Skip to main content

Windows

1584 CVEs product

Monthly

CVE-2025-0135 MEDIUM This Month

An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Paloalto Google Microsoft +5
NVD
CVSS 4.0
5.2
EPSS
0.2%
CVE-2025-0131 HIGH This Month

An incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Paloalto Privilege Escalation Windows
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2025-46785 MEDIUM This Month

Buffer over-read in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Denial Of Service Meeting Software Development Kit Rooms +4
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-30667 MEDIUM This Month

NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Null Pointer Dereference Denial Of Service Meeting Software Development Kit Rooms +5
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-30666 MEDIUM This Month

NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Null Pointer Dereference Denial Of Service Meeting Software Development Kit Rooms +4
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-30665 MEDIUM This Month

NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Null Pointer Dereference Denial Of Service Meeting Software Development Kit Rooms +4
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-20618 HIGH This Week

Stack-based buffer overflow for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow a privileged user to potentially enable denial of service via local access. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Intel Buffer Overflow Denial Of Service Microsoft +2
NVD
CVSS 4.0
8.3
EPSS
0.1%
CVE-2025-20108 MEDIUM This Month

Uncontrolled search path element for some Intel(R) Network Adapter Driver installers for Windows 11 before version 29.4 may allow an authenticated user to potentially enable escalation of privilege. Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Intel Privilege Escalation Windows
NVD
CVSS 4.0
5.4
EPSS
0.1%
CVE-2025-20062 HIGH This Week

Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Use After Free Memory Corruption Intel Denial Of Service Microsoft +2
NVD
CVSS 4.0
7.0
EPSS
0.1%
CVE-2025-20046 HIGH This Week

Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Rated high severity (CVSS 7.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Intel Denial Of Service Microsoft +2
NVD
CVSS 4.0
7.2
EPSS
0.1%
CVE-2025-20039 MEDIUM This Month

Race condition for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Intel Race Condition Denial Of Service Proset Wireless Wifi +1
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-20032 HIGH This Week

Improper input validation for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow a privileged user to potentially enable denial of service via local access. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Intel Denial Of Service Proset Wireless Wifi Windows
NVD
CVSS 4.0
8.3
EPSS
0.1%
CVE-2025-20026 HIGH This Week

Out-of-bounds read for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Intel Buffer Overflow Denial Of Service Microsoft +2
NVD
CVSS 4.0
7.0
EPSS
0.1%
CVE-2025-20006 HIGH This Week

Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Intel Denial Of Service Microsoft +2
NVD
CVSS 4.0
8.3
EPSS
0.1%
CVE-2024-45333 MEDIUM This Month

Improper access control for some Intel(R) Data Center GPU Flex Series for Windows driver before version 31.0.101.4314 may allow an authenticated user to potentially enable denial of service via local. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Intel Authentication Bypass Denial Of Service Windows
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-43101 MEDIUM This Month

Improper access control for some Intel(R) Data Center GPU Flex Series for Windows driver software before version 31.0.101.4255 may allow an authenticated user to potentially enable denial of service. Rated medium severity (CVSS 5.8). No vendor patch available.

Microsoft Intel Authentication Bypass Denial Of Service Windows
NVD
CVSS 4.0
5.8
EPSS
0.0%
CVE-2024-36292 HIGH This Week

Improper buffer restrictions for some Intel(R) Data Center GPU Flex Series for Windows driver before version 31.0.101.4314 may allow an authenticated user to potentially enable denial of service via. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Intel Buffer Overflow Denial Of Service Windows
NVD
CVSS 4.0
8.2
EPSS
0.1%
CVE-2025-4660 HIGH This Month

A remote code execution vulnerability exists in the Windows agent component of SecureConnector due to improper access controls on a named pipe. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft RCE Privilege Escalation Secureconnector Windows
NVD
CVSS 4.0
8.7
EPSS
1.5%
CVE-2025-32709 HIGH KEV THREAT Act Now

Windows Ancillary Function Driver for WinSock contains a use-after-free enabling local privilege escalation through a null pointer dereference, exploited in May 2025.

Use After Free Memory Corruption Microsoft Denial Of Service Windows 10 1507 +15
NVD VulDB
CVSS 3.1
7.8
EPSS
1.0%
CVE-2025-32707 HIGH This Week

Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow Windows 10 1507 Windows 10 1607 +6
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2025-32706 HIGH POC KEV THREAT Act Now

Windows CLFS Driver contains an input validation flaw enabling local privilege escalation, yet another CLFS kernel vulnerability in the May 2025 Patch Tuesday.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2025-32701 HIGH KEV THREAT Act Now

Windows Common Log File System Driver contains another use-after-free for local privilege escalation, the latest in a series of CLFS kernel vulnerabilities exploited throughout 2023-2025.

Use After Free Memory Corruption Microsoft Denial Of Service Windows 10 1507 +15
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2025-30400 HIGH KEV THREAT Act Now

Windows Desktop Window Manager (DWM) contains a use-after-free enabling local privilege escalation, exploited in the wild in May 2025 as another DWM zero-day.

Use After Free Memory Corruption Microsoft Denial Of Service Windows 10 1809 +10
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2025-30388 HIGH This Month

Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Heap Overflow Office Office Long Term Servicing Channel +16
NVD VulDB
CVSS 3.1
7.8
EPSS
0.8%
CVE-2025-30385 HIGH This Month

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service Windows 10 1607 +14
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2025-29974 MEDIUM This Month

Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose information over an adjacent network. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
5.7
EPSS
1.1%
CVE-2025-29969 HIGH This Week

Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-29966 HIGH This Month

Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Heap Overflow Remote Desktop Windows App +16
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2025-29964 HIGH This Month

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Heap Overflow Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2025-29963 HIGH This Month

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Heap Overflow Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2025-29962 HIGH This Week

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Heap Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2025-29961 MEDIUM This Month

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2025-29960 MEDIUM This Month

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2025-29959 MEDIUM This Month

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
6.5
EPSS
5.1%
CVE-2025-29958 MEDIUM This Month

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
6.5
EPSS
5.1%
CVE-2025-29957 MEDIUM This Month

Uncontrolled resource consumption in Windows Deployment Services allows an unauthorized attacker to deny service locally. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Denial Of Service Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
6.2
EPSS
1.2%
CVE-2025-29956 MEDIUM This Month

Buffer over-read in Windows SMB allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft Buffer Overflow Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2025-29955 MEDIUM This Month

Improper input validation in Windows Hyper-V allows an unauthorized attacker to deny service locally. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows 11 24h2 Windows Server 2022 23h2 Windows Server 2025 +1
NVD
CVSS 3.1
6.2
EPSS
1.1%
CVE-2025-29954 MEDIUM This Month

Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Denial Of Service Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2025-29840 HIGH This Week

Stack-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Stack Overflow Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2025-29839 MEDIUM This Month

Out-of-bounds read in Windows File Server allows an unauthorized attacker to disclose information locally. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
4.0
EPSS
0.8%
CVE-2025-29838 HIGH This Week

Null pointer dereference in Windows Drivers allows an unauthorized attacker to elevate privileges locally. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Microsoft Null Pointer Dereference Denial Of Service Windows 11 24h2 Windows Server 2025 +1
NVD
CVSS 3.1
7.4
EPSS
0.3%
CVE-2025-29837 MEDIUM This Month

Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2025-29836 MEDIUM This Month

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2025-29835 MEDIUM This Month

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2025-29833 HIGH This Week

Time-of-check time-of-use (toctou) race condition in Windows Virtual Machine Bus allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.7), this vulnerability is no authentication required. No vendor patch available.

Microsoft Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
7.7
EPSS
0.3%
CVE-2025-29832 MEDIUM This Month

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2025-29830 MEDIUM This Month

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
6.5
EPSS
3.8%
CVE-2025-29829 MEDIUM This Month

Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2025-27488 MEDIUM This Month

Use of hard-coded credentials in Windows Hardware Lab Kit allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows Hardware Lab Kit Windows
NVD
CVSS 3.1
6.7
EPSS
0.8%
CVE-2025-27468 HIGH This Month

Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Privilege Escalation Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2025-24063 HIGH This Week

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Heap Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2025-35471 HIGH POC PATCH This Month

conda-forge openssl-feedstock before 066e83c (2024-05-20), on Microsoft Windows, configures OpenSSL to use an OPENSSLDIR file path that can be written to by non-privilged local users. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. Public exploit code available.

Microsoft OpenSSL RCE Miniforge Openssl Feedstock +1
NVD GitHub
CVSS 4.0
7.0
EPSS
0.1%
CVE-2025-43005 MEDIUM This Month

SAP GUI for Windows allows an unauthenticated attacker to exploit insecure obfuscation algorithms used by the GuiXT application to store user credentials. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure SAP Windows
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-4540 HIGH POC This Month

A vulnerability was found in MTSoftware C-Lodop 6.6.1.1 on Windows. Rated high severity (CVSS 7.3). Public exploit code available and no vendor patch available.

Microsoft Information Disclosure C Lodop Windows
NVD VulDB
CVSS 4.0
7.3
EPSS
0.1%
CVE-2025-4525 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Discord 1.0.9188 on Windows. Rated high severity (CVSS 7.3). Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Discord Windows
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
0.1%
CVE-2024-9524 HIGH This Week

Link Following Local Privilege Escalation Vulnerability in System Speedup Service in Avira Operations GmbH Avira Prime Version 1.1.96.2 on Windows 10 x64 allows local attackers to escalate privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft RCE Privilege Escalation Windows
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-13962 HIGH This Week

Link Following Local Privilege Escalation Vulnerability in TuneupSvc in Gen Digital Inc. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft RCE Privilege Escalation Windows
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-13961 HIGH This Month

Link Following Local Privilege Escalation Vulnerability in TuneupSvc in Avast Cleanup Premium Version 24.2.16593.17810 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft RCE Privilege Escalation Windows
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-13960 HIGH This Month

Link Following Local Privilege Escalation Vulnerability in TuneUp Service in AVG TuneUp Version 23.4 (build 15592) on Windows 10 allows local attackers to escalate privileges and execute arbitrary. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft RCE Privilege Escalation Windows
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-13959 HIGH This Month

Link Following Local Privilege Escalation Vulnerability in TuneupSvc.exe in AVG TuneUp 24.2.16593.9844 on Windows allows local attackers to escalate privileges and execute arbitrary code in the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft RCE Privilege Escalation Windows
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-13944 HIGH This Month

Link Following Local Privilege Escalation Vulnerability in NortonUtilitiesSvc in Norton Utilities Ultimate Version 24.2.16862.6344 on Windows 10 Pro x64 allows local attackers to escalate privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft RCE Privilege Escalation Windows
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-13759 HIGH This Month

Local Privilege Escalation in Avira.Spotlight.Service.exe in Avira Prime 1.1.96.2 on Windows 10 x64 allows local attackers to gain system-level privileges via arbitrary file deletion. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-26169 HIGH This Week

IXON VPN Client before 1.4.4 on Windows allows Local Privilege Escalation to SYSTEM because there is code execution from a configuration file that can be controlled by a low-privileged user. Rated high severity (CVSS 8.1), this vulnerability is no authentication required. No vendor patch available.

Microsoft RCE Privilege Escalation Windows
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-46735 Go LOW Monitor

Terraform WinDNS Provider allows users to manage their Windows DNS server resources through Terraform. Rated low severity (CVSS 1.1), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Command Injection Hashicorp Windows
NVD GitHub
CVSS 4.0
1.1
EPSS
0.3%
CVE-2025-1493 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service due to concurrent execution of shared resources. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft IBM Race Condition Denial Of Service Db2 +1
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-1000 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when connecting to a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft IBM Denial Of Service Db2 Windows
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-0915 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 under specific configurations could allow an authenticated user to cause a denial of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft IBM Denial Of Service Db2 Windows
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-46335 PyPI HIGH POC PATCH This Week

Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Microsoft Google XSS Apple Mobile Security Framework +3
NVD GitHub
CVSS 4.0
8.6
EPSS
0.2%
CVE-2025-1992 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user in federation environment, to cause a denial of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft IBM Denial Of Service Db2 Windows
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-52903 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows 12.1.0 and 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft IBM Denial Of Service Db2 Windows
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-4178 MEDIUM POC This Month

A vulnerability was found in xiaowei1118 java_server up to 11a5bac8f4ba1c17e4bc1b27cad6d24868500e3a on Windows and classified as critical.java of the component File Upload API. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Path Traversal File Upload Java Java Server +1
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-23246 MEDIUM This Month

NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows a guest to consume uncontrolled resources. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Nvidia Denial Of Service Windows
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-23245 MEDIUM This Month

NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows a guest to access global resources. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Nvidia Denial Of Service Windows
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37750 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in decryption with multichannel After commit f7025d861694 ("smb: client: allocate crypto only for primary. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Microsoft +4
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-46619 HIGH This Week

A security issue has been discovered in Couchbase Server before 7.6.4 and fixed in v.7.6.4 and v.7.2.7 for Windows that could allow unauthorized access to sensitive files. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Couchbase Server Windows
NVD
CVSS 3.1
7.6
EPSS
0.5%
CVE-2025-3599 MEDIUM This Month

Symantec Endpoint Protection Windows Agent, running an ERASER Engine prior to 119.1.7.8, may be susceptible to an Elevation of Privilege vulnerability, which may allow an attacker to delete resources. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Symantec Eraser Engine Windows
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-3224 HIGH This Week

A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. Rated high severity (CVSS 7.3). No vendor patch available.

Microsoft Docker Privilege Escalation Desktop Windows
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-42598 HIGH This Week

Multiple SEIKO EPSON printer drivers for Windows OS are configured with an improper access permission settings when installed or used in a language other than English. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Privilege Escalation Windows
NVD
CVSS 4.0
8.4
EPSS
0.1%
CVE-2025-31144 MEDIUM This Month

Quick Agent V3 and Quick Agent V2 contain an issue with improper restriction of communication channel to intended endpoints. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-26692 CRITICAL Act Now

Quick Agent V3 and Quick Agent V2 contain an issue with improper limitation of a pathname to a restricted directory ('Path Traversal'). Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Path Traversal Windows
NVD
CVSS 4.0
9.2
EPSS
0.6%
CVE-2025-3928 HIGH KEV THREAT Act Now

Commvault Web Server allows authenticated remote attackers to create and execute webshells, exploited in the wild alongside CVE-2025-34028 for comprehensive backup infrastructure compromise.

Microsoft Information Disclosure Commvault Windows
NVD
CVSS 4.0
8.7
EPSS
16.6%
CVE-2025-43858 NuGet CRITICAL PATCH Act Now

YoutubeDLSharp is a wrapper for the command-line video downloaders youtube-dl and yt-dlp. Rated critical severity (CVSS 9.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Command Injection Windows
NVD GitHub
CVSS 3.1
9.2
EPSS
0.2%
CVE-2025-30409 MEDIUM This Month

Denial of service due to allocation of resources without limits. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Denial Of Service Windows
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2025-30408 MEDIUM This Month

Local privilege escalation due to insecure folder permissions. Rated medium severity (CVSS 6.7). No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
CVSS 3.0
6.7
EPSS
0.0%
CVE-2025-23253 LOW Monitor

NVIDIA NvContainer service for Windows contains a vulnerability in its usage of OpenSSL, where an attacker could exploit a hard-coded constant issue by copying a malicious DLL in a hard-coded path. Rated low severity (CVSS 2.5), this vulnerability is no authentication required. No vendor patch available.

OpenSSL Information Disclosure Nvidia RCE Denial Of Service +2
NVD
CVSS 3.1
2.5
EPSS
0.1%
CVE-2024-40445 HIGH This Week

A directory traversal vulnerability in forkosh Mime TeX before version 1.77 allows attackers on Windows systems to read or append arbitrary files by manipulating crafted input paths. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Command Injection Path Traversal Mimetex Windows
NVD GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2024-57394 HIGH POC This Week

The quarantine - restore function in Qi-ANXIN Tianqing Endpoint Security Management System v10.0 allows user to restore a malicious file to an arbitrary file path. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Privilege Escalation Tianqing Endpoint Security Management System Windows
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-43922 HIGH This Week

The FileWave Windows client before 16.0.0, in some non-default configurations, allows an unprivileged local user to escalate privileges to SYSTEM. Rated high severity (CVSS 8.1), this vulnerability is no authentication required. No vendor patch available.

Microsoft Authentication Bypass Windows
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2024-12543 MEDIUM This Month

User Enumeration and Data Integrity in Barcode functionality in OpenText Content Management versions 24.3-25.1on Windows and Linux allows a malicous authenticated attacker to potentially alter. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft Information Disclosure Windows
NVD
CVSS 4.0
5.9
EPSS
0.2%
EPSS 0% CVSS 5.2
MEDIUM This Month

An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Paloalto +7
NVD
EPSS 0% CVSS 7.1
HIGH This Month

An incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Paloalto Privilege Escalation +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Buffer over-read in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Denial Of Service +6
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Null Pointer Dereference Denial Of Service +7
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Null Pointer Dereference Denial Of Service +6
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Null Pointer Dereference Denial Of Service +6
NVD
EPSS 0% CVSS 8.3
HIGH This Week

Stack-based buffer overflow for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow a privileged user to potentially enable denial of service via local access. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Intel Buffer Overflow +4
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Uncontrolled search path element for some Intel(R) Network Adapter Driver installers for Windows 11 before version 29.4 may allow an authenticated user to potentially enable escalation of privilege. Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Intel Privilege Escalation +1
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Use After Free Memory Corruption Intel +4
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Rated high severity (CVSS 7.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Intel +4
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Race condition for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Intel Race Condition +3
NVD
EPSS 0% CVSS 8.3
HIGH This Week

Improper input validation for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow a privileged user to potentially enable denial of service via local access. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Intel Denial Of Service +2
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Out-of-bounds read for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Intel Buffer Overflow +4
NVD
EPSS 0% CVSS 8.3
HIGH This Week

Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Intel +4
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Improper access control for some Intel(R) Data Center GPU Flex Series for Windows driver before version 31.0.101.4314 may allow an authenticated user to potentially enable denial of service via local. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Intel Authentication Bypass +2
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

Improper access control for some Intel(R) Data Center GPU Flex Series for Windows driver software before version 31.0.101.4255 may allow an authenticated user to potentially enable denial of service. Rated medium severity (CVSS 5.8). No vendor patch available.

Microsoft Intel Authentication Bypass +2
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Improper buffer restrictions for some Intel(R) Data Center GPU Flex Series for Windows driver before version 31.0.101.4314 may allow an authenticated user to potentially enable denial of service via. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Intel Buffer Overflow +2
NVD
EPSS 2% CVSS 8.7
HIGH This Month

A remote code execution vulnerability exists in the Windows agent component of SecureConnector due to improper access controls on a named pipe. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft RCE Privilege Escalation +2
NVD
EPSS 1% CVSS 7.8
HIGH KEV THREAT Act Now

Windows Ancillary Function Driver for WinSock contains a use-after-free enabling local privilege escalation through a null pointer dereference, exploited in May 2025.

Use After Free Memory Corruption Microsoft +17
NVD VulDB
EPSS 1% CVSS 7.8
HIGH This Week

Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow +8
NVD
EPSS 1% CVSS 7.8
HIGH POC KEV THREAT Act Now

Windows CLFS Driver contains an input validation flaw enabling local privilege escalation, yet another CLFS kernel vulnerability in the May 2025 Patch Tuesday.

Microsoft Information Disclosure Windows 10 1507 +15
NVD
EPSS 2% CVSS 7.8
HIGH KEV THREAT Act Now

Windows Common Log File System Driver contains another use-after-free for local privilege escalation, the latest in a series of CLFS kernel vulnerabilities exploited throughout 2023-2025.

Use After Free Memory Corruption Microsoft +17
NVD
EPSS 1% CVSS 7.8
HIGH KEV THREAT Act Now

Windows Desktop Window Manager (DWM) contains a use-after-free enabling local privilege escalation, exploited in the wild in May 2025 as another DWM zero-day.

Use After Free Memory Corruption Microsoft +12
NVD
EPSS 1% CVSS 7.8
HIGH This Month

Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Heap Overflow +18
NVD VulDB
EPSS 1% CVSS 7.8
HIGH This Month

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft +16
NVD
EPSS 1% CVSS 5.7
MEDIUM This Month

Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose information over an adjacent network. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow +16
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 +15
NVD
EPSS 2% CVSS 8.8
HIGH This Month

Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Heap Overflow +18
NVD
EPSS 1% CVSS 8.8
HIGH This Month

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Heap Overflow +11
NVD
EPSS 1% CVSS 8.8
HIGH This Month

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Heap Overflow +11
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Heap Overflow +16
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow +16
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow +16
NVD
EPSS 5% CVSS 6.5
MEDIUM This Month

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 +15
NVD
EPSS 5% CVSS 6.5
MEDIUM This Month

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 +15
NVD
EPSS 1% CVSS 6.2
MEDIUM This Month

Uncontrolled resource consumption in Windows Deployment Services allows an unauthorized attacker to deny service locally. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Denial Of Service Windows 10 1507 +15
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Buffer over-read in Windows SMB allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft Buffer Overflow Windows 10 1507 +15
NVD
EPSS 1% CVSS 6.2
MEDIUM This Month

Improper input validation in Windows Hyper-V allows an unauthorized attacker to deny service locally. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows 11 24h2 +3
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Denial Of Service Windows 10 1507 +13
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Stack-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Stack Overflow +12
NVD
EPSS 1% CVSS 4.0
MEDIUM This Month

Out-of-bounds read in Windows File Server allows an unauthorized attacker to disclose information locally. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow +16
NVD
EPSS 0% CVSS 7.4
HIGH This Week

Null pointer dereference in Windows Drivers allows an unauthorized attacker to elevate privileges locally. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Microsoft Null Pointer Dereference Denial Of Service +3
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 +15
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow +16
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow +16
NVD
EPSS 0% CVSS 7.7
HIGH This Week

Time-of-check time-of-use (toctou) race condition in Windows Virtual Machine Bus allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.7), this vulnerability is no authentication required. No vendor patch available.

Microsoft Authentication Bypass Windows 10 1507 +14
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow +16
NVD
EPSS 4% CVSS 6.5
MEDIUM This Month

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 +15
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 +13
NVD
EPSS 1% CVSS 6.7
MEDIUM This Month

Use of hard-coded credentials in Windows Hardware Lab Kit allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows Hardware Lab Kit +1
NVD
EPSS 0% CVSS 7.0
HIGH This Month

Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Privilege Escalation Windows 10 1507 +14
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Heap Overflow +16
NVD
EPSS 0% CVSS 7.0
HIGH POC PATCH This Month

conda-forge openssl-feedstock before 066e83c (2024-05-20), on Microsoft Windows, configures OpenSSL to use an OPENSSLDIR file path that can be written to by non-privilged local users. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. Public exploit code available.

Microsoft OpenSSL RCE +3
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

SAP GUI for Windows allows an unauthenticated attacker to exploit insecure obfuscation algorithms used by the GuiXT application to store user credentials. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure SAP +1
NVD
EPSS 0% CVSS 7.3
HIGH POC This Month

A vulnerability was found in MTSoftware C-Lodop 6.6.1.1 on Windows. Rated high severity (CVSS 7.3). Public exploit code available and no vendor patch available.

Microsoft Information Disclosure C Lodop +1
NVD VulDB
EPSS 0% CVSS 7.3
HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Discord 1.0.9188 on Windows. Rated high severity (CVSS 7.3). Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Discord +1
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Link Following Local Privilege Escalation Vulnerability in System Speedup Service in Avira Operations GmbH Avira Prime Version 1.1.96.2 on Windows 10 x64 allows local attackers to escalate privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft RCE Privilege Escalation +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Link Following Local Privilege Escalation Vulnerability in TuneupSvc in Gen Digital Inc. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft RCE Privilege Escalation +1
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Link Following Local Privilege Escalation Vulnerability in TuneupSvc in Avast Cleanup Premium Version 24.2.16593.17810 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft RCE Privilege Escalation +1
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Link Following Local Privilege Escalation Vulnerability in TuneUp Service in AVG TuneUp Version 23.4 (build 15592) on Windows 10 allows local attackers to escalate privileges and execute arbitrary. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft RCE Privilege Escalation +1
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Link Following Local Privilege Escalation Vulnerability in TuneupSvc.exe in AVG TuneUp 24.2.16593.9844 on Windows allows local attackers to escalate privileges and execute arbitrary code in the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft RCE Privilege Escalation +1
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Link Following Local Privilege Escalation Vulnerability in NortonUtilitiesSvc in Norton Utilities Ultimate Version 24.2.16862.6344 on Windows 10 Pro x64 allows local attackers to escalate privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft RCE Privilege Escalation +1
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Local Privilege Escalation in Avira.Spotlight.Service.exe in Avira Prime 1.1.96.2 on Windows 10 x64 allows local attackers to gain system-level privileges via arbitrary file deletion. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
EPSS 0% CVSS 8.1
HIGH This Week

IXON VPN Client before 1.4.4 on Windows allows Local Privilege Escalation to SYSTEM because there is code execution from a configuration file that can be controlled by a low-privileged user. Rated high severity (CVSS 8.1), this vulnerability is no authentication required. No vendor patch available.

Microsoft RCE Privilege Escalation +1
NVD
EPSS 0% CVSS 1.1
LOW Monitor

Terraform WinDNS Provider allows users to manage their Windows DNS server resources through Terraform. Rated low severity (CVSS 1.1), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Command Injection Hashicorp +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service due to concurrent execution of shared resources. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft IBM Race Condition +3
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when connecting to a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft IBM Denial Of Service +2
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 under specific configurations could allow an authenticated user to cause a denial of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft IBM Denial Of Service +2
NVD
EPSS 0% CVSS 8.6
HIGH POC PATCH This Week

Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Microsoft Google XSS +5
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user in federation environment, to cause a denial of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft IBM Denial Of Service +2
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows 12.1.0 and 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft IBM Denial Of Service +2
NVD
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in xiaowei1118 java_server up to 11a5bac8f4ba1c17e4bc1b27cad6d24868500e3a on Windows and classified as critical.java of the component File Upload API. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Path Traversal File Upload +3
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows a guest to consume uncontrolled resources. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Nvidia Denial Of Service +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows a guest to access global resources. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Nvidia Denial Of Service +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in decryption with multichannel After commit f7025d861694 ("smb: client: allocate crypto only for primary. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +6
NVD
EPSS 0% CVSS 7.6
HIGH This Week

A security issue has been discovered in Couchbase Server before 7.6.4 and fixed in v.7.6.4 and v.7.2.7 for Windows that could allow unauthorized access to sensitive files. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Couchbase Server +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Symantec Endpoint Protection Windows Agent, running an ERASER Engine prior to 119.1.7.8, may be susceptible to an Elevation of Privilege vulnerability, which may allow an attacker to delete resources. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Symantec Eraser Engine +1
NVD
EPSS 0% CVSS 7.3
HIGH This Week

A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. Rated high severity (CVSS 7.3). No vendor patch available.

Microsoft Docker Privilege Escalation +2
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Multiple SEIKO EPSON printer drivers for Windows OS are configured with an improper access permission settings when installed or used in a language other than English. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Privilege Escalation +1
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Quick Agent V3 and Quick Agent V2 contain an issue with improper restriction of communication channel to intended endpoints. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows
NVD
EPSS 1% CVSS 9.2
CRITICAL Act Now

Quick Agent V3 and Quick Agent V2 contain an issue with improper limitation of a pathname to a restricted directory ('Path Traversal'). Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Path Traversal +1
NVD
EPSS 17% CVSS 8.7
HIGH KEV THREAT Act Now

Commvault Web Server allows authenticated remote attackers to create and execute webshells, exploited in the wild alongside CVE-2025-34028 for comprehensive backup infrastructure compromise.

Microsoft Information Disclosure Commvault +1
NVD
EPSS 0% CVSS 9.2
CRITICAL PATCH Act Now

YoutubeDLSharp is a wrapper for the command-line video downloaders youtube-dl and yt-dlp. Rated critical severity (CVSS 9.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Command Injection Windows
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

Denial of service due to allocation of resources without limits. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Denial Of Service Windows
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Local privilege escalation due to insecure folder permissions. Rated medium severity (CVSS 6.7). No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
EPSS 0% CVSS 2.5
LOW Monitor

NVIDIA NvContainer service for Windows contains a vulnerability in its usage of OpenSSL, where an attacker could exploit a hard-coded constant issue by copying a malicious DLL in a hard-coded path. Rated low severity (CVSS 2.5), this vulnerability is no authentication required. No vendor patch available.

OpenSSL Information Disclosure Nvidia +4
NVD
EPSS 0% CVSS 7.3
HIGH This Week

A directory traversal vulnerability in forkosh Mime TeX before version 1.77 allows attackers on Windows systems to read or append arbitrary files by manipulating crafted input paths. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Command Injection Path Traversal +2
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

The quarantine - restore function in Qi-ANXIN Tianqing Endpoint Security Management System v10.0 allows user to restore a malicious file to an arbitrary file path. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Privilege Escalation Tianqing Endpoint Security Management System +1
NVD GitHub
EPSS 0% CVSS 8.1
HIGH This Week

The FileWave Windows client before 16.0.0, in some non-default configurations, allows an unprivileged local user to escalate privileges to SYSTEM. Rated high severity (CVSS 8.1), this vulnerability is no authentication required. No vendor patch available.

Microsoft Authentication Bypass Windows
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

User Enumeration and Data Integrity in Barcode functionality in OpenText Content Management versions 24.3-25.1on Windows and Linux allows a malicous authenticated attacker to potentially alter. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft Information Disclosure Windows
NVD
Prev Page 12 of 18 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy