft Heap Overflow Buffer Overflow Windows 10 1809 Windows 10 22h2 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49730 HIGH POC PATCH This Week

Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally.

Microsoft Heap Overflow Buffer Overflow Windows Server 2012 Windows 10 22h2 +14
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2025-49729 HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2012 Windows Server 2019 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49727 HIGH PATCH This Week

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

Microsoft Heap Overflow Buffer Overflow Windows Server 2025 Windows 11 22h2 +14
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-49722 MEDIUM PATCH This Month

Uncontrolled resource consumption in Windows Print Spooler Components allows an authorized attacker to deny service over an adjacent network.

Microsoft Denial Of Service Windows 10 21h2 Windows Server 2016 Windows 10 1507 +13
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2025-49721 HIGH PATCH This Week

Heap-based buffer overflow in Windows Fast FAT Driver allows an unauthorized attacker to elevate privileges locally.

Microsoft Heap Overflow Buffer Overflow Windows Server 2012 Windows Server 2019 +14
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49716 HIGH PATCH This Week

Uncontrolled resource consumption in Windows Netlogon allows an unauthorized attacker to deny service over a network.

Microsoft Denial Of Service Windows Server 2012 Windows Server 2016 Windows Server 2022 +4
NVD
CVSS 3.1
7.5
EPSS
8.7%
CVE-2025-49689 HIGH PATCH This Week

Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.

Information Disclosure Buffer Overflow Windows Server 2022 23h2 Windows Server 2019 Windows 10 22h2 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49686 HIGH PATCH This Week

Null pointer dereference in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

Microsoft Null Pointer Dereference Denial Of Service Windows Server 2022 Windows Server 2019 +14
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49683 HIGH POC PATCH This Week

Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execute code locally.

Heap Overflow Buffer Overflow Windows 10 22h2 Windows 10 21h2 Windows 11 24h2 +13
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-49681 MEDIUM PATCH This Month

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Buffer Overflow Windows Server 2012 Windows Server 2022 +6
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-49679 HIGH PATCH This Week

A privilege escalation vulnerability in Numeric truncation error in Windows Shell (CVSS 7.8) that allows an authorized attacker. High severity vulnerability requiring prompt remediation.

Microsoft Information Disclosure Windows 10 22h2 Windows Server 2019 Windows Server 2016 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49678 HIGH PATCH This Week

Null pointer dereference in Windows NTFS allows an authorized attacker to elevate privileges locally.

Microsoft Race Condition Denial Of Service Windows Server 2016 Windows 10 22h2 +14
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-49676 HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2022 23h2 Windows Server 2025 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49675 HIGH PATCH This Week

Use after free in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.

Use After Free Memory Corruption Denial Of Service Windows Server 2025 Windows 10 22h2 +14
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49674 HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2022 23h2 Windows Server 2022 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49673 HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2016 Windows Server 2012 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49672 HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2019 Windows Server 2025 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49671 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Buffer Overflow Windows Server 2022 Windows Server 2025 +6
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-49670 MEDIUM PATCH This Month

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2012 Windows Server 2025 +6
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-49669 HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2008 Windows Server 2019 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49668 HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2008 Windows Server 2012 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49667 HIGH PATCH This Week

A privilege escalation vulnerability in Double free in Windows Win32K - ICOMP (CVSS 7.8) that allows an authorized attacker. High severity vulnerability requiring prompt remediation.

Microsoft Information Disclosure Windows Server 2025 Windows 10 1809 Windows Server 2012 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49664 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows User-Mode Driver Framework Host allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows Server 2019 Windows 11 22h2 Windows 10 21h2 +13
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-49663 HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2019 Windows Server 2025 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49661 HIGH PATCH This Week

A privilege escalation vulnerability in Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock (CVSS 7.8) that allows an authorized attacker. High severity vulnerability requiring prompt remediation.

Microsoft Information Disclosure Windows Server 2008 Windows Server 2022 23h2 Windows 10 1507 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49659 HIGH PATCH This Week

Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.

Microsoft Buffer Overflow Windows Server 2025 Windows 10 1809 Windows Server 2019 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49658 MEDIUM PATCH This Month

Out-of-bounds read in Windows TDX.sys allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Buffer Overflow Windows Server 2019 Windows Server 2012 +14
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-49657 HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2016 Windows Server 2008 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-48824 HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2012 Windows Server 2008 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-48821 HIGH PATCH This Week

Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.

Microsoft Use After Free Memory Corruption Denial Of Service Windows 10 1507 +15
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-48819 HIGH PATCH This Week

Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.

Microsoft Information Disclosure Windows 11 22h2 Windows 10 1809 Windows Server 2022 23h2 +13
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-48817 HIGH PATCH This Week

Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Path Traversal Windows 10 21h2 Windows 10 1809 Windows Server 2025 Windows Server 2008 +14
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-48816 HIGH PATCH This Week

Integer overflow or wraparound in HID class driver allows an authorized attacker to elevate privileges locally.

Information Disclosure Buffer Overflow Windows 11 22h2 Windows Server 2022 23h2 Windows 10 22h2 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-48815 HIGH PATCH This Week

Access of resource using incompatible type ('type confusion') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure Memory Corruption Windows 10 1607 Windows Server 2016 +14
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-48814 HIGH PATCH This Week

Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an unauthorized attacker to bypass a security feature over a network.

Microsoft Authentication Bypass Windows Server 2022 23h2 Windows Server 2008 Windows 10 1809 +12
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-48808 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows Server 2019 Windows Server 2022 23h2 Windows Server 2025 +13
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-48806 HIGH PATCH This Week

Use after free in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally.

Microsoft Use After Free Memory Corruption Denial Of Service Windows Server 2008 +14
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-48805 HIGH PATCH This Week

Heap-based buffer overflow in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally.

Microsoft Heap Overflow Buffer Overflow Windows Server 2025 Windows 10 21h2 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-47998 HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2019 Windows Server 2016 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-47996 HIGH PATCH This Week

Integer underflow (wrap or wraparound) in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure Buffer Overflow Windows Server 2016 Windows 10 1507 +14
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-47987 HIGH POC PATCH This Week

Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally.

Microsoft Heap Overflow Buffer Overflow Windows Server 2012 Windows Server 2019 +14
NVD Exploit-DB VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-47986 HIGH PATCH This Week

Use after free in Universal Print Management Service allows an authorized attacker to elevate privileges locally.

Use After Free Memory Corruption Denial Of Service Windows Server 2022 Windows 10 1809 +14
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-47985 HIGH PATCH This Week

A privilege escalation vulnerability in Untrusted pointer dereference in Windows Event Tracing (CVSS 7.8) that allows an authorized attacker. High severity vulnerability requiring prompt remediation.

Microsoft Information Disclosure Windows 10 1607 Windows 11 23h2 Windows 10 1507 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-47984 HIGH PATCH This Week

Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Windows Server 2008 Windows 11 22h2 Windows 10 22h2 +13
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-47981 CRITICAL POC PATCH Act Now

Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows 10 21h2 Windows 11 23h2 +14
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2025-47980 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an unauthorized attacker to disclose information locally.

Microsoft Information Disclosure Windows Server 2022 Windows 11 24h2 Windows 10 1809 +13
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2025-47976 HIGH PATCH This Week

Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

Microsoft Use After Free Memory Corruption Denial Of Service Windows Server 2022 23h2 +15
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-47975 HIGH PATCH This Week

A privilege escalation vulnerability in Double free in Windows SSDP Service (CVSS 7.0) that allows an authorized attacker. High severity vulnerability requiring prompt remediation.

Microsoft Information Disclosure Windows 10 1809 Windows 11 22h2 Windows 11 24h2 +13
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-47973 HIGH PATCH This Week

Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.

Buffer Overflow Windows Server 2008 Windows Server 2016 Windows 10 21h2 Windows Server 2012 +12
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-47971 HIGH PATCH This Week

Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.

Buffer Overflow Windows 10 22h2 Windows 10 1607 Windows 10 1507 Windows 10 1809 +12
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-47955 HIGH PATCH This Week

Privilege escalation vulnerability in Windows Remote Access Connection Manager that allows an authenticated local attacker to elevate privileges to a higher integrity level without user interaction. The vulnerability affects Windows systems with Remote Access Connection Manager enabled and has a CVSS score of 7.8 (High severity). While no active exploitation in the wild has been publicly confirmed at this time, the local attack vector combined with low complexity and no user interaction requirement makes this a significant risk for multi-user or compromised systems where an attacker already has local access.

Microsoft Privilege Escalation Windows Windows Server 2022 Windows 10 1507 +13
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-33075 HIGH PATCH This Week

Privilege escalation vulnerability in Windows Installer that exploits improper symlink/junction handling (CWE-59: link following) to allow an authorized local attacker to elevate privileges without user interaction. With a CVSS score of 7.8 and CVSS vector indicating local attack vector with low complexity and no user interaction required, this vulnerability affects Windows Installer across multiple versions. Real-world risk depends on KEV/CISA status and EPSS probability, which should be cross-referenced against active exploitation reports and POC availability.

Microsoft Windows Privilege Escalation Windows Server 2019 Windows Server 2025 +13
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2025-33073 HIGH POC KEV PATCH THREAT Act Now

Windows SMB contains an improper access control vulnerability (CVE-2025-33073, CVSS 8.8) enabling authenticated attackers to escalate privileges over the network. KEV-listed with EPSS 57.6% and public PoC, this vulnerability in the core Windows file sharing protocol affects every Windows system on the network, enabling lateral movement from any compromised domain account to SYSTEM-level access on SMB-accessible systems.

Microsoft Information Disclosure Windows Server 2022 Windows 11 24h2 Windows 10 21h2 +14
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
57.6%
Threat
6.5
CVE-2025-33070 HIGH PATCH This Week

Use-of-uninitialized-resource vulnerability in Windows Netlogon that allows unauthenticated network attackers to achieve privilege escalation through a complex exploitation path. The vulnerability affects Windows systems running Netlogon services and enables remote code execution with high impact on confidentiality, integrity, and availability. Given the network-based attack vector and lack of authentication requirements, this represents a significant threat to networked Windows environments, though exploitation requires specific conditions (high attack complexity).

Microsoft Authentication Bypass Windows 11 24h2 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2025-33066 HIGH PATCH This Week

Heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service (RRAS) that allows unauthenticated remote attackers to execute arbitrary code over the network with user interaction. This is a critical network-accessible vulnerability affecting Windows systems running RRAS; successful exploitation grants the attacker complete system compromise with high confidentiality, integrity, and availability impact. The CVSS 8.8 score reflects the severity, though real-world exploitation probability and active KEV status would determine if this is actively weaponized.

Microsoft Buffer Overflow Windows 11 23h2 Windows 10 1809 Windows Server 2019 +13
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-33064 HIGH PATCH This Week

Heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service (RRAS) that allows authenticated network attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. This is a critical vulnerability affecting RRAS implementations across Windows Server and client operating systems; exploitation requires valid credentials but no user interaction, making it suitable for lateral movement and privilege escalation scenarios within compromised networks.

Microsoft Buffer Overflow Windows Server 2025 Windows 11 23h2 Windows 10 1507 +13
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-33057 MEDIUM PATCH This Month

Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network.

Microsoft Null Pointer Dereference Denial Of Service Windows 10 1809 Windows 11 24h2 +14
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2025-33056 HIGH PATCH This Week

Network-accessible denial-of-service vulnerability in Microsoft's Local Security Authority Server (lsasrv) caused by improper access control (CWE-284). An unauthenticated remote attacker can exploit this with low complexity to render the LSA service unavailable, affecting authentication and security policy enforcement on affected Windows systems. The CVSS 7.5 severity reflects the high availability impact; however, real-world risk depends on EPSS score, KEV candidacy status, and active exploitation data not provided in the source materials.

Microsoft Windows Denial Of Service Windows Server 2022 Windows 11 22h2 +13
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2025-33053 HIGH POC KEV PATCH THREAT Act Now

Windows Internet Shortcut Files (.url) contain an external control vulnerability (CVE-2025-33053, CVSS 8.8) that enables remote code execution over a network. KEV-listed with EPSS 48.5% and public PoC, this vulnerability allows attackers to craft malicious .url files that execute arbitrary code when opened, bypassing the security restrictions normally applied to internet-sourced shortcut files.

Microsoft Windows RCE Path Traversal Windows Server 2016 +14
NVD
CVSS 3.1
8.8
EPSS
48.5%
Threat
6.2
CVE-2025-32724 HIGH PATCH Act Now

Windows Local Security Authority Subsystem Service (LSASS) contains an uncontrolled resource consumption vulnerability that allows unauthenticated remote attackers to cause a denial of service. Crashing or degrading LSASS disrupts all authentication and authorization on the affected Windows server, effectively taking the system offline.

Microsoft Authentication Bypass Windows 10 21h2 Windows Server 2012 Windows 11 24h2 +13
NVD
CVSS 3.1
7.5
EPSS
28.3%
CVE-2025-32716 HIGH PATCH This Week

CVE-2025-32716 is an out-of-bounds read vulnerability in Windows Media that allows an authenticated local attacker to achieve privilege escalation on affected systems. The vulnerability has a CVSS score of 7.8 (high severity) due to its impact on confidentiality, integrity, and availability. Without confirmation of KEV status, active exploitation, or public POC availability from the provided data, the real-world risk assessment requires evaluation against the moderate attack complexity (local access required, authenticated user needed).

Microsoft Windows Privilege Escalation Windows Server 2022 Windows Server 2019 +11
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-32715 MEDIUM PATCH This Month

Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network.

Buffer Overflow Information Disclosure Windows 10 1809 Windows Server 2022 23h2 Windows Server 2019 +15
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2025-32714 HIGH PATCH This Week

Local privilege escalation vulnerability in Windows Installer caused by improper access control (CWE-284) that allows an authorized local attacker to elevate privileges without user interaction. The vulnerability affects Windows Installer components across multiple Windows versions and has a CVSS score of 7.8 (High severity). Without confirmation of KEV status or active exploitation data, the high CVSS vector (Low attack complexity, Low privileges required) indicates this represents a significant risk to systems where local user accounts exist.

Microsoft Windows Privilege Escalation Windows 11 24h2 Windows Server 2022 23h2 +13
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-32713 HIGH PATCH This Week

Heap-based buffer overflow vulnerability in the Windows Common Log File System (CLFS) Driver that allows local authenticated attackers to achieve privilege escalation with high confidence of exploitation. The vulnerability affects Windows systems with the CLFS driver enabled and requires local access with standard user privileges; successful exploitation grants complete system compromise including code execution at SYSTEM level. While no public POC is confirmed in available intelligence, the straightforward nature of heap overflows and the high CVSS score (7.8) with low attack complexity indicate active research interest and potential for rapid weaponization.

Microsoft Buffer Overflow Windows Privilege Escalation Windows 10 1809 +14
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-32712 HIGH PATCH This Week

Use-after-free vulnerability in the Windows Win32K graphics subsystem (GRFX component) that allows a locally authenticated attacker to achieve arbitrary code execution and privilege escalation without user interaction. The vulnerability affects Windows systems with affected Win32K versions and carries a CVSS score of 7.8 (high severity). Given the local attack vector requirement and the need for prior authentication, real-world exploitation is constrained to insider threats or attackers who have already achieved initial access; however, the severity of the impact (complete system compromise) makes this a critical priority for patching.

Use After Free Microsoft Windows Privilege Escalation Windows Server 2022 23h2 +14
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-32710 HIGH PATCH This Week

Use-after-free vulnerability in Windows Remote Desktop Services (RDS) that allows unauthenticated network attackers to execute arbitrary code with high complexity requirements. The vulnerability affects Windows systems running RDS and represents a critical remote code execution risk; exploitation requires network access but no user interaction, though attack complexity is rated as high. If this CVE has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog, it indicates active exploitation in the wild and should be treated as an immediate priority.

Microsoft Windows Use After Free Windows Server 2025 Windows Server 2022 23h2 +6
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2025-32709 HIGH KEV THREAT Act Now

Windows Ancillary Function Driver for WinSock contains a use-after-free enabling local privilege escalation through a null pointer dereference, exploited in May 2025.

Use After Free Memory Corruption Microsoft Denial Of Service Windows 10 1507 +15
NVD VulDB
CVSS 3.1
7.8
EPSS
1.0%
CVE-2025-32707 HIGH This Week

Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow Windows 10 1507 Windows 10 1607 +6
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2025-32706 HIGH POC KEV THREAT Act Now

Windows CLFS Driver contains an input validation flaw enabling local privilege escalation, yet another CLFS kernel vulnerability in the May 2025 Patch Tuesday.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.8
EPSS
1.3%
EPSS 0% CVSS 7.8
HIGH This Week

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Race Condition +16
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Use after free in Windows Message Queuing allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Microsoft Race Condition +16
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Weak authentication in Windows Installer allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 +15
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Integer overflow or wraparound in Windows Distributed Transaction Coordinator allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Integer Overflow +16
NVD
EPSS 0% CVSS 8.0
HIGH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft +8
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft +8
NVD
EPSS 0% CVSS 8.0
HIGH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft +8
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft +16
NVD
EPSS 0% CVSS 8.0
HIGH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft +8
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Time-of-check time-of-use (toctou) race condition in Windows NTFS allows an unauthorized attacker to disclose information locally. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 +15
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2008 +7
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2008 +7
NVD
EPSS 15% CVSS 6.5
MEDIUM POC THREAT This Month

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 15.1%.

Microsoft Information Disclosure Windows 10 1507 +15
NVD GitHub Exploit-DB
EPSS 0% CVSS 7.8
HIGH This Week

Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +14
NVD
EPSS 0% CVSS 7.0
HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Microsoft Race Condition +16
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +17
NVD
EPSS 0% CVSS 8.8
HIGH This Month

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft +8
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7). No vendor patch available.

Information Disclosure Microsoft Race Condition +15
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow +8
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally.

Microsoft Heap Overflow Buffer Overflow +15
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Microsoft Heap Overflow Buffer Overflow +15
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally.

Microsoft Heap Overflow Buffer Overflow +16
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow +8
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

Microsoft Heap Overflow Buffer Overflow +16
NVD
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

Uncontrolled resource consumption in Windows Print Spooler Components allows an authorized attacker to deny service over an adjacent network.

Microsoft Denial Of Service Windows 10 21h2 +15
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Heap-based buffer overflow in Windows Fast FAT Driver allows an unauthorized attacker to elevate privileges locally.

Microsoft Heap Overflow Buffer Overflow +16
NVD
EPSS 9% CVSS 7.5
HIGH PATCH This Week

Uncontrolled resource consumption in Windows Netlogon allows an unauthorized attacker to deny service over a network.

Microsoft Denial Of Service Windows Server 2012 +6
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.

Information Disclosure Buffer Overflow Windows Server 2022 23h2 +15
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Null pointer dereference in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

Microsoft Null Pointer Dereference Denial Of Service +16
NVD
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execute code locally.

Heap Overflow Buffer Overflow Windows 10 22h2 +15
NVD Exploit-DB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Buffer Overflow +8
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A privilege escalation vulnerability in Numeric truncation error in Windows Shell (CVSS 7.8) that allows an authorized attacker. High severity vulnerability requiring prompt remediation.

Microsoft Information Disclosure Windows 10 22h2 +15
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Null pointer dereference in Windows NTFS allows an authorized attacker to elevate privileges locally.

Microsoft Race Condition Denial Of Service +16
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow +8
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use after free in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.

Use After Free Memory Corruption Denial Of Service +16
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow +8
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow +8
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow +8
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Buffer Overflow +8
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow +8
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow +8
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow +8
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A privilege escalation vulnerability in Double free in Windows Win32K - ICOMP (CVSS 7.8) that allows an authorized attacker. High severity vulnerability requiring prompt remediation.

Microsoft Information Disclosure Windows Server 2025 +15
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows User-Mode Driver Framework Host allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows Server 2019 +15
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow +8
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A privilege escalation vulnerability in Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock (CVSS 7.8) that allows an authorized attacker. High severity vulnerability requiring prompt remediation.

Microsoft Information Disclosure Windows Server 2008 +15
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.

Microsoft Buffer Overflow Windows Server 2025 +15
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Out-of-bounds read in Windows TDX.sys allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Buffer Overflow +16
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow +8
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow +8
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.

Microsoft Use After Free Memory Corruption +17
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.

Microsoft Information Disclosure Windows 11 22h2 +15
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Path Traversal Windows 10 21h2 Windows 10 1809 +16
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Integer overflow or wraparound in HID class driver allows an authorized attacker to elevate privileges locally.

Information Disclosure Buffer Overflow Windows 11 22h2 +15
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Access of resource using incompatible type ('type confusion') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure Memory Corruption +16
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an unauthorized attacker to bypass a security feature over a network.

Microsoft Authentication Bypass Windows Server 2022 23h2 +14
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows Server 2019 +15
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use after free in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally.

Microsoft Use After Free Memory Corruption +16
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Heap-based buffer overflow in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally.

Microsoft Heap Overflow Buffer Overflow +15
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow +8
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Integer underflow (wrap or wraparound) in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure Buffer Overflow +16
NVD
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally.

Microsoft Heap Overflow Buffer Overflow +16
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Universal Print Management Service allows an authorized attacker to elevate privileges locally.

Use After Free Memory Corruption Denial Of Service +16
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A privilege escalation vulnerability in Untrusted pointer dereference in Windows Event Tracing (CVSS 7.8) that allows an authorized attacker. High severity vulnerability requiring prompt remediation.

Microsoft Information Disclosure Windows 10 1607 +15
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Windows Server 2008 +15
NVD
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow +16
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an unauthorized attacker to disclose information locally.

Microsoft Information Disclosure Windows Server 2022 +15
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

Microsoft Use After Free Memory Corruption +17
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

A privilege escalation vulnerability in Double free in Windows SSDP Service (CVSS 7.0) that allows an authorized attacker. High severity vulnerability requiring prompt remediation.

Microsoft Information Disclosure Windows 10 1809 +15
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.

Buffer Overflow Windows Server 2008 Windows Server 2016 +14
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.

Buffer Overflow Windows 10 22h2 Windows 10 1607 +14
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Privilege escalation vulnerability in Windows Remote Access Connection Manager that allows an authenticated local attacker to elevate privileges to a higher integrity level without user interaction. The vulnerability affects Windows systems with Remote Access Connection Manager enabled and has a CVSS score of 7.8 (High severity). While no active exploitation in the wild has been publicly confirmed at this time, the local attack vector combined with low complexity and no user interaction requirement makes this a significant risk for multi-user or compromised systems where an attacker already has local access.

Microsoft Privilege Escalation Windows +15
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Privilege escalation vulnerability in Windows Installer that exploits improper symlink/junction handling (CWE-59: link following) to allow an authorized local attacker to elevate privileges without user interaction. With a CVSS score of 7.8 and CVSS vector indicating local attack vector with low complexity and no user interaction required, this vulnerability affects Windows Installer across multiple versions. Real-world risk depends on KEV/CISA status and EPSS probability, which should be cross-referenced against active exploitation reports and POC availability.

Microsoft Windows Privilege Escalation +15
NVD
EPSS 58% 6.5 CVSS 8.8
HIGH POC KEV PATCH THREAT Act Now

Windows SMB contains an improper access control vulnerability (CVE-2025-33073, CVSS 8.8) enabling authenticated attackers to escalate privileges over the network. KEV-listed with EPSS 57.6% and public PoC, this vulnerability in the core Windows file sharing protocol affects every Windows system on the network, enabling lateral movement from any compromised domain account to SYSTEM-level access on SMB-accessible systems.

Microsoft Information Disclosure Windows Server 2022 +16
NVD Exploit-DB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Use-of-uninitialized-resource vulnerability in Windows Netlogon that allows unauthenticated network attackers to achieve privilege escalation through a complex exploitation path. The vulnerability affects Windows systems running Netlogon services and enables remote code execution with high impact on confidentiality, integrity, and availability. Given the network-based attack vector and lack of authentication requirements, this represents a significant threat to networked Windows environments, though exploitation requires specific conditions (high attack complexity).

Microsoft Authentication Bypass Windows 11 24h2 +15
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service (RRAS) that allows unauthenticated remote attackers to execute arbitrary code over the network with user interaction. This is a critical network-accessible vulnerability affecting Windows systems running RRAS; successful exploitation grants the attacker complete system compromise with high confidentiality, integrity, and availability impact. The CVSS 8.8 score reflects the severity, though real-world exploitation probability and active KEV status would determine if this is actively weaponized.

Microsoft Buffer Overflow Windows 11 23h2 +15
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service (RRAS) that allows authenticated network attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. This is a critical vulnerability affecting RRAS implementations across Windows Server and client operating systems; exploitation requires valid credentials but no user interaction, making it suitable for lateral movement and privilege escalation scenarios within compromised networks.

Microsoft Buffer Overflow Windows Server 2025 +15
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network.

Microsoft Null Pointer Dereference Denial Of Service +16
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Network-accessible denial-of-service vulnerability in Microsoft's Local Security Authority Server (lsasrv) caused by improper access control (CWE-284). An unauthenticated remote attacker can exploit this with low complexity to render the LSA service unavailable, affecting authentication and security policy enforcement on affected Windows systems. The CVSS 7.5 severity reflects the high availability impact; however, real-world risk depends on EPSS score, KEV candidacy status, and active exploitation data not provided in the source materials.

Microsoft Windows Denial Of Service +15
NVD
EPSS 49% 6.2 CVSS 8.8
HIGH POC KEV PATCH THREAT Act Now

Windows Internet Shortcut Files (.url) contain an external control vulnerability (CVE-2025-33053, CVSS 8.8) that enables remote code execution over a network. KEV-listed with EPSS 48.5% and public PoC, this vulnerability allows attackers to craft malicious .url files that execute arbitrary code when opened, bypassing the security restrictions normally applied to internet-sourced shortcut files.

Microsoft Windows RCE +16
NVD
EPSS 28% CVSS 7.5
HIGH PATCH Act Now

Windows Local Security Authority Subsystem Service (LSASS) contains an uncontrolled resource consumption vulnerability that allows unauthenticated remote attackers to cause a denial of service. Crashing or degrading LSASS disrupts all authentication and authorization on the affected Windows server, effectively taking the system offline.

Microsoft Authentication Bypass Windows 10 21h2 +15
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

CVE-2025-32716 is an out-of-bounds read vulnerability in Windows Media that allows an authenticated local attacker to achieve privilege escalation on affected systems. The vulnerability has a CVSS score of 7.8 (high severity) due to its impact on confidentiality, integrity, and availability. Without confirmation of KEV status, active exploitation, or public POC availability from the provided data, the real-world risk assessment requires evaluation against the moderate attack complexity (local access required, authenticated user needed).

Microsoft Windows Privilege Escalation +13
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network.

Buffer Overflow Information Disclosure Windows 10 1809 +17
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation vulnerability in Windows Installer caused by improper access control (CWE-284) that allows an authorized local attacker to elevate privileges without user interaction. The vulnerability affects Windows Installer components across multiple Windows versions and has a CVSS score of 7.8 (High severity). Without confirmation of KEV status or active exploitation data, the high CVSS vector (Low attack complexity, Low privileges required) indicates this represents a significant risk to systems where local user accounts exist.

Microsoft Windows Privilege Escalation +15
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Heap-based buffer overflow vulnerability in the Windows Common Log File System (CLFS) Driver that allows local authenticated attackers to achieve privilege escalation with high confidence of exploitation. The vulnerability affects Windows systems with the CLFS driver enabled and requires local access with standard user privileges; successful exploitation grants complete system compromise including code execution at SYSTEM level. While no public POC is confirmed in available intelligence, the straightforward nature of heap overflows and the high CVSS score (7.8) with low attack complexity indicate active research interest and potential for rapid weaponization.

Microsoft Buffer Overflow Windows +16
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free vulnerability in the Windows Win32K graphics subsystem (GRFX component) that allows a locally authenticated attacker to achieve arbitrary code execution and privilege escalation without user interaction. The vulnerability affects Windows systems with affected Win32K versions and carries a CVSS score of 7.8 (high severity). Given the local attack vector requirement and the need for prior authentication, real-world exploitation is constrained to insider threats or attackers who have already achieved initial access; however, the severity of the impact (complete system compromise) makes this a critical priority for patching.

Use After Free Microsoft Windows +16
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Use-after-free vulnerability in Windows Remote Desktop Services (RDS) that allows unauthenticated network attackers to execute arbitrary code with high complexity requirements. The vulnerability affects Windows systems running RDS and represents a critical remote code execution risk; exploitation requires network access but no user interaction, though attack complexity is rated as high. If this CVE has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog, it indicates active exploitation in the wild and should be treated as an immediate priority.

Microsoft Windows Use After Free +8
NVD
EPSS 1% CVSS 7.8
HIGH KEV THREAT Act Now

Windows Ancillary Function Driver for WinSock contains a use-after-free enabling local privilege escalation through a null pointer dereference, exploited in May 2025.

Use After Free Memory Corruption Microsoft +17
NVD VulDB
EPSS 1% CVSS 7.8
HIGH This Week

Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow +8
NVD
EPSS 1% CVSS 7.8
HIGH POC KEV THREAT Act Now

Windows CLFS Driver contains an input validation flaw enabling local privilege escalation, yet another CLFS kernel vulnerability in the May 2025 Patch Tuesday.

Microsoft Information Disclosure Windows 10 1507 +15
NVD
Prev Page 2 of 35 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy