Skip to main content

Windows

1584 CVEs product

Monthly

CVE-2025-47962 HIGH PATCH This Week

CVE-2025-47962 is an improper access control vulnerability in Windows SDK that allows an authenticated local attacker to escalate privileges without user interaction. The vulnerability affects Windows SDK components and presents a high risk due to its CVSS score of 7.8 (High severity) with high impact on confidentiality, integrity, and availability. While no active exploitation in the wild (KEV status) or public POC has been confirmed at this time, the low attack complexity and requirement for only local user privileges make this a significant priority for Windows environments.

Microsoft Windows Privilege Escalation Windows Software Development Kit
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-47957 HIGH POC This Week

Use-after-free vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary code with high privileges. The vulnerability affects Word processing functionality and requires no user interaction, making it a critical local privilege escalation vector. Without confirmed KEV status or public POC availability, real-world exploitation likelihood should be assessed against EPSS data and patch availability from Microsoft security advisories.

Use After Free Microsoft Windows RCE Office Long Term Servicing Channel +1
NVD Exploit-DB
CVSS 3.1
8.4
EPSS
0.7%
CVE-2025-47956 MEDIUM PATCH This Month

A security vulnerability in External control of file name or path in Windows Security App (CVSS 5.5) that allows an authorized attacker. Remediation should follow standard vulnerability management procedures.

Microsoft Information Disclosure Windows Security App Windows
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2025-47955 HIGH PATCH This Week

Privilege escalation vulnerability in Windows Remote Access Connection Manager that allows an authenticated local attacker to elevate privileges to a higher integrity level without user interaction. The vulnerability affects Windows systems with Remote Access Connection Manager enabled and has a CVSS score of 7.8 (High severity). While no active exploitation in the wild has been publicly confirmed at this time, the local attack vector combined with low complexity and no user interaction requirement makes this a significant risk for multi-user or compromised systems where an attacker already has local access.

Microsoft Privilege Escalation Windows Windows Server 2022 Windows 10 1507 +13
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-47176 HIGH This Week

Local code execution vulnerability in Microsoft Office Outlook triggered by improper path traversal handling (CWE-35) in the '.../...//' sequence. Authorized users with local access can exploit this to execute arbitrary code with the privileges of the Outlook process, achieving high confidentiality, integrity, and availability impact. This vulnerability requires local access and existing user privileges but no user interaction, making it a significant risk for multi-user systems or compromised local accounts.

Microsoft Outlook Windows RCE 365 Apps +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2025-47174 HIGH This Week

Heap-based buffer overflow vulnerability in Microsoft Office Excel that allows local attackers to execute arbitrary code with high privileges (confidentiality, integrity, and availability impact). The vulnerability requires user interaction (opening a malicious Excel file) but no special privileges, making it a practical threat to Excel users. With a CVSS score of 7.8 and local attack vector, this represents a significant code execution risk for organizations relying on Excel for document processing.

Microsoft Buffer Overflow Windows RCE Office Long Term Servicing Channel +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-47173 HIGH PATCH This Week

CVE-2025-47173 is an improper input validation vulnerability in Microsoft Office that allows local code execution without requiring user privileges, though user interaction is needed. An attacker with local access can craft a malicious Office document that, when opened by a user, executes arbitrary code with the privileges of the affected Office application. This vulnerability affects Microsoft Office products across multiple versions and poses a moderate-to-high risk given its local attack vector and high impact on confidentiality, integrity, and availability.

Microsoft RCE Windows Office Long Term Servicing Channel Office +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-47169 HIGH PATCH This Week

Heap-based buffer overflow vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. The vulnerability requires user interaction (opening a malicious document) but no elevated privileges, making it a significant local code execution threat affecting Word users who open untrusted documents.

Microsoft Buffer Overflow Windows RCE Office +5
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-47168 HIGH PATCH This Week

Use-after-free vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary code with high severity (CVSS 7.8). The vulnerability requires user interaction (opening a malicious document) but grants complete system compromise through code execution. This is a memory safety issue (CWE-416) in Word's document processing engine that could be actively exploited if public POC becomes available.

Use After Free Microsoft Windows RCE Office Long Term Servicing Channel +5
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-47165 HIGH POC PATCH This Week

Use-after-free vulnerability in Microsoft Office Excel that allows local code execution with high severity (CVSS 7.8). An attacker with local access can trigger the vulnerability through user interaction (opening a malicious file) to execute arbitrary code with the privileges of the Excel process, potentially achieving full system compromise. No KEV status, active exploitation data, or public POC availability was confirmed in the provided dataset, but the high CVSS score and local attack vector indicate this requires prompt patching.

Use After Free Microsoft Windows RCE Excel +4
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2025-47160 MEDIUM PATCH This Month

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

Microsoft Authentication Bypass Windows 10 1507 Windows 11 24h2 Windows Server 2016 +12
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2025-33075 HIGH PATCH This Week

Privilege escalation vulnerability in Windows Installer that exploits improper symlink/junction handling (CWE-59: link following) to allow an authorized local attacker to elevate privileges without user interaction. With a CVSS score of 7.8 and CVSS vector indicating local attack vector with low complexity and no user interaction required, this vulnerability affects Windows Installer across multiple versions. Real-world risk depends on KEV/CISA status and EPSS probability, which should be cross-referenced against active exploitation reports and POC availability.

Microsoft Windows Privilege Escalation Windows Server 2019 Windows Server 2025 +13
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2025-33073 HIGH POC KEV PATCH THREAT Act Now

Windows SMB contains an improper access control vulnerability (CVE-2025-33073, CVSS 8.8) enabling authenticated attackers to escalate privileges over the network. KEV-listed with EPSS 57.6% and public PoC, this vulnerability in the core Windows file sharing protocol affects every Windows system on the network, enabling lateral movement from any compromised domain account to SYSTEM-level access on SMB-accessible systems.

Microsoft Information Disclosure Windows Server 2022 Windows 11 24h2 Windows 10 21h2 +14
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
57.6%
Threat
6.5
CVE-2025-33071 HIGH PATCH This Week

Use-after-free memory corruption vulnerability in Windows KDC Proxy Service (KPSSVC) that allows unauthenticated network attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. The vulnerability affects Windows systems running the Kerberos KDC Proxy Service and represents a critical remote code execution risk in Active Directory environments. While specific KEV/POC status and EPSS scores are not provided in the source data, the network attack vector combined with high CVSS 8.1 score and remote code execution capability indicates this is a significant priority for organizations relying on Windows authentication infrastructure.

Use After Free Microsoft Windows RCE Windows Server 2022 23h2 +5
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-33070 HIGH PATCH This Week

Use-of-uninitialized-resource vulnerability in Windows Netlogon that allows unauthenticated network attackers to achieve privilege escalation through a complex exploitation path. The vulnerability affects Windows systems running Netlogon services and enables remote code execution with high impact on confidentiality, integrity, and availability. Given the network-based attack vector and lack of authentication requirements, this represents a significant threat to networked Windows environments, though exploitation requires specific conditions (high attack complexity).

Microsoft Authentication Bypass Windows 11 24h2 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2025-33068 HIGH PATCH Act Now

Windows Standards-Based Storage Management Service contains an uncontrolled resource consumption vulnerability allowing unauthenticated network attackers to cause denial of service. The service manages storage operations and its disruption affects storage provisioning and management on Windows servers.

Microsoft Denial Of Service Windows Windows Server 2012 Windows Server 2019 +3
NVD
CVSS 3.1
7.5
EPSS
26.8%
CVE-2025-33067 HIGH PATCH This Week

Local privilege escalation vulnerability in the Windows Kernel stemming from improper privilege management (CWE-269), allowing an unauthenticated attacker with local system access to escalate privileges without user interaction. This affects multiple Windows versions and has a CVSS 8.4 severity rating indicating high confidentiality, integrity, and availability impact. The vulnerability's low attack complexity (AC:L) and lack of privilege requirements (PR:N) indicate it is relatively straightforward to exploit for any local attacker.

Microsoft Privilege Escalation Windows Windows 10 22h2 Windows 10 1809 +11
NVD
CVSS 3.1
8.4
EPSS
0.3%
CVE-2025-33066 HIGH PATCH This Week

Heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service (RRAS) that allows unauthenticated remote attackers to execute arbitrary code over the network with user interaction. This is a critical network-accessible vulnerability affecting Windows systems running RRAS; successful exploitation grants the attacker complete system compromise with high confidentiality, integrity, and availability impact. The CVSS 8.8 score reflects the severity, though real-world exploitation probability and active KEV status would determine if this is actively weaponized.

Microsoft Buffer Overflow Windows 11 23h2 Windows 10 1809 Windows Server 2019 +13
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-33065 MEDIUM PATCH This Month

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Microsoft Buffer Overflow Information Disclosure Windows 11 22h2 Windows Server 2025 +12
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-33064 HIGH PATCH This Week

Heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service (RRAS) that allows authenticated network attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. This is a critical vulnerability affecting RRAS implementations across Windows Server and client operating systems; exploitation requires valid credentials but no user interaction, making it suitable for lateral movement and privilege escalation scenarios within compromised networks.

Microsoft Buffer Overflow Windows Server 2025 Windows 11 23h2 Windows 10 1507 +13
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-33063 MEDIUM PATCH This Month

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Microsoft Buffer Overflow Information Disclosure Windows 10 22h2 Windows Server 2025 +10
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-33062 MEDIUM PATCH This Month

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Microsoft Buffer Overflow Information Disclosure Windows 11 22h2 Windows 10 22h2 +11
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-33061 MEDIUM PATCH This Month

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Microsoft Buffer Overflow Information Disclosure Windows Server 2016 Windows Server 2025 +11
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-33060 MEDIUM PATCH This Month

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Microsoft Buffer Overflow Information Disclosure Windows 10 21h2 Windows 10 22h2 +13
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-33059 MEDIUM PATCH This Month

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Microsoft Buffer Overflow Information Disclosure Windows 10 1607 Windows 10 1507 +12
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-33058 MEDIUM PATCH This Month

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Microsoft Buffer Overflow Information Disclosure Windows 10 21h2 Windows 11 24h2 +12
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-33057 MEDIUM PATCH This Month

Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network.

Microsoft Null Pointer Dereference Denial Of Service Windows 10 1809 Windows 11 24h2 +14
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2025-33056 HIGH PATCH This Week

Network-accessible denial-of-service vulnerability in Microsoft's Local Security Authority Server (lsasrv) caused by improper access control (CWE-284). An unauthenticated remote attacker can exploit this with low complexity to render the LSA service unavailable, affecting authentication and security policy enforcement on affected Windows systems. The CVSS 7.5 severity reflects the high availability impact; however, real-world risk depends on EPSS score, KEV candidacy status, and active exploitation data not provided in the source materials.

Microsoft Windows Denial Of Service Windows Server 2022 Windows 11 22h2 +13
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2025-33055 MEDIUM PATCH This Month

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Microsoft Buffer Overflow Information Disclosure Windows 11 22h2 Windows Server 2016 +12
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-33053 HIGH POC KEV PATCH THREAT Act Now

Windows Internet Shortcut Files (.url) contain an external control vulnerability (CVE-2025-33053, CVSS 8.8) that enables remote code execution over a network. KEV-listed with EPSS 48.5% and public PoC, this vulnerability allows attackers to craft malicious .url files that execute arbitrary code when opened, bypassing the security restrictions normally applied to internet-sourced shortcut files.

Microsoft Windows RCE Path Traversal Windows Server 2016 +14
NVD
CVSS 3.1
8.8
EPSS
48.5%
Threat
6.2
CVE-2025-33052 MEDIUM PATCH This Month

Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 22h2 Windows 11 23h2 Windows Server 2022 +8
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2025-33050 HIGH PATCH This Week

Protection mechanism failure in Windows DHCP Server that enables network-based denial-of-service attacks without requiring authentication or user interaction. An attacker can remotely exploit this vulnerability to render DHCP services unavailable, disrupting network connectivity for affected systems. The high CVSS score of 7.5 and network attack vector indicate significant availability impact, though no confidentiality or integrity compromise occurs.

Microsoft Windows Dhcp Denial Of Service Windows Server 2025 +4
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2025-32725 HIGH PATCH This Week

Network-accessible denial-of-service vulnerability in Windows DHCP Server caused by a protection mechanism failure (CWE-693), allowing unauthenticated attackers to exhaust server availability without requiring authentication or user interaction. The vulnerability affects Windows DHCP Server implementations across multiple versions and has a CVSS severity of 7.5 (High). While the description does not explicitly reference KEV inclusion, active exploitation status, or EPSS data, the low attack complexity (AC:L) and network accessibility (AV:N) combined with no authentication requirements indicate this represents a credible denial-of-service threat to DHCP infrastructure.

Microsoft Windows Dhcp Denial Of Service Windows Server 2025 +4
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2025-32724 HIGH PATCH Act Now

Windows Local Security Authority Subsystem Service (LSASS) contains an uncontrolled resource consumption vulnerability that allows unauthenticated remote attackers to cause a denial of service. Crashing or degrading LSASS disrupts all authentication and authorization on the affected Windows server, effectively taking the system offline.

Microsoft Authentication Bypass Windows 10 21h2 Windows Server 2012 Windows 11 24h2 +13
NVD
CVSS 3.1
7.5
EPSS
28.3%
CVE-2025-32722 MEDIUM PATCH This Month

Improper access control in Windows Storage Port Driver allows an authorized attacker to disclose information locally.

Microsoft Authentication Bypass Windows 10 1507 Windows Server 2022 Windows 11 24h2 +12
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2025-32721 HIGH PATCH This Week

Privilege escalation vulnerability in Windows Recovery Driver caused by improper symlink/hardlink resolution (CWE-59: link following) that allows an authenticated local attacker to elevate privileges to SYSTEM level. The vulnerability requires user interaction and local code execution capability but provides complete system compromise once exploited. With a CVSS score of 7.3 and local attack vector, this poses significant risk to multi-user Windows systems, particularly in enterprise environments where standard users have local access.

Microsoft Windows Privilege Escalation Windows Server 2025 Windows 11 23h2 +11
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2025-32720 MEDIUM PATCH This Month

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Microsoft Buffer Overflow Information Disclosure Windows 10 1607 Windows 10 1507 +13
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-32719 MEDIUM PATCH This Month

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Microsoft Buffer Overflow Information Disclosure Windows Server 2022 23h2 Windows 10 1607 +12
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-32718 HIGH PATCH This Week

CVE-2025-32718 is an integer overflow vulnerability in Windows SMB that allows a locally authenticated attacker to achieve privilege escalation with high impact to confidentiality, integrity, and availability. The vulnerability affects Windows operating systems' SMB implementation and has a CVSS score of 7.8 (High) with low attack complexity, making it a significant local privilege escalation risk for multi-user systems and domain environments.

Microsoft Windows Privilege Escalation Integer Overflow Windows Server 2012 +13
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2025-32716 HIGH PATCH This Week

CVE-2025-32716 is an out-of-bounds read vulnerability in Windows Media that allows an authenticated local attacker to achieve privilege escalation on affected systems. The vulnerability has a CVSS score of 7.8 (high severity) due to its impact on confidentiality, integrity, and availability. Without confirmation of KEV status, active exploitation, or public POC availability from the provided data, the real-world risk assessment requires evaluation against the moderate attack complexity (local access required, authenticated user needed).

Microsoft Windows Privilege Escalation Windows Server 2022 Windows Server 2019 +11
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-32714 HIGH PATCH This Week

Local privilege escalation vulnerability in Windows Installer caused by improper access control (CWE-284) that allows an authorized local attacker to elevate privileges without user interaction. The vulnerability affects Windows Installer components across multiple Windows versions and has a CVSS score of 7.8 (High severity). Without confirmation of KEV status or active exploitation data, the high CVSS vector (Low attack complexity, Low privileges required) indicates this represents a significant risk to systems where local user accounts exist.

Microsoft Windows Privilege Escalation Windows 11 24h2 Windows Server 2022 23h2 +13
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-32713 HIGH PATCH This Week

Heap-based buffer overflow vulnerability in the Windows Common Log File System (CLFS) Driver that allows local authenticated attackers to achieve privilege escalation with high confidence of exploitation. The vulnerability affects Windows systems with the CLFS driver enabled and requires local access with standard user privileges; successful exploitation grants complete system compromise including code execution at SYSTEM level. While no public POC is confirmed in available intelligence, the straightforward nature of heap overflows and the high CVSS score (7.8) with low attack complexity indicate active research interest and potential for rapid weaponization.

Microsoft Buffer Overflow Windows Privilege Escalation Windows 10 1809 +14
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-32712 HIGH PATCH This Week

Use-after-free vulnerability in the Windows Win32K graphics subsystem (GRFX component) that allows a locally authenticated attacker to achieve arbitrary code execution and privilege escalation without user interaction. The vulnerability affects Windows systems with affected Win32K versions and carries a CVSS score of 7.8 (high severity). Given the local attack vector requirement and the need for prior authentication, real-world exploitation is constrained to insider threats or attackers who have already achieved initial access; however, the severity of the impact (complete system compromise) makes this a critical priority for patching.

Use After Free Microsoft Windows Privilege Escalation Windows Server 2022 23h2 +14
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-32710 HIGH PATCH This Week

Use-after-free vulnerability in Windows Remote Desktop Services (RDS) that allows unauthenticated network attackers to execute arbitrary code with high complexity requirements. The vulnerability affects Windows systems running RDS and represents a critical remote code execution risk; exploitation requires network access but no user interaction, though attack complexity is rated as high. If this CVE has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog, it indicates active exploitation in the wild and should be treated as an immediate priority.

Microsoft Windows Use After Free Windows Server 2025 Windows Server 2022 23h2 +6
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2025-29828 HIGH PATCH This Week

Memory management vulnerability in Windows Cryptographic Services where memory is not properly released after its effective lifetime, enabling unauthenticated remote code execution. The vulnerability affects Windows cryptographic components and allows network-based attackers to execute arbitrary code with high complexity requirements. While the CVSS score of 8.1 indicates significant severity, exploitation requires specific conditions (high attack complexity), and current status regarding KEV listing, EPSS score, and public POC availability is unknown pending official Microsoft advisory release.

Microsoft Windows RCE Memory Corruption Windows 11 24h2 +5
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2025-24069 MEDIUM PATCH This Month

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Microsoft Buffer Overflow Information Disclosure Windows Server 2016 Windows 10 22h2 +12
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-24068 MEDIUM PATCH This Month

Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Microsoft Buffer Overflow Windows Server 2016 Windows 11 22h2 Windows 10 22h2 +11
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-24065 MEDIUM PATCH This Month

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Microsoft Buffer Overflow Information Disclosure Windows Server 2022 Windows 11 24h2 +9
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-54019 MEDIUM This Month

A security vulnerability in Fortinet FortiClientWindows (CVSS 4.8) that allows an unauthorized attacker. Remediation should follow standard vulnerability management procedures.

Fortinet Authentication Bypass Forticlient Windows
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-20259 MEDIUM This Month

Multiple vulnerabilities in the update process of Cisco ThousandEyes Endpoint Agent for Windows could allow an authenticated, local attacker to delete arbitrary files on an affected device. These vulnerabilities are due to improper access controls on files that are in the local file system. An attacker could exploit these vulnerabilities by using a symbolic link to perform an agent upgrade that redirects the delete operation of any protected file. A successful exploit could allow the attacker to delete arbitrary files from the file system of the affected device.

Microsoft Path Traversal Cisco Thousandeyes Endpoint Agent Windows
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-48962 MEDIUM PATCH This Month

Sensitive information disclosure due to SSRF. The following products are affected: Acronis Cyber Protect 16 (Windows, Linux) before build 39938.

Microsoft Information Disclosure SSRF Windows
NVD
CVSS 3.0
4.3
EPSS
0.0%
CVE-2025-48961 HIGH PATCH This Week

Local privilege escalation vulnerability in Acronis Cyber Protect 16 (Windows) caused by insecure folder permissions (CWE-732), allowing authenticated local users to escalate privileges with high confidentiality, integrity, and availability impact. The vulnerability affects Windows installations before build 39938, and while the CVSS score of 7.3 indicates significant risk, exploitation requires local access and user interaction. No public indicators confirm active exploitation in the wild or widespread POC availability at this time.

Microsoft Privilege Escalation Windows
NVD
CVSS 3.0
7.3
EPSS
0.0%
CVE-2025-48960 MEDIUM PATCH This Month

CVE-2025-48960 is a security vulnerability (CVSS 5.9). Remediation should follow standard vulnerability management procedures.

Microsoft Apple Information Disclosure Windows macOS
NVD
CVSS 3.0
5.9
EPSS
0.0%
CVE-2025-27811 HIGH This Week

Local privilege escalation vulnerability in Razer Synapse 4 (versions through 4.0.86.2502180127) affecting the razer_elevation_service.exe component. An authenticated local attacker can exploit a vulnerable COM interface to escalate from standard user privileges to SYSTEM/administrative level, gaining full control over the affected system. The vulnerability has a CVSS score of 7.8 (high severity) and requires local access but no user interaction, making it a significant risk for multi-user systems and enterprise deployments.

Privilege Escalation Windows Synapse 4
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48959 MEDIUM PATCH This Month

Local privilege escalation due to insecure file permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 40077.

Microsoft Privilege Escalation Windows
NVD
CVSS 3.0
6.7
EPSS
0.0%
CVE-2025-30415 HIGH PATCH This Week

A denial of service vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation.

Microsoft Apple Denial Of Service Windows macOS
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2025-30167 PyPI HIGH PATCH This Week

A security vulnerability in Jupyter Core (CVSS 7.3) that allows users. High severity vulnerability requiring prompt remediation.

Microsoft Authentication Bypass Jupyter Core Windows Suse
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-46355 HIGH This Week

PC Time Tracer versions prior to 5.2 contain an incorrect default permissions vulnerability (CWE-276) that allows local authenticated attackers to execute arbitrary code with SYSTEM privileges on Windows systems. The vulnerability requires local access and user interaction but provides complete system compromise capability. No KEV/CISA known exploited vulnerability status or public POC availability is confirmed from the provided data, though the CVSS 7.3 score and EPSS analysis should be monitored for exploitation likelihood.

RCE Privilege Escalation Windows
NVD
CVSS 3.0
7.3
EPSS
0.0%
CVE-2025-20298 HIGH PATCH This Week

Privilege escalation vulnerability in Splunk Universal Forwarder for Windows where incorrect file system permissions are assigned during installation or upgrade, allowing non-administrator users to read and modify sensitive files in the installation directory. This affects versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, and could enable unauthorized access to credentials, configuration files, and system monitoring data. While CVSS 8.0 indicates high severity, real-world exploitation requires local access and user interaction (UI requirement per vector), limiting attack scope.

Splunk Windows Microsoft Privilege Escalation Information Disclosure +1
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-3050 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when using Q. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft IBM Denial Of Service Db2 Windows
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-2518 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft IBM Denial Of Service Db2 Windows
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-49350 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Stack Overflow Buffer Overflow Denial Of Service Microsoft +2
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-5334 HIGH This Month

Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows an authenticated user to gain unauthorized access to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Google Authentication Bypass Apple Remote Desktop Manager +4
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-24473 LOW Monitor

A exposure of sensitive system information to an unauthorized control sphere vulnerability in Fortinet FortiClientWindows 7.2.0 through 7.2.1, FortiClientWindows 7.0.13 through 7.0.14 may allow an. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Information Disclosure Fortinet Forticlient Windows
NVD
CVSS 3.1
3.7
EPSS
0.2%
CVE-2025-24917 HIGH This Month

In Tenable Network Monitor versions prior to 6.5.1 on a Windows host, it was found that a non-administrative user could stage files in a local directory to run arbitrary code with SYSTEM privileges,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft RCE Authentication Bypass Privilege Escalation Nessus Network Monitor +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-24916 HIGH This Month

When installing Tenable Network Monitor to a non-default location on a Windows host, Tenable Network Monitor versions prior to 6.5.1 did not enforce secure permissions for sub-directories. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Authentication Bypass Privilege Escalation Nessus Network Monitor Windows
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2024-13948 MEDIUM This Month

Windows permissions for ASPECT configuration toolsets are not fully secured allow-ing exposure of configuration information*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-46716 MEDIUM POC This Month

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Buffer Overflow Sandboxie Windows
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-46715 HIGH POC This Month

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Memory Corruption Buffer Overflow Sandboxie Windows
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-46714 HIGH POC This Month

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Buffer Overflow Sandboxie Windows
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-46713 HIGH POC This Month

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Buffer Overflow Sandboxie Windows
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-3943 MEDIUM Monitor

Use of GET Request Method With Sensitive Query Strings vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Parameter. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Niagara Niagara Enterprise Security Windows
NVD
CVSS 3.1
4.1
EPSS
0.4%
CVE-2025-3942 MEDIUM This Month

Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Niagara Niagara Enterprise Security Windows
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-3941 MEDIUM This Month

Improper Handling of Windows ::DATA Alternate Data Stream vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Input Data Manipulation.14.2,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Niagara Niagara Enterprise Security Windows
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2025-3940 MEDIUM This Month

Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation.14.2,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Niagara Niagara Enterprise Security Windows
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-3939 MEDIUM This Month

Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis.14.2, before 4.15.1,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Niagara Niagara Enterprise Security Windows
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-3938 MEDIUM This Month

Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis.14.2, before 4.15.1,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Niagara Niagara Enterprise Security Windows
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2025-3937 HIGH This Week

Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Niagara Niagara Enterprise Security Windows
NVD
CVSS 3.1
7.7
EPSS
0.1%
CVE-2025-3936 MEDIUM This Month

Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Exploiting Incorrectly Configured. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Niagara Niagara Enterprise Security Windows
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-48064 LOW Monitor

GitHub Desktop is an open-source, Electron-based GitHub app designed for git development. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Apple Windows macOS
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-2102 MEDIUM This Month

Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.1. Rated medium severity (CVSS 5.7). No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
CVSS 4.0
5.7
EPSS
0.1%
CVE-2025-0372 MEDIUM This Month

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.1. Rated medium severity (CVSS 5.9). No vendor patch available.

Microsoft Race Condition Privilege Escalation Windows
NVD
CVSS 4.0
5.9
EPSS
0.1%
CVE-2025-3223 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in GE Vernova WorkstationST on Windows (EGD Configuration Server modules) allows Path Traversal.10.10C and. Rated medium severity (CVSS 5.9). No vendor patch available.

Microsoft Path Traversal Windows
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-4211 HIGH This Month

Improper Link Resolution Before File Access ('Link Following') vulnerability in QFileSystemEngine in the Qt corelib module on Windows which potentially allows Symlink Attacks and the use of Malicious. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Privilege Escalation Windows Red Hat
NVD
CVSS 4.0
7.3
EPSS
0.2%
CVE-2025-47809 HIGH This Month

Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2025-43853 HIGH POC PATCH This Month

The WebAssembly Micro Runtime's (WAMR) iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface (WASI) and command line interface. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Webassembly Micro Runtime Windows
NVD GitHub
CVSS 4.0
7.0
EPSS
0.1%
CVE-2025-27525 LOW Monitor

Information Exposure vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows. Rated low severity (CVSS 3.9). No vendor patch available.

Microsoft Information Disclosure Windows
NVD
CVSS 3.1
3.9
EPSS
0.1%
CVE-2025-27524 MEDIUM This Month

Weak encryption vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-27523 HIGH This Month

XXE vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XXE Microsoft Windows
NVD
CVSS 3.1
8.7
EPSS
0.3%
CVE-2025-4641 Maven CRITICAL PATCH Act Now

Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager WebDriverManager on Windows, MacOS, Linux (XML parsing components modules) allows Data Serialization. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Microsoft Java Apple Windows +1
NVD GitHub
CVSS 4.0
9.3
EPSS
0.5%
EPSS 0% CVSS 7.8
HIGH PATCH This Week

CVE-2025-47962 is an improper access control vulnerability in Windows SDK that allows an authenticated local attacker to escalate privileges without user interaction. The vulnerability affects Windows SDK components and presents a high risk due to its CVSS score of 7.8 (High severity) with high impact on confidentiality, integrity, and availability. While no active exploitation in the wild (KEV status) or public POC has been confirmed at this time, the low attack complexity and requirement for only local user privileges make this a significant priority for Windows environments.

Microsoft Windows Privilege Escalation +1
NVD
EPSS 1% CVSS 8.4
HIGH POC This Week

Use-after-free vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary code with high privileges. The vulnerability affects Word processing functionality and requires no user interaction, making it a critical local privilege escalation vector. Without confirmed KEV status or public POC availability, real-world exploitation likelihood should be assessed against EPSS data and patch availability from Microsoft security advisories.

Use After Free Microsoft Windows +3
NVD Exploit-DB
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

A security vulnerability in External control of file name or path in Windows Security App (CVSS 5.5) that allows an authorized attacker. Remediation should follow standard vulnerability management procedures.

Microsoft Information Disclosure Windows Security App +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Privilege escalation vulnerability in Windows Remote Access Connection Manager that allows an authenticated local attacker to elevate privileges to a higher integrity level without user interaction. The vulnerability affects Windows systems with Remote Access Connection Manager enabled and has a CVSS score of 7.8 (High severity). While no active exploitation in the wild has been publicly confirmed at this time, the local attack vector combined with low complexity and no user interaction requirement makes this a significant risk for multi-user or compromised systems where an attacker already has local access.

Microsoft Privilege Escalation Windows +15
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Local code execution vulnerability in Microsoft Office Outlook triggered by improper path traversal handling (CWE-35) in the '.../...//' sequence. Authorized users with local access can exploit this to execute arbitrary code with the privileges of the Outlook process, achieving high confidentiality, integrity, and availability impact. This vulnerability requires local access and existing user privileges but no user interaction, making it a significant risk for multi-user systems or compromised local accounts.

Microsoft Outlook Windows +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Heap-based buffer overflow vulnerability in Microsoft Office Excel that allows local attackers to execute arbitrary code with high privileges (confidentiality, integrity, and availability impact). The vulnerability requires user interaction (opening a malicious Excel file) but no special privileges, making it a practical threat to Excel users. With a CVSS score of 7.8 and local attack vector, this represents a significant code execution risk for organizations relying on Excel for document processing.

Microsoft Buffer Overflow Windows +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

CVE-2025-47173 is an improper input validation vulnerability in Microsoft Office that allows local code execution without requiring user privileges, though user interaction is needed. An attacker with local access can craft a malicious Office document that, when opened by a user, executes arbitrary code with the privileges of the affected Office application. This vulnerability affects Microsoft Office products across multiple versions and poses a moderate-to-high risk given its local attack vector and high impact on confidentiality, integrity, and availability.

Microsoft RCE Windows +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Heap-based buffer overflow vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. The vulnerability requires user interaction (opening a malicious document) but no elevated privileges, making it a significant local code execution threat affecting Word users who open untrusted documents.

Microsoft Buffer Overflow Windows +7
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary code with high severity (CVSS 7.8). The vulnerability requires user interaction (opening a malicious document) but grants complete system compromise through code execution. This is a memory safety issue (CWE-416) in Word's document processing engine that could be actively exploited if public POC becomes available.

Use After Free Microsoft Windows +7
NVD
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Use-after-free vulnerability in Microsoft Office Excel that allows local code execution with high severity (CVSS 7.8). An attacker with local access can trigger the vulnerability through user interaction (opening a malicious file) to execute arbitrary code with the privileges of the Excel process, potentially achieving full system compromise. No KEV status, active exploitation data, or public POC availability was confirmed in the provided dataset, but the high CVSS score and local attack vector indicate this requires prompt patching.

Use After Free Microsoft Windows +6
NVD Exploit-DB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

Microsoft Authentication Bypass Windows 10 1507 +14
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Privilege escalation vulnerability in Windows Installer that exploits improper symlink/junction handling (CWE-59: link following) to allow an authorized local attacker to elevate privileges without user interaction. With a CVSS score of 7.8 and CVSS vector indicating local attack vector with low complexity and no user interaction required, this vulnerability affects Windows Installer across multiple versions. Real-world risk depends on KEV/CISA status and EPSS probability, which should be cross-referenced against active exploitation reports and POC availability.

Microsoft Windows Privilege Escalation +15
NVD
EPSS 58% 6.5 CVSS 8.8
HIGH POC KEV PATCH THREAT Act Now

Windows SMB contains an improper access control vulnerability (CVE-2025-33073, CVSS 8.8) enabling authenticated attackers to escalate privileges over the network. KEV-listed with EPSS 57.6% and public PoC, this vulnerability in the core Windows file sharing protocol affects every Windows system on the network, enabling lateral movement from any compromised domain account to SYSTEM-level access on SMB-accessible systems.

Microsoft Information Disclosure Windows Server 2022 +16
NVD Exploit-DB
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Use-after-free memory corruption vulnerability in Windows KDC Proxy Service (KPSSVC) that allows unauthenticated network attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. The vulnerability affects Windows systems running the Kerberos KDC Proxy Service and represents a critical remote code execution risk in Active Directory environments. While specific KEV/POC status and EPSS scores are not provided in the source data, the network attack vector combined with high CVSS 8.1 score and remote code execution capability indicates this is a significant priority for organizations relying on Windows authentication infrastructure.

Use After Free Microsoft Windows +7
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Use-of-uninitialized-resource vulnerability in Windows Netlogon that allows unauthenticated network attackers to achieve privilege escalation through a complex exploitation path. The vulnerability affects Windows systems running Netlogon services and enables remote code execution with high impact on confidentiality, integrity, and availability. Given the network-based attack vector and lack of authentication requirements, this represents a significant threat to networked Windows environments, though exploitation requires specific conditions (high attack complexity).

Microsoft Authentication Bypass Windows 11 24h2 +15
NVD
EPSS 27% CVSS 7.5
HIGH PATCH Act Now

Windows Standards-Based Storage Management Service contains an uncontrolled resource consumption vulnerability allowing unauthenticated network attackers to cause denial of service. The service manages storage operations and its disruption affects storage provisioning and management on Windows servers.

Microsoft Denial Of Service Windows +5
NVD
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Local privilege escalation vulnerability in the Windows Kernel stemming from improper privilege management (CWE-269), allowing an unauthenticated attacker with local system access to escalate privileges without user interaction. This affects multiple Windows versions and has a CVSS 8.4 severity rating indicating high confidentiality, integrity, and availability impact. The vulnerability's low attack complexity (AC:L) and lack of privilege requirements (PR:N) indicate it is relatively straightforward to exploit for any local attacker.

Microsoft Privilege Escalation Windows +13
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service (RRAS) that allows unauthenticated remote attackers to execute arbitrary code over the network with user interaction. This is a critical network-accessible vulnerability affecting Windows systems running RRAS; successful exploitation grants the attacker complete system compromise with high confidentiality, integrity, and availability impact. The CVSS 8.8 score reflects the severity, though real-world exploitation probability and active KEV status would determine if this is actively weaponized.

Microsoft Buffer Overflow Windows 11 23h2 +15
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Microsoft Buffer Overflow Information Disclosure +14
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service (RRAS) that allows authenticated network attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. This is a critical vulnerability affecting RRAS implementations across Windows Server and client operating systems; exploitation requires valid credentials but no user interaction, making it suitable for lateral movement and privilege escalation scenarios within compromised networks.

Microsoft Buffer Overflow Windows Server 2025 +15
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Microsoft Buffer Overflow Information Disclosure +12
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Microsoft Buffer Overflow Information Disclosure +13
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Microsoft Buffer Overflow Information Disclosure +13
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Microsoft Buffer Overflow Information Disclosure +15
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Microsoft Buffer Overflow Information Disclosure +14
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Microsoft Buffer Overflow Information Disclosure +14
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network.

Microsoft Null Pointer Dereference Denial Of Service +16
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Network-accessible denial-of-service vulnerability in Microsoft's Local Security Authority Server (lsasrv) caused by improper access control (CWE-284). An unauthenticated remote attacker can exploit this with low complexity to render the LSA service unavailable, affecting authentication and security policy enforcement on affected Windows systems. The CVSS 7.5 severity reflects the high availability impact; however, real-world risk depends on EPSS score, KEV candidacy status, and active exploitation data not provided in the source materials.

Microsoft Windows Denial Of Service +15
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Microsoft Buffer Overflow Information Disclosure +14
NVD
EPSS 49% 6.2 CVSS 8.8
HIGH POC KEV PATCH THREAT Act Now

Windows Internet Shortcut Files (.url) contain an external control vulnerability (CVE-2025-33053, CVSS 8.8) that enables remote code execution over a network. KEV-listed with EPSS 48.5% and public PoC, this vulnerability allows attackers to craft malicious .url files that execute arbitrary code when opened, bypassing the security restrictions normally applied to internet-sourced shortcut files.

Microsoft Windows RCE +16
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 22h2 +10
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Protection mechanism failure in Windows DHCP Server that enables network-based denial-of-service attacks without requiring authentication or user interaction. An attacker can remotely exploit this vulnerability to render DHCP services unavailable, disrupting network connectivity for affected systems. The high CVSS score of 7.5 and network attack vector indicate significant availability impact, though no confidentiality or integrity compromise occurs.

Microsoft Windows Dhcp +6
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Network-accessible denial-of-service vulnerability in Windows DHCP Server caused by a protection mechanism failure (CWE-693), allowing unauthenticated attackers to exhaust server availability without requiring authentication or user interaction. The vulnerability affects Windows DHCP Server implementations across multiple versions and has a CVSS severity of 7.5 (High). While the description does not explicitly reference KEV inclusion, active exploitation status, or EPSS data, the low attack complexity (AC:L) and network accessibility (AV:N) combined with no authentication requirements indicate this represents a credible denial-of-service threat to DHCP infrastructure.

Microsoft Windows Dhcp +6
NVD
EPSS 28% CVSS 7.5
HIGH PATCH Act Now

Windows Local Security Authority Subsystem Service (LSASS) contains an uncontrolled resource consumption vulnerability that allows unauthenticated remote attackers to cause a denial of service. Crashing or degrading LSASS disrupts all authentication and authorization on the affected Windows server, effectively taking the system offline.

Microsoft Authentication Bypass Windows 10 21h2 +15
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Improper access control in Windows Storage Port Driver allows an authorized attacker to disclose information locally.

Microsoft Authentication Bypass Windows 10 1507 +14
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Privilege escalation vulnerability in Windows Recovery Driver caused by improper symlink/hardlink resolution (CWE-59: link following) that allows an authenticated local attacker to elevate privileges to SYSTEM level. The vulnerability requires user interaction and local code execution capability but provides complete system compromise once exploited. With a CVSS score of 7.3 and local attack vector, this poses significant risk to multi-user Windows systems, particularly in enterprise environments where standard users have local access.

Microsoft Windows Privilege Escalation +13
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Microsoft Buffer Overflow Information Disclosure +15
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Microsoft Buffer Overflow Information Disclosure +14
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

CVE-2025-32718 is an integer overflow vulnerability in Windows SMB that allows a locally authenticated attacker to achieve privilege escalation with high impact to confidentiality, integrity, and availability. The vulnerability affects Windows operating systems' SMB implementation and has a CVSS score of 7.8 (High) with low attack complexity, making it a significant local privilege escalation risk for multi-user systems and domain environments.

Microsoft Windows Privilege Escalation +15
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

CVE-2025-32716 is an out-of-bounds read vulnerability in Windows Media that allows an authenticated local attacker to achieve privilege escalation on affected systems. The vulnerability has a CVSS score of 7.8 (high severity) due to its impact on confidentiality, integrity, and availability. Without confirmation of KEV status, active exploitation, or public POC availability from the provided data, the real-world risk assessment requires evaluation against the moderate attack complexity (local access required, authenticated user needed).

Microsoft Windows Privilege Escalation +13
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation vulnerability in Windows Installer caused by improper access control (CWE-284) that allows an authorized local attacker to elevate privileges without user interaction. The vulnerability affects Windows Installer components across multiple Windows versions and has a CVSS score of 7.8 (High severity). Without confirmation of KEV status or active exploitation data, the high CVSS vector (Low attack complexity, Low privileges required) indicates this represents a significant risk to systems where local user accounts exist.

Microsoft Windows Privilege Escalation +15
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Heap-based buffer overflow vulnerability in the Windows Common Log File System (CLFS) Driver that allows local authenticated attackers to achieve privilege escalation with high confidence of exploitation. The vulnerability affects Windows systems with the CLFS driver enabled and requires local access with standard user privileges; successful exploitation grants complete system compromise including code execution at SYSTEM level. While no public POC is confirmed in available intelligence, the straightforward nature of heap overflows and the high CVSS score (7.8) with low attack complexity indicate active research interest and potential for rapid weaponization.

Microsoft Buffer Overflow Windows +16
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free vulnerability in the Windows Win32K graphics subsystem (GRFX component) that allows a locally authenticated attacker to achieve arbitrary code execution and privilege escalation without user interaction. The vulnerability affects Windows systems with affected Win32K versions and carries a CVSS score of 7.8 (high severity). Given the local attack vector requirement and the need for prior authentication, real-world exploitation is constrained to insider threats or attackers who have already achieved initial access; however, the severity of the impact (complete system compromise) makes this a critical priority for patching.

Use After Free Microsoft Windows +16
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Use-after-free vulnerability in Windows Remote Desktop Services (RDS) that allows unauthenticated network attackers to execute arbitrary code with high complexity requirements. The vulnerability affects Windows systems running RDS and represents a critical remote code execution risk; exploitation requires network access but no user interaction, though attack complexity is rated as high. If this CVE has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog, it indicates active exploitation in the wild and should be treated as an immediate priority.

Microsoft Windows Use After Free +8
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Memory management vulnerability in Windows Cryptographic Services where memory is not properly released after its effective lifetime, enabling unauthenticated remote code execution. The vulnerability affects Windows cryptographic components and allows network-based attackers to execute arbitrary code with high complexity requirements. While the CVSS score of 8.1 indicates significant severity, exploitation requires specific conditions (high attack complexity), and current status regarding KEV listing, EPSS score, and public POC availability is unknown pending official Microsoft advisory release.

Microsoft Windows RCE +7
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Microsoft Buffer Overflow Information Disclosure +14
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Microsoft Buffer Overflow Windows Server 2016 +13
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Microsoft Buffer Overflow Information Disclosure +11
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

A security vulnerability in Fortinet FortiClientWindows (CVSS 4.8) that allows an unauthorized attacker. Remediation should follow standard vulnerability management procedures.

Fortinet Authentication Bypass Forticlient +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Multiple vulnerabilities in the update process of Cisco ThousandEyes Endpoint Agent for Windows could allow an authenticated, local attacker to delete arbitrary files on an affected device. These vulnerabilities are due to improper access controls on files that are in the local file system. An attacker could exploit these vulnerabilities by using a symbolic link to perform an agent upgrade that redirects the delete operation of any protected file. A successful exploit could allow the attacker to delete arbitrary files from the file system of the affected device.

Microsoft Path Traversal Cisco +2
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Sensitive information disclosure due to SSRF. The following products are affected: Acronis Cyber Protect 16 (Windows, Linux) before build 39938.

Microsoft Information Disclosure SSRF +1
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Local privilege escalation vulnerability in Acronis Cyber Protect 16 (Windows) caused by insecure folder permissions (CWE-732), allowing authenticated local users to escalate privileges with high confidentiality, integrity, and availability impact. The vulnerability affects Windows installations before build 39938, and while the CVSS score of 7.3 indicates significant risk, exploitation requires local access and user interaction. No public indicators confirm active exploitation in the wild or widespread POC availability at this time.

Microsoft Privilege Escalation Windows
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

CVE-2025-48960 is a security vulnerability (CVSS 5.9). Remediation should follow standard vulnerability management procedures.

Microsoft Apple Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation vulnerability in Razer Synapse 4 (versions through 4.0.86.2502180127) affecting the razer_elevation_service.exe component. An authenticated local attacker can exploit a vulnerable COM interface to escalate from standard user privileges to SYSTEM/administrative level, gaining full control over the affected system. The vulnerability has a CVSS score of 7.8 (high severity) and requires local access but no user interaction, making it a significant risk for multi-user systems and enterprise deployments.

Privilege Escalation Windows Synapse 4
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

Local privilege escalation due to insecure file permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 40077.

Microsoft Privilege Escalation Windows
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A denial of service vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation.

Microsoft Apple Denial Of Service +2
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

A security vulnerability in Jupyter Core (CVSS 7.3) that allows users. High severity vulnerability requiring prompt remediation.

Microsoft Authentication Bypass Jupyter Core +2
NVD GitHub
EPSS 0% CVSS 7.3
HIGH This Week

PC Time Tracer versions prior to 5.2 contain an incorrect default permissions vulnerability (CWE-276) that allows local authenticated attackers to execute arbitrary code with SYSTEM privileges on Windows systems. The vulnerability requires local access and user interaction but provides complete system compromise capability. No KEV/CISA known exploited vulnerability status or public POC availability is confirmed from the provided data, though the CVSS 7.3 score and EPSS analysis should be monitored for exploitation likelihood.

RCE Privilege Escalation Windows
NVD
EPSS 0% CVSS 8.0
HIGH PATCH This Week

Privilege escalation vulnerability in Splunk Universal Forwarder for Windows where incorrect file system permissions are assigned during installation or upgrade, allowing non-administrator users to read and modify sensitive files in the installation directory. This affects versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, and could enable unauthorized access to credentials, configuration files, and system monitoring data. While CVSS 8.0 indicates high severity, real-world exploitation requires local access and user interaction (UI requirement per vector), limiting attack scope.

Splunk Windows Microsoft +3
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when using Q. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft IBM Denial Of Service +2
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft IBM Denial Of Service +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Stack Overflow Buffer Overflow +4
NVD
EPSS 0% CVSS 7.5
HIGH This Month

Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows an authenticated user to gain unauthorized access to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Google Authentication Bypass +6
NVD
EPSS 0% CVSS 3.7
LOW Monitor

A exposure of sensitive system information to an unauthorized control sphere vulnerability in Fortinet FortiClientWindows 7.2.0 through 7.2.1, FortiClientWindows 7.0.13 through 7.0.14 may allow an. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Information Disclosure Fortinet +2
NVD
EPSS 0% CVSS 7.8
HIGH This Month

In Tenable Network Monitor versions prior to 6.5.1 on a Windows host, it was found that a non-administrative user could stage files in a local directory to run arbitrary code with SYSTEM privileges,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft RCE Authentication Bypass +3
NVD
EPSS 0% CVSS 7.0
HIGH This Month

When installing Tenable Network Monitor to a non-default location on a Windows host, Tenable Network Monitor versions prior to 6.5.1 did not enforce secure permissions for sub-directories. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Authentication Bypass Privilege Escalation +2
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Windows permissions for ASPECT configuration toolsets are not fully secured allow-ing exposure of configuration information*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Buffer Overflow +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Month

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Memory Corruption Buffer Overflow +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Month

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Buffer Overflow Sandboxie +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Month

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Buffer Overflow Sandboxie +1
NVD GitHub
EPSS 0% CVSS 4.1
MEDIUM Monitor

Use of GET Request Method With Sensitive Query Strings vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Parameter. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Niagara +2
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Niagara +2
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Improper Handling of Windows ::DATA Alternate Data Stream vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Input Data Manipulation.14.2,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Niagara +2
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation.14.2,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Niagara +2
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis.14.2, before 4.15.1,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Niagara +2
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis.14.2, before 4.15.1,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Niagara +2
NVD
EPSS 0% CVSS 7.7
HIGH This Week

Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Niagara +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Exploiting Incorrectly Configured. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Niagara +2
NVD
EPSS 0% CVSS 3.3
LOW Monitor

GitHub Desktop is an open-source, Electron-based GitHub app designed for git development. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Apple +2
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.1. Rated medium severity (CVSS 5.7). No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.1. Rated medium severity (CVSS 5.9). No vendor patch available.

Microsoft Race Condition Privilege Escalation +1
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in GE Vernova WorkstationST on Windows (EGD Configuration Server modules) allows Path Traversal.10.10C and. Rated medium severity (CVSS 5.9). No vendor patch available.

Microsoft Path Traversal Windows
NVD
EPSS 0% CVSS 7.3
HIGH This Month

Improper Link Resolution Before File Access ('Link Following') vulnerability in QFileSystemEngine in the Qt corelib module on Windows which potentially allows Symlink Attacks and the use of Malicious. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Privilege Escalation +2
NVD
EPSS 0% CVSS 8.2
HIGH This Month

Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
EPSS 0% CVSS 7.0
HIGH POC PATCH This Month

The WebAssembly Micro Runtime's (WAMR) iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface (WASI) and command line interface. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Webassembly Micro Runtime +1
NVD GitHub
EPSS 0% CVSS 3.9
LOW Monitor

Information Exposure vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows. Rated low severity (CVSS 3.9). No vendor patch available.

Microsoft Information Disclosure Windows
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Weak encryption vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows
NVD
EPSS 0% CVSS 8.7
HIGH This Month

XXE vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XXE Microsoft Windows
NVD
EPSS 1% CVSS 9.3
CRITICAL PATCH Act Now

Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager WebDriverManager on Windows, MacOS, Linux (XML parsing components modules) allows Data Serialization. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Microsoft Java +3
NVD GitHub
Prev Page 11 of 18 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy