Skip to main content

Windows Server 2016

4507 CVEs product

Monthly

CVE-2025-53725 HIGH This Week

Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-53724 HIGH This Week

Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-53723 HIGH This Week

Numeric truncation error in Windows Hyper-V allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53722 HIGH Act Now

Uncontrolled resource consumption in Windows Remote Desktop Services allows an unauthorized attacker to deny service over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.2% and no vendor patch available.

Denial Of Service Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.5
EPSS
10.2%
CVE-2025-53720 HIGH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Windows Server 2008 Windows Server 2012 +6
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-53719 MEDIUM This Month

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2008 Windows Server 2012 Windows Server 2016 +5
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2025-53718 HIGH This Week

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-53155 HIGH This Week

Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53154 HIGH This Week

Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Microsoft Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53153 MEDIUM This Month

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2008 Windows Server 2012 Windows Server 2016 +5
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2025-53152 HIGH This Week

Use after free in Desktop Windows Manager allows an authorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +12
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53149 HIGH POC This Week

Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2025-53148 MEDIUM This Month

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2008 Windows Server 2012 Windows Server 2016 +5
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2025-53147 HIGH This Week

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-53145 HIGH This Week

Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2025-53144 HIGH This Week

Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2025-53143 HIGH This Week

Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2025-53141 HIGH This Week

Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Microsoft Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53140 HIGH This Week

Use after free in Kernel Transaction Manager allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-53138 MEDIUM This Month

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2008 Windows Server 2012 Windows Server 2016 +5
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2025-53137 HIGH This Month

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-53136 MEDIUM This Month

Exposure of sensitive information to an unauthorized actor in Windows NT OS Kernel allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-53135 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-53134 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-53132 HIGH This Week

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-50177 HIGH CERT-EU This Week

Use after free in Windows Message Queuing allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Microsoft Race Condition Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-50173 HIGH This Week

Weak authentication in Windows Installer allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-50167 HIGH This Week

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-50166 MEDIUM This Month

Integer overflow or wraparound in Windows Distributed Transaction Coordinator allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Integer Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-50164 HIGH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Windows Server 2008 Windows Server 2012 +6
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-50163 HIGH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Windows Server 2008 Windows Server 2012 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-50162 HIGH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Windows Server 2008 Windows Server 2012 +6
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-50161 HIGH This Week

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-50160 HIGH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Windows Server 2008 Windows Server 2012 +6
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-50159 HIGH This Week

Use after free in Remote Access Point-to-Point Protocol (PPP) EAP-TLS allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-50158 HIGH This Week

Time-of-check time-of-use (toctou) race condition in Windows NTFS allows an unauthorized attacker to disclose information locally. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-50157 MEDIUM This Month

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2008 Windows Server 2012 Windows Server 2016 +5
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2025-50156 MEDIUM This Month

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2008 Windows Server 2012 Windows Server 2016 +5
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2025-50155 HIGH This Week

Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-50154 MEDIUM POC THREAT This Month

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 15.1%.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
15.1%
CVE-2025-50153 HIGH This Week

Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +12
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49762 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-49761 HIGH This Month

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49757 HIGH This Month

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Windows Server 2008 Windows Server 2012 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49751 MEDIUM This Month

Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1607 Windows 10 1809 Windows 10 21h2 +10
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2025-49743 MEDIUM This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7). No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2025-48807 MEDIUM CERT-EU This Month

Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally. Rated medium severity (CVSS 6.7). No vendor patch available.

Microsoft Information Disclosure Windows 10 1607 Windows 10 1809 Windows 10 21h2 +10
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2025-49753 HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2025 Windows Server 2019 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49744 HIGH POC PATCH This Week

Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Microsoft Heap Overflow Buffer Overflow Windows 10 22h2 Windows Server 2016 +11
NVD Exploit-DB
CVSS 3.1
7.0
EPSS
0.9%
CVE-2025-49742 HIGH PATCH This Week

Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally.

Microsoft Heap Overflow Buffer Overflow Windows 10 21h2 Windows Server 2008 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49740 HIGH PATCH This Week

Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network.

Microsoft Authentication Bypass Windows Server 2019 Windows 10 22h2 Windows Server 2025 +11
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49735 HIGH PATCH This Week

Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network.

Microsoft Use After Free Memory Corruption Denial Of Service Windows Server 2025 +6
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-49732 HIGH PATCH This Week

Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Microsoft Heap Overflow Buffer Overflow Windows 10 1809 Windows 10 22h2 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49730 HIGH POC PATCH This Week

Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally.

Microsoft Heap Overflow Buffer Overflow Windows Server 2012 Windows 10 22h2 +14
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2025-49729 HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2012 Windows Server 2019 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49727 HIGH PATCH This Week

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

Microsoft Heap Overflow Buffer Overflow Windows Server 2025 Windows 11 22h2 +14
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-49726 HIGH PATCH This Week

Use after free in Windows Notification allows an authorized attacker to elevate privileges locally.

Microsoft Use After Free Memory Corruption Denial Of Service Windows 10 22h2 +12
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49725 HIGH PATCH This Week

Use after free in Windows Notification allows an authorized attacker to elevate privileges locally.

Microsoft Use After Free Memory Corruption Denial Of Service Windows 10 22h2 +12
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49722 MEDIUM PATCH This Month

Uncontrolled resource consumption in Windows Print Spooler Components allows an authorized attacker to deny service over an adjacent network.

Microsoft Denial Of Service Windows 10 21h2 Windows Server 2016 Windows 10 1507 +13
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2025-49721 HIGH PATCH This Week

Heap-based buffer overflow in Windows Fast FAT Driver allows an unauthorized attacker to elevate privileges locally.

Microsoft Heap Overflow Buffer Overflow Windows Server 2012 Windows Server 2019 +14
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49716 HIGH PATCH This Week

Uncontrolled resource consumption in Windows Netlogon allows an unauthorized attacker to deny service over a network.

Microsoft Denial Of Service Windows Server 2012 Windows Server 2016 Windows Server 2022 +4
NVD
CVSS 3.1
7.5
EPSS
8.7%
CVE-2025-49691 HIGH PATCH This Week

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over an adjacent network.

Microsoft Heap Overflow Buffer Overflow Windows 10 1607 Windows 11 22h2 +12
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-49689 HIGH PATCH This Week

Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.

Information Disclosure Buffer Overflow Windows Server 2022 23h2 Windows Server 2019 Windows 10 22h2 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49688 HIGH PATCH This Week

CVE-2025-49688 is a security vulnerability (CVSS 8.8) that allows an unauthorized attacker. High severity vulnerability requiring prompt remediation.

Microsoft Authentication Bypass Windows Server 2022 Windows Server 2022 23h2 Windows Server 2012 +4
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49687 HIGH PATCH This Week

Out-of-bounds read in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure Buffer Overflow Windows 10 22h2 Windows 11 23h2 +12
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49686 HIGH PATCH This Week

Null pointer dereference in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

Microsoft Null Pointer Dereference Denial Of Service Windows Server 2022 Windows Server 2019 +14
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49684 MEDIUM PATCH This Month

Buffer over-read in Storage Port Driver allows an authorized attacker to disclose information locally.

Buffer Overflow Windows 10 1507 Windows Server 2016 Windows Server 2019 Windows Server 2025 +11
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-49683 HIGH POC PATCH This Week

Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execute code locally.

Heap Overflow Buffer Overflow Windows 10 22h2 Windows 10 21h2 Windows 11 24h2 +13
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-49681 MEDIUM PATCH This Month

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Buffer Overflow Windows Server 2012 Windows Server 2022 +6
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-49680 HIGH PATCH This Week

Improper link resolution before file access ('link following') in Windows Performance Recorder allows an authorized attacker to deny service locally.

Microsoft Information Disclosure Windows 11 24h2 Windows Server 2025 Windows 10 21h2 +11
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-49679 HIGH PATCH This Week

A privilege escalation vulnerability in Numeric truncation error in Windows Shell (CVSS 7.8) that allows an authorized attacker. High severity vulnerability requiring prompt remediation.

Microsoft Information Disclosure Windows 10 22h2 Windows Server 2019 Windows Server 2016 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49678 HIGH PATCH This Week

Null pointer dereference in Windows NTFS allows an authorized attacker to elevate privileges locally.

Microsoft Race Condition Denial Of Service Windows Server 2016 Windows 10 22h2 +14
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-49676 HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2022 23h2 Windows Server 2025 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49675 HIGH PATCH This Week

Use after free in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.

Use After Free Memory Corruption Denial Of Service Windows Server 2025 Windows 10 22h2 +14
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49674 HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2022 23h2 Windows Server 2022 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49673 HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2016 Windows Server 2012 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49672 HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2019 Windows Server 2025 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49671 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Buffer Overflow Windows Server 2022 Windows Server 2025 +6
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-49670 MEDIUM PATCH This Month

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2012 Windows Server 2025 +6
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-49669 HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2008 Windows Server 2019 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49668 HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2008 Windows Server 2012 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49667 HIGH PATCH This Week

A privilege escalation vulnerability in Double free in Windows Win32K - ICOMP (CVSS 7.8) that allows an authorized attacker. High severity vulnerability requiring prompt remediation.

Microsoft Information Disclosure Windows Server 2025 Windows 10 1809 Windows Server 2012 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49666 HIGH PATCH This Week

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2022 Windows Server 2016 +4
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-49665 HIGH PATCH This Week

Concurrent execution using shared resource with improper synchronization ('race condition') in Workspace Broker allows an authorized attacker to elevate privileges locally.

Race Condition Information Disclosure Windows 10 1607 Windows Server 2022 Windows 10 1507 +12
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49664 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows User-Mode Driver Framework Host allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows Server 2019 Windows 11 22h2 Windows 10 21h2 +13
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-49663 HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2019 Windows Server 2025 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49661 HIGH PATCH This Week

A privilege escalation vulnerability in Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock (CVSS 7.8) that allows an authorized attacker. High severity vulnerability requiring prompt remediation.

Microsoft Information Disclosure Windows Server 2008 Windows Server 2022 23h2 Windows 10 1507 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49660 HIGH PATCH This Week

Use after free in Windows Event Tracing allows an authorized attacker to elevate privileges locally.

Microsoft Use After Free Memory Corruption Denial Of Service Windows 10 21h2 +14
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49659 HIGH PATCH This Week

Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.

Microsoft Buffer Overflow Windows Server 2025 Windows 10 1809 Windows Server 2019 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49658 MEDIUM PATCH This Month

Out-of-bounds read in Windows TDX.sys allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Buffer Overflow Windows Server 2019 Windows Server 2012 +14
NVD
CVSS 3.1
5.5
EPSS
0.1%
EPSS 0% CVSS 7.8
HIGH This Week

Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure +15
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure +15
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Numeric truncation error in Windows Hyper-V allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft +15
NVD
EPSS 10% CVSS 7.5
HIGH Act Now

Uncontrolled resource consumption in Windows Remote Desktop Services allows an unauthorized attacker to deny service over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.2% and no vendor patch available.

Denial Of Service Microsoft Windows 10 1507 +15
NVD
EPSS 0% CVSS 8.0
HIGH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft +8
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2008 +7
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free +17
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft +15
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Microsoft +16
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2008 +7
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Use after free in Desktop Windows Manager allows an authorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +14
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Windows 10 1507 +15
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2008 +7
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free +17
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure +16
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure +16
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure +16
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Microsoft +16
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Use after free in Kernel Transaction Manager allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free +16
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2008 +7
NVD
EPSS 0% CVSS 7.0
HIGH This Month

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free +17
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Exposure of sensitive information to an unauthorized actor in Windows NT OS Kernel allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 +15
NVD
EPSS 0% CVSS 7.0
HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Microsoft Race Condition +15
NVD
EPSS 0% CVSS 7.0
HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 +15
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Race Condition +16
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Use after free in Windows Message Queuing allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Microsoft Race Condition +16
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Weak authentication in Windows Installer allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 +15
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Microsoft Race Condition +15
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Integer overflow or wraparound in Windows Distributed Transaction Coordinator allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Integer Overflow +16
NVD
EPSS 0% CVSS 8.0
HIGH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft +8
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft +8
NVD
EPSS 0% CVSS 8.0
HIGH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft +8
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft +16
NVD
EPSS 0% CVSS 8.0
HIGH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft +8
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Use after free in Remote Access Point-to-Point Protocol (PPP) EAP-TLS allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +15
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Time-of-check time-of-use (toctou) race condition in Windows NTFS allows an unauthorized attacker to disclose information locally. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 +15
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2008 +7
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2008 +7
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft +15
NVD
EPSS 15% CVSS 6.5
MEDIUM POC THREAT This Month

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 15.1%.

Microsoft Information Disclosure Windows 10 1507 +15
NVD GitHub Exploit-DB
EPSS 0% CVSS 7.8
HIGH This Week

Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +14
NVD
EPSS 0% CVSS 7.0
HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Microsoft Race Condition +16
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +17
NVD
EPSS 0% CVSS 8.8
HIGH This Month

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft +8
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1607 +12
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7). No vendor patch available.

Information Disclosure Microsoft Race Condition +15
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally. Rated medium severity (CVSS 6.7). No vendor patch available.

Microsoft Information Disclosure Windows 10 1607 +12
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow +8
NVD
EPSS 1% CVSS 7.0
HIGH POC PATCH This Week

Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Microsoft Heap Overflow Buffer Overflow +13
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally.

Microsoft Heap Overflow Buffer Overflow +15
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network.

Microsoft Authentication Bypass Windows Server 2019 +13
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network.

Microsoft Use After Free Memory Corruption +8
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Microsoft Heap Overflow Buffer Overflow +15
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally.

Microsoft Heap Overflow Buffer Overflow +16
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow +8
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

Microsoft Heap Overflow Buffer Overflow +16
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use after free in Windows Notification allows an authorized attacker to elevate privileges locally.

Microsoft Use After Free Memory Corruption +14
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use after free in Windows Notification allows an authorized attacker to elevate privileges locally.

Microsoft Use After Free Memory Corruption +14
NVD
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

Uncontrolled resource consumption in Windows Print Spooler Components allows an authorized attacker to deny service over an adjacent network.

Microsoft Denial Of Service Windows 10 21h2 +15
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Heap-based buffer overflow in Windows Fast FAT Driver allows an unauthorized attacker to elevate privileges locally.

Microsoft Heap Overflow Buffer Overflow +16
NVD
EPSS 9% CVSS 7.5
HIGH PATCH This Week

Uncontrolled resource consumption in Windows Netlogon allows an unauthorized attacker to deny service over a network.

Microsoft Denial Of Service Windows Server 2012 +6
NVD
EPSS 0% CVSS 8.0
HIGH PATCH This Week

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over an adjacent network.

Microsoft Heap Overflow Buffer Overflow +14
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.

Information Disclosure Buffer Overflow Windows Server 2022 23h2 +15
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

CVE-2025-49688 is a security vulnerability (CVSS 8.8) that allows an unauthorized attacker. High severity vulnerability requiring prompt remediation.

Microsoft Authentication Bypass Windows Server 2022 +6
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out-of-bounds read in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure Buffer Overflow +14
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Null pointer dereference in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

Microsoft Null Pointer Dereference Denial Of Service +16
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Buffer over-read in Storage Port Driver allows an authorized attacker to disclose information locally.

Buffer Overflow Windows 10 1507 Windows Server 2016 +13
NVD
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execute code locally.

Heap Overflow Buffer Overflow Windows 10 22h2 +15
NVD Exploit-DB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Buffer Overflow +8
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Improper link resolution before file access ('link following') in Windows Performance Recorder allows an authorized attacker to deny service locally.

Microsoft Information Disclosure Windows 11 24h2 +13
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A privilege escalation vulnerability in Numeric truncation error in Windows Shell (CVSS 7.8) that allows an authorized attacker. High severity vulnerability requiring prompt remediation.

Microsoft Information Disclosure Windows 10 22h2 +15
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Null pointer dereference in Windows NTFS allows an authorized attacker to elevate privileges locally.

Microsoft Race Condition Denial Of Service +16
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow +8
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use after free in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.

Use After Free Memory Corruption Denial Of Service +16
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow +8
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow +8
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow +8
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Buffer Overflow +8
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow +8
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow +8
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow +8
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A privilege escalation vulnerability in Double free in Windows Win32K - ICOMP (CVSS 7.8) that allows an authorized attacker. High severity vulnerability requiring prompt remediation.

Microsoft Information Disclosure Windows Server 2025 +15
NVD
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow +6
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Concurrent execution using shared resource with improper synchronization ('race condition') in Workspace Broker allows an authorized attacker to elevate privileges locally.

Race Condition Information Disclosure Windows 10 1607 +14
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows User-Mode Driver Framework Host allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows Server 2019 +15
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow +8
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A privilege escalation vulnerability in Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock (CVSS 7.8) that allows an authorized attacker. High severity vulnerability requiring prompt remediation.

Microsoft Information Disclosure Windows Server 2008 +15
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use after free in Windows Event Tracing allows an authorized attacker to elevate privileges locally.

Microsoft Use After Free Memory Corruption +16
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.

Microsoft Buffer Overflow Windows Server 2025 +15
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Out-of-bounds read in Windows TDX.sys allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Buffer Overflow +16
NVD
Prev Page 6 of 51 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy