Skip to main content

Windows Server 2012

3705 CVEs product

Monthly

CVE-2025-50163 HIGH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Windows Server 2008 Windows Server 2012 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-50162 HIGH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Windows Server 2008 Windows Server 2012 +6
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-50161 HIGH This Week

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-50160 HIGH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Windows Server 2008 Windows Server 2012 +6
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-50159 HIGH This Week

Use after free in Remote Access Point-to-Point Protocol (PPP) EAP-TLS allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-50158 HIGH This Week

Time-of-check time-of-use (toctou) race condition in Windows NTFS allows an unauthorized attacker to disclose information locally. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-50157 MEDIUM This Month

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2008 Windows Server 2012 Windows Server 2016 +5
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2025-50156 MEDIUM This Month

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2008 Windows Server 2012 Windows Server 2016 +5
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2025-50155 HIGH This Week

Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-50154 MEDIUM POC THREAT This Month

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 15.1%.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
15.1%
CVE-2025-50153 HIGH This Week

Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +12
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49762 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-49761 HIGH This Month

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49757 HIGH This Month

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Windows Server 2008 Windows Server 2012 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49743 MEDIUM This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7). No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2025-49753 HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2025 Windows Server 2019 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49742 HIGH PATCH This Week

Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally.

Microsoft Heap Overflow Buffer Overflow Windows 10 21h2 Windows Server 2008 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49735 HIGH PATCH This Week

Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network.

Microsoft Use After Free Memory Corruption Denial Of Service Windows Server 2025 +6
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-49732 HIGH PATCH This Week

Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Microsoft Heap Overflow Buffer Overflow Windows 10 1809 Windows 10 22h2 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49730 HIGH POC PATCH This Week

Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally.

Microsoft Heap Overflow Buffer Overflow Windows Server 2012 Windows 10 22h2 +14
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2025-49729 HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2012 Windows Server 2019 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49727 HIGH PATCH This Week

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

Microsoft Heap Overflow Buffer Overflow Windows Server 2025 Windows 11 22h2 +14
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-49722 MEDIUM PATCH This Month

Uncontrolled resource consumption in Windows Print Spooler Components allows an authorized attacker to deny service over an adjacent network.

Microsoft Denial Of Service Windows 10 21h2 Windows Server 2016 Windows 10 1507 +13
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2025-49721 HIGH PATCH This Week

Heap-based buffer overflow in Windows Fast FAT Driver allows an unauthorized attacker to elevate privileges locally.

Microsoft Heap Overflow Buffer Overflow Windows Server 2012 Windows Server 2019 +14
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49716 HIGH PATCH This Week

Uncontrolled resource consumption in Windows Netlogon allows an unauthorized attacker to deny service over a network.

Microsoft Denial Of Service Windows Server 2012 Windows Server 2016 Windows Server 2022 +4
NVD
CVSS 3.1
7.5
EPSS
8.7%
CVE-2025-49689 HIGH PATCH This Week

Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.

Information Disclosure Buffer Overflow Windows Server 2022 23h2 Windows Server 2019 Windows 10 22h2 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49688 HIGH PATCH This Week

CVE-2025-49688 is a security vulnerability (CVSS 8.8) that allows an unauthorized attacker. High severity vulnerability requiring prompt remediation.

Microsoft Authentication Bypass Windows Server 2022 Windows Server 2022 23h2 Windows Server 2012 +4
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49687 HIGH PATCH This Week

Out-of-bounds read in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure Buffer Overflow Windows 10 22h2 Windows 11 23h2 +12
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49686 HIGH PATCH This Week

Null pointer dereference in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

Microsoft Null Pointer Dereference Denial Of Service Windows Server 2022 Windows Server 2019 +14
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49684 MEDIUM PATCH This Month

Buffer over-read in Storage Port Driver allows an authorized attacker to disclose information locally.

Buffer Overflow Windows 10 1507 Windows Server 2016 Windows Server 2019 Windows Server 2025 +11
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-49683 HIGH POC PATCH This Week

Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execute code locally.

Heap Overflow Buffer Overflow Windows 10 22h2 Windows 10 21h2 Windows 11 24h2 +13
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-49681 MEDIUM PATCH This Month

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Buffer Overflow Windows Server 2012 Windows Server 2022 +6
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-49679 HIGH PATCH This Week

A privilege escalation vulnerability in Numeric truncation error in Windows Shell (CVSS 7.8) that allows an authorized attacker. High severity vulnerability requiring prompt remediation.

Microsoft Information Disclosure Windows 10 22h2 Windows Server 2019 Windows Server 2016 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49678 HIGH PATCH This Week

Null pointer dereference in Windows NTFS allows an authorized attacker to elevate privileges locally.

Microsoft Race Condition Denial Of Service Windows Server 2016 Windows 10 22h2 +14
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-49676 HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2022 23h2 Windows Server 2025 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49675 HIGH PATCH This Week

Use after free in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.

Use After Free Memory Corruption Denial Of Service Windows Server 2025 Windows 10 22h2 +14
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49674 HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2022 23h2 Windows Server 2022 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49673 HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2016 Windows Server 2012 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49672 HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2019 Windows Server 2025 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49671 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Buffer Overflow Windows Server 2022 Windows Server 2025 +6
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-49670 MEDIUM PATCH This Month

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2012 Windows Server 2025 +6
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-49669 HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2008 Windows Server 2019 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49668 HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2008 Windows Server 2012 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49667 HIGH PATCH This Week

A privilege escalation vulnerability in Double free in Windows Win32K - ICOMP (CVSS 7.8) that allows an authorized attacker. High severity vulnerability requiring prompt remediation.

Microsoft Information Disclosure Windows Server 2025 Windows 10 1809 Windows Server 2012 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49665 HIGH PATCH This Week

Concurrent execution using shared resource with improper synchronization ('race condition') in Workspace Broker allows an authorized attacker to elevate privileges locally.

Race Condition Information Disclosure Windows 10 1607 Windows Server 2022 Windows 10 1507 +12
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49664 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows User-Mode Driver Framework Host allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows Server 2019 Windows 11 22h2 Windows 10 21h2 +13
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-49663 HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2019 Windows Server 2025 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49661 HIGH PATCH This Week

A privilege escalation vulnerability in Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock (CVSS 7.8) that allows an authorized attacker. High severity vulnerability requiring prompt remediation.

Microsoft Information Disclosure Windows Server 2008 Windows Server 2022 23h2 Windows 10 1507 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49660 HIGH PATCH This Week

Use after free in Windows Event Tracing allows an authorized attacker to elevate privileges locally.

Microsoft Use After Free Memory Corruption Denial Of Service Windows 10 21h2 +14
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49659 HIGH PATCH This Week

Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.

Microsoft Buffer Overflow Windows Server 2025 Windows 10 1809 Windows Server 2019 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49658 MEDIUM PATCH This Month

Out-of-bounds read in Windows TDX.sys allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Buffer Overflow Windows Server 2019 Windows Server 2012 +14
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-49657 HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2016 Windows Server 2008 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-48824 HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2012 Windows Server 2008 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-48821 HIGH PATCH This Week

Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.

Microsoft Use After Free Memory Corruption Denial Of Service Windows 10 1507 +15
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-48819 HIGH PATCH This Week

Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.

Microsoft Information Disclosure Windows 11 22h2 Windows 10 1809 Windows Server 2022 23h2 +13
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-48817 HIGH PATCH This Week

Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Path Traversal Windows 10 21h2 Windows 10 1809 Windows Server 2025 Windows Server 2008 +14
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-48816 HIGH PATCH This Week

Integer overflow or wraparound in HID class driver allows an authorized attacker to elevate privileges locally.

Information Disclosure Buffer Overflow Windows 11 22h2 Windows Server 2022 23h2 Windows 10 22h2 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-48815 HIGH PATCH This Week

Access of resource using incompatible type ('type confusion') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure Memory Corruption Windows 10 1607 Windows Server 2016 +14
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-48814 HIGH PATCH This Week

Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an unauthorized attacker to bypass a security feature over a network.

Microsoft Authentication Bypass Windows Server 2022 23h2 Windows Server 2008 Windows 10 1809 +12
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-48808 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows Server 2019 Windows Server 2022 23h2 Windows Server 2025 +13
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-48806 HIGH PATCH This Week

Use after free in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally.

Microsoft Use After Free Memory Corruption Denial Of Service Windows Server 2008 +14
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-48805 HIGH PATCH This Week

Heap-based buffer overflow in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally.

Microsoft Heap Overflow Buffer Overflow Windows Server 2025 Windows 10 21h2 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-48804 MEDIUM PATCH This Month

A security vulnerability in Acceptance of extraneous untrusted data with trusted data in Windows BitLocker (CVSS 6.8) that allows an unauthorized attacker. Remediation should follow standard vulnerability management procedures.

Microsoft Authentication Bypass Windows 10 1507 Windows 11 23h2 Windows 10 1607 +12
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-48001 MEDIUM PATCH This Month

Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

Microsoft Authentication Bypass Windows 10 1507 Windows 11 24h2 Windows 10 21h2 +12
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-47998 HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2019 Windows Server 2016 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-47996 HIGH PATCH This Week

Integer underflow (wrap or wraparound) in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure Buffer Overflow Windows Server 2016 Windows 10 1507 +14
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-47987 HIGH POC PATCH This Week

Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally.

Microsoft Heap Overflow Buffer Overflow Windows Server 2012 Windows Server 2019 +14
NVD Exploit-DB VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-47986 HIGH PATCH This Week

Use after free in Universal Print Management Service allows an authorized attacker to elevate privileges locally.

Use After Free Memory Corruption Denial Of Service Windows Server 2022 Windows 10 1809 +14
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-47985 HIGH PATCH This Week

A privilege escalation vulnerability in Untrusted pointer dereference in Windows Event Tracing (CVSS 7.8) that allows an authorized attacker. High severity vulnerability requiring prompt remediation.

Microsoft Information Disclosure Windows 10 1607 Windows 11 23h2 Windows 10 1507 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-47984 HIGH PATCH This Week

Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Windows Server 2008 Windows 11 22h2 Windows 10 22h2 +13
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-47981 CRITICAL POC PATCH Act Now

Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows 10 21h2 Windows 11 23h2 +14
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2025-47980 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an unauthorized attacker to disclose information locally.

Microsoft Information Disclosure Windows Server 2022 Windows 11 24h2 Windows 10 1809 +13
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2025-47976 HIGH PATCH This Week

Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

Microsoft Use After Free Memory Corruption Denial Of Service Windows Server 2022 23h2 +15
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-47975 HIGH PATCH This Week

A privilege escalation vulnerability in Double free in Windows SSDP Service (CVSS 7.0) that allows an authorized attacker. High severity vulnerability requiring prompt remediation.

Microsoft Information Disclosure Windows 10 1809 Windows 11 22h2 Windows 11 24h2 +13
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-47973 HIGH PATCH This Week

Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.

Buffer Overflow Windows Server 2008 Windows Server 2016 Windows 10 21h2 Windows Server 2012 +12
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-47971 HIGH PATCH This Week

Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.

Buffer Overflow Windows 10 22h2 Windows 10 1607 Windows 10 1507 Windows 10 1809 +12
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-47955 HIGH PATCH This Week

Privilege escalation vulnerability in Windows Remote Access Connection Manager that allows an authenticated local attacker to elevate privileges to a higher integrity level without user interaction. The vulnerability affects Windows systems with Remote Access Connection Manager enabled and has a CVSS score of 7.8 (High severity). While no active exploitation in the wild has been publicly confirmed at this time, the local attack vector combined with low complexity and no user interaction requirement makes this a significant risk for multi-user or compromised systems where an attacker already has local access.

Microsoft Privilege Escalation Windows Windows Server 2022 Windows 10 1507 +13
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-47160 MEDIUM PATCH This Month

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

Microsoft Authentication Bypass Windows 10 1507 Windows 11 24h2 Windows Server 2016 +12
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2025-33075 HIGH PATCH This Week

Privilege escalation vulnerability in Windows Installer that exploits improper symlink/junction handling (CWE-59: link following) to allow an authorized local attacker to elevate privileges without user interaction. With a CVSS score of 7.8 and CVSS vector indicating local attack vector with low complexity and no user interaction required, this vulnerability affects Windows Installer across multiple versions. Real-world risk depends on KEV/CISA status and EPSS probability, which should be cross-referenced against active exploitation reports and POC availability.

Microsoft Windows Privilege Escalation Windows Server 2019 Windows Server 2025 +13
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2025-33073 HIGH POC KEV PATCH THREAT Act Now

Windows SMB contains an improper access control vulnerability (CVE-2025-33073, CVSS 8.8) enabling authenticated attackers to escalate privileges over the network. KEV-listed with EPSS 57.6% and public PoC, this vulnerability in the core Windows file sharing protocol affects every Windows system on the network, enabling lateral movement from any compromised domain account to SYSTEM-level access on SMB-accessible systems.

Microsoft Information Disclosure Windows Server 2022 Windows 11 24h2 Windows 10 21h2 +14
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
57.6%
Threat
6.5
CVE-2025-33071 HIGH PATCH This Week

Use-after-free memory corruption vulnerability in Windows KDC Proxy Service (KPSSVC) that allows unauthenticated network attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. The vulnerability affects Windows systems running the Kerberos KDC Proxy Service and represents a critical remote code execution risk in Active Directory environments. While specific KEV/POC status and EPSS scores are not provided in the source data, the network attack vector combined with high CVSS 8.1 score and remote code execution capability indicates this is a significant priority for organizations relying on Windows authentication infrastructure.

Use After Free Microsoft Windows RCE Windows Server 2022 23h2 +5
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-33070 HIGH PATCH This Week

Use-of-uninitialized-resource vulnerability in Windows Netlogon that allows unauthenticated network attackers to achieve privilege escalation through a complex exploitation path. The vulnerability affects Windows systems running Netlogon services and enables remote code execution with high impact on confidentiality, integrity, and availability. Given the network-based attack vector and lack of authentication requirements, this represents a significant threat to networked Windows environments, though exploitation requires specific conditions (high attack complexity).

Microsoft Authentication Bypass Windows 11 24h2 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2025-33068 HIGH PATCH Act Now

Windows Standards-Based Storage Management Service contains an uncontrolled resource consumption vulnerability allowing unauthenticated network attackers to cause denial of service. The service manages storage operations and its disruption affects storage provisioning and management on Windows servers.

Microsoft Denial Of Service Windows Windows Server 2012 Windows Server 2019 +3
NVD
CVSS 3.1
7.5
EPSS
26.8%
CVE-2025-33066 HIGH PATCH This Week

Heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service (RRAS) that allows unauthenticated remote attackers to execute arbitrary code over the network with user interaction. This is a critical network-accessible vulnerability affecting Windows systems running RRAS; successful exploitation grants the attacker complete system compromise with high confidentiality, integrity, and availability impact. The CVSS 8.8 score reflects the severity, though real-world exploitation probability and active KEV status would determine if this is actively weaponized.

Microsoft Buffer Overflow Windows 11 23h2 Windows 10 1809 Windows Server 2019 +13
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-33064 HIGH PATCH This Week

Heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service (RRAS) that allows authenticated network attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. This is a critical vulnerability affecting RRAS implementations across Windows Server and client operating systems; exploitation requires valid credentials but no user interaction, making it suitable for lateral movement and privilege escalation scenarios within compromised networks.

Microsoft Buffer Overflow Windows Server 2025 Windows 11 23h2 Windows 10 1507 +13
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-33060 MEDIUM PATCH This Month

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Microsoft Buffer Overflow Information Disclosure Windows 10 21h2 Windows 10 22h2 +13
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-33057 MEDIUM PATCH This Month

Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network.

Microsoft Null Pointer Dereference Denial Of Service Windows 10 1809 Windows 11 24h2 +14
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2025-33056 HIGH PATCH This Week

Network-accessible denial-of-service vulnerability in Microsoft's Local Security Authority Server (lsasrv) caused by improper access control (CWE-284). An unauthenticated remote attacker can exploit this with low complexity to render the LSA service unavailable, affecting authentication and security policy enforcement on affected Windows systems. The CVSS 7.5 severity reflects the high availability impact; however, real-world risk depends on EPSS score, KEV candidacy status, and active exploitation data not provided in the source materials.

Microsoft Windows Denial Of Service Windows Server 2022 Windows 11 22h2 +13
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2025-33053 HIGH POC KEV PATCH THREAT Act Now

Windows Internet Shortcut Files (.url) contain an external control vulnerability (CVE-2025-33053, CVSS 8.8) that enables remote code execution over a network. KEV-listed with EPSS 48.5% and public PoC, this vulnerability allows attackers to craft malicious .url files that execute arbitrary code when opened, bypassing the security restrictions normally applied to internet-sourced shortcut files.

Microsoft Windows RCE Path Traversal Windows Server 2016 +14
NVD
CVSS 3.1
8.8
EPSS
48.5%
Threat
6.2
CVE-2025-32724 HIGH PATCH Act Now

Windows Local Security Authority Subsystem Service (LSASS) contains an uncontrolled resource consumption vulnerability that allows unauthenticated remote attackers to cause a denial of service. Crashing or degrading LSASS disrupts all authentication and authorization on the affected Windows server, effectively taking the system offline.

Microsoft Authentication Bypass Windows 10 21h2 Windows Server 2012 Windows 11 24h2 +13
NVD
CVSS 3.1
7.5
EPSS
28.3%
EPSS 0% CVSS 8.8
HIGH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft +8
NVD
EPSS 0% CVSS 8.0
HIGH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft +8
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft +16
NVD
EPSS 0% CVSS 8.0
HIGH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft +8
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Use after free in Remote Access Point-to-Point Protocol (PPP) EAP-TLS allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +15
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Time-of-check time-of-use (toctou) race condition in Windows NTFS allows an unauthorized attacker to disclose information locally. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 +15
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2008 +7
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2008 +7
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft +15
NVD
EPSS 15% CVSS 6.5
MEDIUM POC THREAT This Month

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 15.1%.

Microsoft Information Disclosure Windows 10 1507 +15
NVD GitHub Exploit-DB
EPSS 0% CVSS 7.8
HIGH This Week

Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +14
NVD
EPSS 0% CVSS 7.0
HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Microsoft Race Condition +16
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +17
NVD
EPSS 0% CVSS 8.8
HIGH This Month

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft +8
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7). No vendor patch available.

Information Disclosure Microsoft Race Condition +15
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow +8
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally.

Microsoft Heap Overflow Buffer Overflow +15
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network.

Microsoft Use After Free Memory Corruption +8
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Microsoft Heap Overflow Buffer Overflow +15
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally.

Microsoft Heap Overflow Buffer Overflow +16
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow +8
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

Microsoft Heap Overflow Buffer Overflow +16
NVD
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

Uncontrolled resource consumption in Windows Print Spooler Components allows an authorized attacker to deny service over an adjacent network.

Microsoft Denial Of Service Windows 10 21h2 +15
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Heap-based buffer overflow in Windows Fast FAT Driver allows an unauthorized attacker to elevate privileges locally.

Microsoft Heap Overflow Buffer Overflow +16
NVD
EPSS 9% CVSS 7.5
HIGH PATCH This Week

Uncontrolled resource consumption in Windows Netlogon allows an unauthorized attacker to deny service over a network.

Microsoft Denial Of Service Windows Server 2012 +6
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.

Information Disclosure Buffer Overflow Windows Server 2022 23h2 +15
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

CVE-2025-49688 is a security vulnerability (CVSS 8.8) that allows an unauthorized attacker. High severity vulnerability requiring prompt remediation.

Microsoft Authentication Bypass Windows Server 2022 +6
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out-of-bounds read in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure Buffer Overflow +14
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Null pointer dereference in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

Microsoft Null Pointer Dereference Denial Of Service +16
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Buffer over-read in Storage Port Driver allows an authorized attacker to disclose information locally.

Buffer Overflow Windows 10 1507 Windows Server 2016 +13
NVD
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execute code locally.

Heap Overflow Buffer Overflow Windows 10 22h2 +15
NVD Exploit-DB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Buffer Overflow +8
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A privilege escalation vulnerability in Numeric truncation error in Windows Shell (CVSS 7.8) that allows an authorized attacker. High severity vulnerability requiring prompt remediation.

Microsoft Information Disclosure Windows 10 22h2 +15
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Null pointer dereference in Windows NTFS allows an authorized attacker to elevate privileges locally.

Microsoft Race Condition Denial Of Service +16
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow +8
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use after free in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.

Use After Free Memory Corruption Denial Of Service +16
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow +8
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow +8
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow +8
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Buffer Overflow +8
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow +8
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow +8
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow +8
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A privilege escalation vulnerability in Double free in Windows Win32K - ICOMP (CVSS 7.8) that allows an authorized attacker. High severity vulnerability requiring prompt remediation.

Microsoft Information Disclosure Windows Server 2025 +15
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Concurrent execution using shared resource with improper synchronization ('race condition') in Workspace Broker allows an authorized attacker to elevate privileges locally.

Race Condition Information Disclosure Windows 10 1607 +14
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows User-Mode Driver Framework Host allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows Server 2019 +15
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow +8
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A privilege escalation vulnerability in Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock (CVSS 7.8) that allows an authorized attacker. High severity vulnerability requiring prompt remediation.

Microsoft Information Disclosure Windows Server 2008 +15
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use after free in Windows Event Tracing allows an authorized attacker to elevate privileges locally.

Microsoft Use After Free Memory Corruption +16
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.

Microsoft Buffer Overflow Windows Server 2025 +15
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Out-of-bounds read in Windows TDX.sys allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Buffer Overflow +16
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow +8
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow +8
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.

Microsoft Use After Free Memory Corruption +17
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.

Microsoft Information Disclosure Windows 11 22h2 +15
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Path Traversal Windows 10 21h2 Windows 10 1809 +16
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Integer overflow or wraparound in HID class driver allows an authorized attacker to elevate privileges locally.

Information Disclosure Buffer Overflow Windows 11 22h2 +15
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Access of resource using incompatible type ('type confusion') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure Memory Corruption +16
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an unauthorized attacker to bypass a security feature over a network.

Microsoft Authentication Bypass Windows Server 2022 23h2 +14
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows Server 2019 +15
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use after free in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally.

Microsoft Use After Free Memory Corruption +16
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Heap-based buffer overflow in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally.

Microsoft Heap Overflow Buffer Overflow +15
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

A security vulnerability in Acceptance of extraneous untrusted data with trusted data in Windows BitLocker (CVSS 6.8) that allows an unauthorized attacker. Remediation should follow standard vulnerability management procedures.

Microsoft Authentication Bypass Windows 10 1507 +14
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

Microsoft Authentication Bypass Windows 10 1507 +14
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow +8
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Integer underflow (wrap or wraparound) in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure Buffer Overflow +16
NVD
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally.

Microsoft Heap Overflow Buffer Overflow +16
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Universal Print Management Service allows an authorized attacker to elevate privileges locally.

Use After Free Memory Corruption Denial Of Service +16
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A privilege escalation vulnerability in Untrusted pointer dereference in Windows Event Tracing (CVSS 7.8) that allows an authorized attacker. High severity vulnerability requiring prompt remediation.

Microsoft Information Disclosure Windows 10 1607 +15
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Windows Server 2008 +15
NVD
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow +16
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an unauthorized attacker to disclose information locally.

Microsoft Information Disclosure Windows Server 2022 +15
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

Microsoft Use After Free Memory Corruption +17
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

A privilege escalation vulnerability in Double free in Windows SSDP Service (CVSS 7.0) that allows an authorized attacker. High severity vulnerability requiring prompt remediation.

Microsoft Information Disclosure Windows 10 1809 +15
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.

Buffer Overflow Windows Server 2008 Windows Server 2016 +14
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.

Buffer Overflow Windows 10 22h2 Windows 10 1607 +14
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Privilege escalation vulnerability in Windows Remote Access Connection Manager that allows an authenticated local attacker to elevate privileges to a higher integrity level without user interaction. The vulnerability affects Windows systems with Remote Access Connection Manager enabled and has a CVSS score of 7.8 (High severity). While no active exploitation in the wild has been publicly confirmed at this time, the local attack vector combined with low complexity and no user interaction requirement makes this a significant risk for multi-user or compromised systems where an attacker already has local access.

Microsoft Privilege Escalation Windows +15
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

Microsoft Authentication Bypass Windows 10 1507 +14
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Privilege escalation vulnerability in Windows Installer that exploits improper symlink/junction handling (CWE-59: link following) to allow an authorized local attacker to elevate privileges without user interaction. With a CVSS score of 7.8 and CVSS vector indicating local attack vector with low complexity and no user interaction required, this vulnerability affects Windows Installer across multiple versions. Real-world risk depends on KEV/CISA status and EPSS probability, which should be cross-referenced against active exploitation reports and POC availability.

Microsoft Windows Privilege Escalation +15
NVD
EPSS 58% 6.5 CVSS 8.8
HIGH POC KEV PATCH THREAT Act Now

Windows SMB contains an improper access control vulnerability (CVE-2025-33073, CVSS 8.8) enabling authenticated attackers to escalate privileges over the network. KEV-listed with EPSS 57.6% and public PoC, this vulnerability in the core Windows file sharing protocol affects every Windows system on the network, enabling lateral movement from any compromised domain account to SYSTEM-level access on SMB-accessible systems.

Microsoft Information Disclosure Windows Server 2022 +16
NVD Exploit-DB
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Use-after-free memory corruption vulnerability in Windows KDC Proxy Service (KPSSVC) that allows unauthenticated network attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. The vulnerability affects Windows systems running the Kerberos KDC Proxy Service and represents a critical remote code execution risk in Active Directory environments. While specific KEV/POC status and EPSS scores are not provided in the source data, the network attack vector combined with high CVSS 8.1 score and remote code execution capability indicates this is a significant priority for organizations relying on Windows authentication infrastructure.

Use After Free Microsoft Windows +7
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Use-of-uninitialized-resource vulnerability in Windows Netlogon that allows unauthenticated network attackers to achieve privilege escalation through a complex exploitation path. The vulnerability affects Windows systems running Netlogon services and enables remote code execution with high impact on confidentiality, integrity, and availability. Given the network-based attack vector and lack of authentication requirements, this represents a significant threat to networked Windows environments, though exploitation requires specific conditions (high attack complexity).

Microsoft Authentication Bypass Windows 11 24h2 +15
NVD
EPSS 27% CVSS 7.5
HIGH PATCH Act Now

Windows Standards-Based Storage Management Service contains an uncontrolled resource consumption vulnerability allowing unauthenticated network attackers to cause denial of service. The service manages storage operations and its disruption affects storage provisioning and management on Windows servers.

Microsoft Denial Of Service Windows +5
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service (RRAS) that allows unauthenticated remote attackers to execute arbitrary code over the network with user interaction. This is a critical network-accessible vulnerability affecting Windows systems running RRAS; successful exploitation grants the attacker complete system compromise with high confidentiality, integrity, and availability impact. The CVSS 8.8 score reflects the severity, though real-world exploitation probability and active KEV status would determine if this is actively weaponized.

Microsoft Buffer Overflow Windows 11 23h2 +15
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service (RRAS) that allows authenticated network attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. This is a critical vulnerability affecting RRAS implementations across Windows Server and client operating systems; exploitation requires valid credentials but no user interaction, making it suitable for lateral movement and privilege escalation scenarios within compromised networks.

Microsoft Buffer Overflow Windows Server 2025 +15
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Microsoft Buffer Overflow Information Disclosure +15
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network.

Microsoft Null Pointer Dereference Denial Of Service +16
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Network-accessible denial-of-service vulnerability in Microsoft's Local Security Authority Server (lsasrv) caused by improper access control (CWE-284). An unauthenticated remote attacker can exploit this with low complexity to render the LSA service unavailable, affecting authentication and security policy enforcement on affected Windows systems. The CVSS 7.5 severity reflects the high availability impact; however, real-world risk depends on EPSS score, KEV candidacy status, and active exploitation data not provided in the source materials.

Microsoft Windows Denial Of Service +15
NVD
EPSS 49% 6.2 CVSS 8.8
HIGH POC KEV PATCH THREAT Act Now

Windows Internet Shortcut Files (.url) contain an external control vulnerability (CVE-2025-33053, CVSS 8.8) that enables remote code execution over a network. KEV-listed with EPSS 48.5% and public PoC, this vulnerability allows attackers to craft malicious .url files that execute arbitrary code when opened, bypassing the security restrictions normally applied to internet-sourced shortcut files.

Microsoft Windows RCE +16
NVD
EPSS 28% CVSS 7.5
HIGH PATCH Act Now

Windows Local Security Authority Subsystem Service (LSASS) contains an uncontrolled resource consumption vulnerability that allows unauthenticated remote attackers to cause a denial of service. Crashing or degrading LSASS disrupts all authentication and authorization on the affected Windows server, effectively taking the system offline.

Microsoft Authentication Bypass Windows 10 21h2 +15
NVD
Prev Page 5 of 42 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy