Skip to main content

Windows Server 2019

4241 CVEs product

Monthly

CVE-2026-20824 MEDIUM PATCH This Month

Windows Remote Assistance contains a protection mechanism bypass that allows local attackers to circumvent a security feature without user interaction, affecting Windows 11 24h2, Windows Server 2012, 2022, and 2025. The vulnerability requires local access and user interaction to exploit, with potential impact limited to information disclosure. No patch is currently available for this medium-severity issue.

Windows Windows Server 2012 Windows Server 2025 Windows 11 24h2 Windows Server 2022 23h2 +10
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20823 MEDIUM PATCH This Month

Information disclosure in Windows File Explorer enables local authenticated users to read sensitive data on affected Windows systems including Windows 10 and Windows Server 2025. An attacker with valid local credentials can exploit this vulnerability to access confidential information without requiring user interaction. No patch is currently available for this issue.

Windows Windows Server 2025 Windows 10 22h2 Windows 10 21h2 Windows Server 2022 +9
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20822 HIGH PATCH This Week

Privilege escalation in Microsoft Graphics Component on Windows 11 25h2 and Windows Server 2019 exploits a use-after-free condition, enabling authenticated local attackers to gain elevated system privileges. The vulnerability requires moderate complexity to exploit and affects confidentiality, integrity, and availability of affected systems. No patch is currently available.

Microsoft Industrial Use After Free Windows 11 25h2 Windows Server 2019 +10
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20821 MEDIUM PATCH This Month

Windows RPC implementation leaks sensitive information to local attackers on Windows 10, Windows 11, and Windows Server 2022. An unauthenticated local attacker can exploit this information disclosure vulnerability without user interaction to access confidential data. No patch is currently available for this medium-severity vulnerability.

Windows Windows 11 25h2 Windows 10 1809 Windows 10 21h2 Windows Server 2022 +11
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-20820 HIGH PATCH This Week

Heap buffer overflow in Windows Common Log File System Driver (affecting Windows 10 1607, Server 2016, and Server 2022 23h2) enables authenticated local users to achieve complete system compromise through privilege escalation. The vulnerability requires valid credentials but no user interaction, making it a direct path to administrative control for insiders or attackers with initial access. No patch is currently available, leaving affected systems at elevated risk pending remediation.

Windows Buffer Overflow Heap Overflow Windows Server 2016 Windows Server 2022 23h2 +13
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20818 MEDIUM PATCH This Month

Windows Kernel inadvertently logs sensitive information to accessible log files, enabling local attackers to read confidential data on affected Windows and Linux systems. This information disclosure vulnerability requires no privileges or user interaction to exploit and impacts Windows Server 2016, 2022, and 2025 along with standard Windows installations. No patch is currently available for this medium-severity issue.

Linux Windows Windows Server 2016 Windows Server 2025 Windows Server 2022 23h2 +3
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-20816 HIGH PATCH This Week

Windows Installer contains a time-of-check time-of-use race condition that allows authenticated local attackers to escalate privileges on Windows 10 1809, Windows 11 25h2, and Windows Server 2022 23h2. An attacker with local access can exploit the window between permission validation and file operation execution to gain elevated system access. No patch is currently available for this vulnerability.

Windows Race Condition Windows 11 25h2 Windows 10 1809 Windows Server 2022 23h2 +12
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20814 HIGH PATCH This Week

Privilege escalation in the Graphics Kernel affects Linux, Windows Server 2016, and Windows 10 1607 through a race condition in shared resource synchronization. A local authenticated attacker can exploit this vulnerability to gain elevated privileges on the affected system. No patch is currently available for this vulnerability.

Linux Industrial Race Condition Windows Server 2016 Windows 10 1607 +11
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-20812 MEDIUM PATCH This Month

Windows LDAP input validation bypass in Windows 10 21H2, Windows 11 24H2, and Windows Server 2022 23H2 enables authenticated network attackers to modify data integrity without detection. The vulnerability requires valid credentials and network access but does not provide elevation of privilege or confidentiality breaches. No patch is currently available for this medium-severity issue.

Windows LDAP Windows 10 21h2 Windows 11 24h2 Windows Server 2022 23h2 +10
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-20810 HIGH PATCH This Week

The Windows Ancillary Function Driver for WinSock contains an improper memory deallocation vulnerability (CWE-590) that allows authenticated local attackers to achieve privilege escalation on affected Windows 10 and Windows Server 2019 systems. An attacker with local user privileges can exploit this flaw to gain SYSTEM-level access without user interaction. No patch is currently available for this vulnerability.

Windows Windows Server 2019 Windows 10 21h2 Windows 10 22h2 Windows 10 1809 +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20809 HIGH PATCH This Week

Privilege escalation in Windows Kernel Memory affects Windows 10 21h2 and Windows Server 2022 23h2, exploitable by local authenticated users through a race condition between permission checks and memory access. An attacker with local access can leverage this window to gain elevated system privileges. No patch is currently available.

Linux Windows Race Condition Windows Server 2022 23h2 Windows 10 21h2 +12
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20805 MEDIUM KEV PATCH THREAT Act Now

Desktop Windows Manager on Windows 10, Windows 11, and Windows Server 2022 leaks sensitive information to local authenticated users, enabling disclosure of confidential data without modifying or disrupting system functionality. This vulnerability is confirmed actively exploited and affects multiple Windows versions with no patch currently available. An authorized attacker can exploit this with minimal complexity to extract sensitive information from the system.

Windows Windows 11 23h2 Windows Server 2022 23h2 Windows 10 1809 Windows 11 25h2 +10
NVD VulDB
CVSS 3.1
5.5
EPSS
4.8%
CVE-2026-20804 HIGH PATCH This Week

Windows Hello privilege elevation flaw in Windows 10 21h2, Windows Server 2019, 2022, and 2022 23h2 enables local attackers to modify system data without authorization. The vulnerability stems from improper privilege assignment that bypasses access controls, allowing an unauthenticated attacker with local access to tamper with protected resources. Currently no patch is available and exploitation requires only local access with no special conditions or user interaction.

Windows Windows Server 2022 23h2 Windows Server 2022 Windows 10 21h2 Windows Server 2019 +9
NVD
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-0386 HIGH PATCH This Week

Windows Deployment Services contains improper access control that enables unauthenticated attackers on an adjacent network to execute arbitrary code with high privileges on affected Windows and Windows Server systems. The vulnerability affects multiple Windows versions including Server 2012, 2019, and 2022 variants, with no patch currently available. An adjacent network attacker requires only network proximity to exploit this vulnerability, making lateral movement within networked environments a significant risk.

Windows Windows Server 2019 Windows Server 2022 23h2 Windows Server 2012 Windows Server 2022 +4
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-62452 HIGH This Month

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Heap Overflow Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-62217 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Microsoft Information Disclosure Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-62215 HIGH POC KEV THREAT Act Now

Windows Kernel contains a race condition vulnerability enabling local privilege escalation through concurrent resource access with improper synchronization.

Race Condition Microsoft Information Disclosure Windows 10 1809 Windows 10 21h2 +9
NVD Exploit-DB VulDB
CVSS 3.1
7.0
EPSS
0.5%
CVE-2025-62213 HIGH This Month

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Microsoft Use After Free Windows 10 1607 +14
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-62209 MEDIUM This Month

Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-62208 MEDIUM This Month

Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-60724 CRITICAL This Week

Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Heap Overflow Office Office Long Term Servicing Channel +14
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-60723 MEDIUM This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to deny service over a network. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Microsoft Information Disclosure Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-60720 HIGH This Month

Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +12
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-60719 HIGH This Month

Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +12
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-60717 HIGH This Month

Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Microsoft Use After Free Windows 10 1809 +9
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-60716 HIGH This Month

Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Microsoft Use After Free Windows 10 1809 +10
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-60715 HIGH This Month

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Heap Overflow Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-60714 HIGH This Month

Heap-based buffer overflow in Windows OLE allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Heap Overflow Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-60713 HIGH This Month

Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows Server 2016 Windows Server 2019 Windows Server 2022 +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-60709 HIGH This Month

Out-of-bounds read in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-60708 MEDIUM This Month

Untrusted pointer dereference in Storvsp.sys Driver allows an authorized attacker to deny service locally. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Windows 10 1607 Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +9
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-60707 HIGH This Month

Use after free in Multimedia Class Scheduler Service (MMCSS) allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-60706 MEDIUM This Month

Out-of-bounds read in Windows Hyper-V allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-60705 HIGH This Month

Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows 10 1607 Windows 10 1809 Windows 10 21h2 +12
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-60704 HIGH This Month

Missing cryptographic step in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Authentication Bypass Windows 10 1607 Windows 10 1809 Windows 10 21h2 +12
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-60703 HIGH This Month

Untrusted pointer dereference in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +12
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-59515 HIGH This Month

Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Microsoft Use After Free Windows 10 1809 +9
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-59514 HIGH This Month

Improper privilege management in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Windows 10 1607 Windows 10 1809 Windows 10 21h2 +11
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-59513 MEDIUM This Month

Out-of-bounds read in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-59512 HIGH This Month

Improper access control in Customer Experience Improvement Program (CEIP) allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Windows 10 1607 Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +10
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-59511 HIGH This Month

External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +8
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-59510 MEDIUM This Month

Improper link resolution before file access ('link following') in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to deny service locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +11
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-59509 MEDIUM This Month

Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +8
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-59508 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Microsoft Information Disclosure Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-59507 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Microsoft Information Disclosure Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-59506 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Microsoft Information Disclosure Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-59505 HIGH This Month

Double free in Windows Smart Card allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +11
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-59214 MEDIUM This Month

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +14
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-55236 HIGH This Month

Time-of-check time-of-use (toctou) race condition in Graphics Kernel allows an authorized attacker to execute code locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Windows 10 1809 Windows 10 21h2 Windows 10 22h2 Windows 11 22h2 +7
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-55234 HIGH This Month

SMB Server might be susceptible to relay attacks depending on the configuration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-55226 MEDIUM This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to execute code locally. Rated medium severity (CVSS 6.7). No vendor patch available.

Information Disclosure Race Condition Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-55225 MEDIUM This Month

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure Windows Server 2008 Windows Server 2012 +6
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-55224 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally. Rated high severity (CVSS 7.8). No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-55223 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Race Condition Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +8
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-54919 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally. Rated high severity (CVSS 7.5). No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-54918 HIGH This Month

Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-54917 MEDIUM Monitor

Protection mechanism failure in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-54916 HIGH This Month

Stack-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Stack Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54915 MEDIUM This Month

Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2025-54913 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows UI XAML Maps MapControlSettings allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8). No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 1507 Windows 10 1607 +12
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-54912 HIGH This Month

Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54911 HIGH This Month

Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-54895 HIGH This Month

Integer overflow or wraparound in Windows SPNEGO Extended Negotiation allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8). No vendor patch available.

Buffer Overflow Microsoft Integer Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54894 HIGH This Month

Local Security Authority Subsystem Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54116 HIGH This Week

Improper access control in Windows MultiPoint Services allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-54115 HIGH This Week

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-54113 HIGH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Windows Server 2008 Windows Server 2012 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-54112 HIGH This Week

Use after free in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +12
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-54111 HIGH This Week

Use after free in Windows UI XAML Phone DatePickerFlyout allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8). No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54110 HIGH This Week

Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Integer Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-54109 MEDIUM This Month

Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2025-54107 MEDIUM Monitor

Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-54106 HIGH This Month

Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Integer Overflow Windows Server 2012 Windows Server 2016 +5
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-54104 MEDIUM This Month

Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2025-54102 HIGH This Month

Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1607 +12
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54101 MEDIUM Monitor

Use after free in Windows SMBv3 Client allows an authorized attacker to execute code over a network. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +12
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2025-54099 HIGH This Week

Stack-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Buffer Overflow Microsoft Stack Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-54098 HIGH This Week

Improper access control in Windows Hyper-V allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54097 MEDIUM This Month

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure Windows Server 2008 Windows Server 2012 +6
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-54096 MEDIUM This Month

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure Windows Server 2008 Windows Server 2012 +6
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-54095 MEDIUM This Month

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure Windows Server 2008 Windows Server 2012 +6
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-54094 MEDIUM This Month

Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2025-54093 HIGH This Week

Time-of-check time-of-use (toctou) race condition in Windows TCP/IP allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-54092 HIGH This Week

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54091 HIGH This Week

Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53810 MEDIUM This Month

Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2025-53808 MEDIUM This Month

Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2025-53807 HIGH This Week

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 1809 Windows 10 21h2 +8
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-53806 MEDIUM This Month

Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure Windows Server 2008 Windows Server 2012 +6
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-53804 MEDIUM This Month

Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
5.5
EPSS
0.1%
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Windows Remote Assistance contains a protection mechanism bypass that allows local attackers to circumvent a security feature without user interaction, affecting Windows 11 24h2, Windows Server 2012, 2022, and 2025. The vulnerability requires local access and user interaction to exploit, with potential impact limited to information disclosure. No patch is currently available for this medium-severity issue.

Windows Windows Server 2012 Windows Server 2025 +12
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Information disclosure in Windows File Explorer enables local authenticated users to read sensitive data on affected Windows systems including Windows 10 and Windows Server 2025. An attacker with valid local credentials can exploit this vulnerability to access confidential information without requiring user interaction. No patch is currently available for this issue.

Windows Windows Server 2025 Windows 10 22h2 +11
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Privilege escalation in Microsoft Graphics Component on Windows 11 25h2 and Windows Server 2019 exploits a use-after-free condition, enabling authenticated local attackers to gain elevated system privileges. The vulnerability requires moderate complexity to exploit and affects confidentiality, integrity, and availability of affected systems. No patch is currently available.

Microsoft Industrial Use After Free +12
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Windows RPC implementation leaks sensitive information to local attackers on Windows 10, Windows 11, and Windows Server 2022. An unauthenticated local attacker can exploit this information disclosure vulnerability without user interaction to access confidential data. No patch is currently available for this medium-severity vulnerability.

Windows Windows 11 25h2 Windows 10 1809 +13
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Heap buffer overflow in Windows Common Log File System Driver (affecting Windows 10 1607, Server 2016, and Server 2022 23h2) enables authenticated local users to achieve complete system compromise through privilege escalation. The vulnerability requires valid credentials but no user interaction, making it a direct path to administrative control for insiders or attackers with initial access. No patch is currently available, leaving affected systems at elevated risk pending remediation.

Windows Buffer Overflow Heap Overflow +15
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Windows Kernel inadvertently logs sensitive information to accessible log files, enabling local attackers to read confidential data on affected Windows and Linux systems. This information disclosure vulnerability requires no privileges or user interaction to exploit and impacts Windows Server 2016, 2022, and 2025 along with standard Windows installations. No patch is currently available for this medium-severity issue.

Linux Windows Windows Server 2016 +5
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Windows Installer contains a time-of-check time-of-use race condition that allows authenticated local attackers to escalate privileges on Windows 10 1809, Windows 11 25h2, and Windows Server 2022 23h2. An attacker with local access can exploit the window between permission validation and file operation execution to gain elevated system access. No patch is currently available for this vulnerability.

Windows Race Condition Windows 11 25h2 +14
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Privilege escalation in the Graphics Kernel affects Linux, Windows Server 2016, and Windows 10 1607 through a race condition in shared resource synchronization. A local authenticated attacker can exploit this vulnerability to gain elevated privileges on the affected system. No patch is currently available for this vulnerability.

Linux Industrial Race Condition +13
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Windows LDAP input validation bypass in Windows 10 21H2, Windows 11 24H2, and Windows Server 2022 23H2 enables authenticated network attackers to modify data integrity without detection. The vulnerability requires valid credentials and network access but does not provide elevation of privilege or confidentiality breaches. No patch is currently available for this medium-severity issue.

Windows LDAP Windows 10 21h2 +12
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The Windows Ancillary Function Driver for WinSock contains an improper memory deallocation vulnerability (CWE-590) that allows authenticated local attackers to achieve privilege escalation on affected Windows 10 and Windows Server 2019 systems. An attacker with local user privileges can exploit this flaw to gain SYSTEM-level access without user interaction. No patch is currently available for this vulnerability.

Windows Windows Server 2019 Windows 10 21h2 +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Privilege escalation in Windows Kernel Memory affects Windows 10 21h2 and Windows Server 2022 23h2, exploitable by local authenticated users through a race condition between permission checks and memory access. An attacker with local access can leverage this window to gain elevated system privileges. No patch is currently available.

Linux Windows Race Condition +14
NVD
EPSS 5% CVSS 5.5
MEDIUM KEV PATCH THREAT Act Now

Desktop Windows Manager on Windows 10, Windows 11, and Windows Server 2022 leaks sensitive information to local authenticated users, enabling disclosure of confidential data without modifying or disrupting system functionality. This vulnerability is confirmed actively exploited and affects multiple Windows versions with no patch currently available. An authorized attacker can exploit this with minimal complexity to extract sensitive information from the system.

Windows Windows 11 23h2 Windows Server 2022 23h2 +12
NVD VulDB
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Windows Hello privilege elevation flaw in Windows 10 21h2, Windows Server 2019, 2022, and 2022 23h2 enables local attackers to modify system data without authorization. The vulnerability stems from improper privilege assignment that bypasses access controls, allowing an unauthenticated attacker with local access to tamper with protected resources. Currently no patch is available and exploitation requires only local access with no special conditions or user interaction.

Windows Windows Server 2022 23h2 Windows Server 2022 +11
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Windows Deployment Services contains improper access control that enables unauthenticated attackers on an adjacent network to execute arbitrary code with high privileges on affected Windows and Windows Server systems. The vulnerability affects multiple Windows versions including Server 2012, 2019, and 2022 variants, with no patch currently available. An adjacent network attacker requires only network proximity to exploit this vulnerability, making lateral movement within networked environments a significant risk.

Windows Windows Server 2019 Windows Server 2022 23h2 +6
NVD
EPSS 0% CVSS 8.0
HIGH This Month

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Heap Overflow +15
NVD
EPSS 0% CVSS 7.0
HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Microsoft Information Disclosure +15
NVD
EPSS 1% CVSS 7.0
HIGH POC KEV THREAT Act Now

Windows Kernel contains a race condition vulnerability enabling local privilege escalation through concurrent resource access with improper synchronization.

Race Condition Microsoft Information Disclosure +11
NVD Exploit-DB VulDB
EPSS 0% CVSS 7.0
HIGH This Month

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Microsoft +16
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1507 +14
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1507 +14
NVD
EPSS 0% CVSS 9.8
CRITICAL This Week

Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Heap Overflow +16
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to deny service over a network. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Microsoft Information Disclosure +11
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Windows 10 1607 +14
NVD
EPSS 0% CVSS 7.0
HIGH This Month

Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Microsoft Windows 10 1607 +14
NVD
EPSS 0% CVSS 7.0
HIGH This Month

Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Microsoft +11
NVD
EPSS 0% CVSS 7.0
HIGH This Month

Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Microsoft +12
NVD
EPSS 0% CVSS 8.0
HIGH This Month

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Heap Overflow +15
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Heap-based buffer overflow in Windows OLE allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Heap Overflow +12
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows Server 2016 +5
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Out-of-bounds read in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure +15
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Untrusted pointer dereference in Storvsp.sys Driver allows an authorized attacker to deny service locally. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Windows 10 1607 Windows 10 1809 +11
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Use after free in Multimedia Class Scheduler Service (MMCSS) allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +11
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Out-of-bounds read in Windows Hyper-V allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure +13
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows 10 1607 +14
NVD
EPSS 0% CVSS 7.5
HIGH This Month

Missing cryptographic step in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Authentication Bypass Windows 10 1607 +14
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Untrusted pointer dereference in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1607 +14
NVD
EPSS 0% CVSS 7.0
HIGH This Month

Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Microsoft +11
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Improper privilege management in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Windows 10 1607 +13
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Out-of-bounds read in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure +14
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Improper access control in Customer Experience Improvement Program (CEIP) allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Windows 10 1607 Windows 10 1809 +12
NVD
EPSS 0% CVSS 7.8
HIGH This Month

External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1809 +10
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper link resolution before file access ('link following') in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to deny service locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1607 +13
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1809 +10
NVD
EPSS 0% CVSS 7.0
HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Microsoft Information Disclosure +13
NVD
EPSS 0% CVSS 7.0
HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Microsoft Information Disclosure +13
NVD
EPSS 0% CVSS 7.0
HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Microsoft Information Disclosure +14
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Double free in Windows Smart Card allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1607 +13
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 +16
NVD GitHub
EPSS 0% CVSS 7.3
HIGH This Month

Time-of-check time-of-use (toctou) race condition in Graphics Kernel allows an authorized attacker to execute code locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Windows 10 1809 Windows 10 21h2 +9
NVD
EPSS 0% CVSS 8.8
HIGH This Month

SMB Server might be susceptible to relay attacks depending on the configuration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 +14
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to execute code locally. Rated medium severity (CVSS 6.7). No vendor patch available.

Information Disclosure Race Condition Windows 10 1507 +15
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure +8
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally. Rated high severity (CVSS 7.8). No vendor patch available.

Information Disclosure Microsoft Race Condition +11
NVD
EPSS 0% CVSS 7.0
HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Race Condition Windows 10 1809 +10
NVD
EPSS 0% CVSS 7.5
HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally. Rated high severity (CVSS 7.5). No vendor patch available.

Information Disclosure Microsoft Race Condition +11
NVD
EPSS 0% CVSS 8.8
HIGH This Month

Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 +15
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

Protection mechanism failure in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 +15
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Stack-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Stack Overflow +16
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure +16
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows UI XAML Maps MapControlSettings allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8). No vendor patch available.

Information Disclosure Microsoft Race Condition +14
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +17
NVD
EPSS 0% CVSS 7.3
HIGH This Month

Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +17
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Integer overflow or wraparound in Windows SPNEGO Extended Negotiation allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8). No vendor patch available.

Buffer Overflow Microsoft Integer Overflow +16
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Local Security Authority Subsystem Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Windows 10 1507 +15
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Improper access control in Windows MultiPoint Services allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 +13
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Microsoft Race Condition +11
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft +8
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Use after free in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free +14
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Use after free in Windows UI XAML Phone DatePickerFlyout allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8). No vendor patch available.

Memory Corruption Denial Of Service Use After Free +15
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Integer Overflow +16
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure +16
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 +15
NVD
EPSS 0% CVSS 8.8
HIGH This Month

Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Integer Overflow +7
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure +16
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +14
NVD
EPSS 0% CVSS 4.8
MEDIUM Monitor

Use after free in Windows SMBv3 Client allows an authorized attacker to execute code over a network. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +14
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Stack-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Buffer Overflow Microsoft Stack Overflow +16
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Improper access control in Windows Hyper-V allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 +15
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure +8
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure +8
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure +8
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure +16
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Time-of-check time-of-use (toctou) race condition in Windows TCP/IP allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 +15
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Race Condition +11
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft +15
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure +16
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure +16
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Microsoft Race Condition +10
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure +8
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 +14
NVD
Prev Page 6 of 48 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy