Skip to main content

Windows

1584 CVEs product

Monthly

CVE-2024-12863 MEDIUM This Month

Stored XSS in Discussions in OpenText Content Management CE 20.2 to 25.1 on Windows and Linux allows authenticated malicious users to inject code into the system. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft XSS Windows
NVD
CVSS 4.0
5.6
EPSS
0.4%
CVE-2024-12862 MEDIUM This Month

Incorrect Authorization vulnerability in the OpenText Content Server REST API on Windows, Linux allows users without the appropriate permissions to remove external collaborators.2-24.4. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft Authentication Bypass Windows
NVD
CVSS 4.0
5.5
EPSS
0.2%
CVE-2025-24914 HIGH This Week

When installing Nessus to a non-default location on a Windows host, Nessus versions prior to 10.8.4 did not enforce secure permissions for sub-directories. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-12530 HIGH This Week

Uncontrolled Search Path Element vulnerability in OpenText Secure Content Manager on Windows allows DLL Side-Loading.4. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows
NVD
CVSS 4.0
7.0
EPSS
0.1%
CVE-2025-43715 HIGH This Week

Nullsoft Scriptable Install System (NSIS) before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an installation, because the temporary plugins directory is created under. Rated high severity (CVSS 8.1), this vulnerability is no authentication required. No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-25230 HIGH This Week

Omnissa Horizon Client for Windows contains an LPE Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-3619 HIGH PATCH This Week

Heap buffer overflow in Codecs in Google Chrome on Windows prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Google Buffer Overflow Heap Overflow Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-32817 MEDIUM This Month

A Improper Link Resolution vulnerability (CWE-59) in the SonicWall Connect Tunnel Windows (32 and 64 bit) client, this results in unauthorized file overwrite, potentially leading to denial of service. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Sonicwall Denial Of Service Windows
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-32780 HIGH This Week

BleachBit cleans files to free disk space and to maintain privacy. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft RCE Windows Suse
NVD GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-0121 MEDIUM This Month

A null pointer dereference vulnerability in the Palo Alto Networks Cortex® XDR agent on Windows devices allows a low-privileged local Windows user to crash the agent. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Null Pointer Dereference Paloalto Denial Of Service Windows
NVD
CVSS 4.0
6.8
EPSS
0.2%
CVE-2025-0120 HIGH This Week

A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Paloalto Privilege Escalation Globalprotect Windows
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-23010 HIGH This Week

An Improper Link Resolution Before File Access ('Link Following') vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to manipulate file paths. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Sonicwall Windows
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-23009 HIGH This Week

A local privilege escalation vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to trigger an arbitrary file deletion. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Sonicwall Windows
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-23008 HIGH This Week

An improper privilege management vulnerability in the SonicWall NetExtender Windows (32 and 64 bit) client allows a low privileged attacker to modify configurations. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Sonicwall Windows
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-0539 MEDIUM This Month

In affected Microsoft Windows versions of Octopus Deploy, the server can be coerced into sending server-side requests that contain authentication material allowing a suitably positioned attacker to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft SSRF Octopus Server Windows
NVD
CVSS 4.0
5.9
EPSS
0.1%
CVE-2025-29824 HIGH POC KEV THREAT CERT-EU Act Now

Windows Common Log File System Driver contains a use-after-free enabling local privilege escalation, exploited in the wild in April 2025. CLFS driver vulnerabilities have become a recurring Windows kernel exploit target.

Use After Free Memory Corruption Microsoft Denial Of Service Windows 10 1507 +15
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2025-29819 MEDIUM This Month

External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose information locally. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Admin Center Windows
NVD
CVSS 3.1
6.2
EPSS
1.3%
CVE-2025-29812 HIGH This Week

Untrusted pointer dereference in Windows Kernel Memory allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 11 22h2 Windows 11 23h2 Windows 11 24h2 +4
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2025-29811 HIGH This Week

Improper input validation in Windows Mobile Broadband allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 11 22h2 Windows 11 23h2 Windows 11 24h2 +3
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2025-29809 HIGH This Week

Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
7.1
EPSS
1.3%
CVE-2025-29808 MEDIUM This Month

Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2022 Windows
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2025-27742 MEDIUM This Month

Out-of-bounds read in Windows NTFS allows an unauthorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2025-27741 HIGH This Week

Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow Windows 10 1507 Windows 10 1607 +6
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2025-27740 HIGH This Week

Weak authentication in Windows Active Directory Certificate Services allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2008 Windows Server 2012 Windows Server 2016 +5
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2025-27739 HIGH This Week

Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +8
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2025-27738 MEDIUM This Month

Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
6.5
EPSS
2.4%
CVE-2025-27737 HIGH This Week

Improper input validation in Windows Security Zone Mapping allows an unauthorized attacker to bypass a security feature locally. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
8.6
EPSS
1.1%
CVE-2025-27736 MEDIUM This Month

Exposure of sensitive information to an unauthorized actor in Windows Power Dependency Coordinator allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1607 Windows 10 1809 Windows 10 21h2 +10
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2025-27735 MEDIUM This Month

Insufficient verification of data authenticity in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
6.0
EPSS
0.5%
CVE-2025-27733 HIGH This Week

Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow Windows 10 1507 Windows 10 1607 +6
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2025-27732 HIGH This Week

Sensitive data storage in improperly locked memory in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2025-27731 HIGH This Week

Improper input validation in OpenSSH for Windows allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure SSH Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2025-27730 HIGH This Week

Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Denial Of Service Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +7
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2025-27729 HIGH This Week

Use after free in Windows Shell allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service Windows 10 21h2 +6
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2025-27728 HIGH This Week

Out-of-bounds read in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow Windows 11 24h2 Windows Server 2025 +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2025-27727 HIGH This Week

Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2025-27492 HIGH This Week

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Information Disclosure Race Condition Windows 11 22h2 Windows 11 23h2 +5
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-27491 HIGH This Week

Use after free in Windows Hyper-V allows an authorized attacker to execute code over a network. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service Windows 10 1507 +13
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2025-27490 HIGH This Week

Heap-based buffer overflow in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Heap Overflow Windows 10 21h2 Windows 10 22h2 +7
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2025-27486 HIGH Act Now

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 33.1% and no vendor patch available.

Microsoft Denial Of Service Windows Server 2012 Windows Server 2016 Windows Server 2019 +3
NVD
CVSS 3.1
7.5
EPSS
33.1%
CVE-2025-27485 HIGH Act Now

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 33.1% and no vendor patch available.

Microsoft Denial Of Service Windows Server 2012 Windows Server 2016 Windows Server 2019 +3
NVD
CVSS 3.1
7.5
EPSS
33.1%
CVE-2025-27484 HIGH This Week

Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-27483 HIGH This Week

Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow Windows 10 1507 Windows 10 1607 +5
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2025-27481 HIGH This Week

Stack-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Stack Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2025-27479 HIGH Act Now

Insufficient resource pool in Windows Kerberos allows an unauthorized attacker to deny service over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 39.5% and no vendor patch available.

Microsoft Authentication Bypass Windows Server 2012 Windows Server 2016 Windows Server 2019 +4
NVD
CVSS 3.1
7.5
EPSS
39.5%
CVE-2025-27478 HIGH This Week

Heap-based buffer overflow in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Buffer Overflow Heap Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2025-27477 HIGH This Week

Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Heap Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2025-27476 HIGH This Week

Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service Windows 10 1809 +9
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2025-27475 HIGH This Week

Sensitive data storage in improperly locked memory in Windows Update Stack allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Information Disclosure Windows 11 22h2 Windows 11 23h2 Windows 11 24h2 +1
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2025-27474 MEDIUM This Month

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2008 Windows Server 2012 Windows Server 2016 +5
NVD
CVSS 3.1
6.5
EPSS
4.1%
CVE-2025-27473 HIGH Act Now

Uncontrolled resource consumption in Windows HTTP.sys allows an unauthorized attacker to deny service over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 42.4% and no vendor patch available.

Microsoft Denial Of Service Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.5
EPSS
42.4%
CVE-2025-27472 MEDIUM This Month

Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows 10 1507 Windows Server 2012 Windows
NVD
CVSS 3.1
5.4
EPSS
3.1%
CVE-2025-27470 HIGH Act Now

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 39.5% and no vendor patch available.

Microsoft Denial Of Service Windows Server 2012 Windows Server 2016 Windows Server 2019 +3
NVD
CVSS 3.1
7.5
EPSS
39.5%
CVE-2025-27469 HIGH Act Now

Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 42.4% and no vendor patch available.

Microsoft Denial Of Service Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.5
EPSS
42.4%
CVE-2025-27467 HIGH This Week

Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service Windows 10 1809 +9
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2025-26687 HIGH This Week

Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service Office +16
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-26686 HIGH This Week

Sensitive data storage in improperly locked memory in Windows TCP/IP allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-26681 MEDIUM This Month

Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7). No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service Windows 10 21h2 +8
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2025-26680 HIGH Act Now

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 42.4% and no vendor patch available.

Microsoft Denial Of Service Windows Server 2012 Windows Server 2016 Windows Server 2019 +3
NVD
CVSS 3.1
7.5
EPSS
42.4%
CVE-2025-26678 HIGH This Week

Improper access control in Windows Defender Application Control (WDAC) allows an unauthorized attacker to bypass a security feature locally. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +8
NVD
CVSS 3.1
8.4
EPSS
0.6%
CVE-2025-26676 MEDIUM This Month

Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Windows Server 2008 Windows Server 2012 Windows Server 2016 +5
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2025-26675 HIGH This Week

Out-of-bounds read in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow Windows 10 21h2 Windows 10 22h2 +7
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2025-26674 HIGH This Week

Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Heap Overflow Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2025-26673 HIGH Act Now

Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 44.1% and no vendor patch available.

Microsoft Denial Of Service Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.5
EPSS
44.1%
CVE-2025-26672 MEDIUM This Month

Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2025-26671 HIGH This Week

Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service Windows Server 2008 +7
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2025-26670 HIGH CERT-EU This Week

Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service Windows 10 1507 +15
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-26669 HIGH This Week

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2025-26668 HIGH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Buffer Overflow Heap Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-26667 MEDIUM This Month

Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2008 Windows Server 2012 Windows Server 2016 +5
NVD
CVSS 3.1
6.5
EPSS
4.7%
CVE-2025-26666 HIGH This Week

Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Heap Overflow Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2025-26665 HIGH This Week

Sensitive data storage in improperly locked memory in Windows upnphost.dll allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2025-26664 MEDIUM This Month

Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Windows Server 2008 Windows Server 2012 Windows Server 2016 +5
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2025-26663 HIGH CERT-EU This Week

Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service Windows 10 1507 +15
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-26652 HIGH Act Now

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 42.4% and no vendor patch available.

Microsoft Denial Of Service Windows Server 2012 Windows Server 2016 Windows Server 2019 +3
NVD
CVSS 3.1
7.5
EPSS
42.4%
CVE-2025-26651 MEDIUM This Month

Exposed dangerous method or function in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 39.8% and no vendor patch available.

Microsoft Information Disclosure Windows 11 22h2 Windows 11 23h2 Windows 11 24h2 +4
NVD
CVSS 3.1
6.5
EPSS
39.8%
CVE-2025-26649 HIGH This Week

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Information Disclosure Race Condition Windows 11 22h2 Windows 11 23h2 +5
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2025-26648 HIGH This Week

Sensitive data storage in improperly locked memory in Windows Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft Information Disclosure Windows 10 1507 +15
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2025-26647 HIGH This Week

Improper input validation in Windows Kerberos allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2008 Windows Server 2012 Windows Server 2016 +5
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2025-26644 MEDIUM This Month

Automated recognition mechanism with inadequate detection or handling of adversarial input perturbations in Windows Hello allows an unauthorized attacker to perform spoofing locally. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Microsoft Authentication Bypass Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +6
NVD
CVSS 3.1
5.1
EPSS
0.3%
CVE-2025-26641 HIGH Act Now

Uncontrolled resource consumption in Windows Cryptographic Services allows an unauthorized attacker to deny service over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 42.4% and no vendor patch available.

Microsoft Denial Of Service Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.5
EPSS
42.4%
CVE-2025-26640 HIGH This Week

Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Denial Of Service Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +7
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2025-26639 HIGH This Week

Integer overflow or wraparound in Windows USB Print Driver allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Heap Overflow Windows 10 21h2 Windows 10 22h2 +7
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2025-26637 MEDIUM This Month

Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 22h2 +10
NVD
CVSS 3.1
6.8
EPSS
1.3%
CVE-2025-26635 MEDIUM This Month

Weak authentication in Windows Hello allows an authorized attacker to bypass a security feature over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +6
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2025-24074 HIGH This Week

Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +8
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2025-24073 HIGH This Week

Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2025-24062 HIGH This Week

Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 21h2 Windows 10 22h2 Windows 11 22h2 +6
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2025-24060 HIGH This Week

Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +8
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2025-24058 HIGH This Week

Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +8
NVD
CVSS 3.1
7.8
EPSS
0.9%
EPSS 0% CVSS 5.6
MEDIUM This Month

Stored XSS in Discussions in OpenText Content Management CE 20.2 to 25.1 on Windows and Linux allows authenticated malicious users to inject code into the system. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft XSS Windows
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Incorrect Authorization vulnerability in the OpenText Content Server REST API on Windows, Linux allows users without the appropriate permissions to remove external collaborators.2-24.4. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft Authentication Bypass Windows
NVD
EPSS 0% CVSS 7.8
HIGH This Week

When installing Nessus to a non-default location on a Windows host, Nessus versions prior to 10.8.4 did not enforce secure permissions for sub-directories. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Uncontrolled Search Path Element vulnerability in OpenText Secure Content Manager on Windows allows DLL Side-Loading.4. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Nullsoft Scriptable Install System (NSIS) before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an installation, because the temporary plugins directory is created under. Rated high severity (CVSS 8.1), this vulnerability is no authentication required. No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Omnissa Horizon Client for Windows contains an LPE Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap buffer overflow in Codecs in Google Chrome on Windows prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Google Buffer Overflow +4
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A Improper Link Resolution vulnerability (CWE-59) in the SonicWall Connect Tunnel Windows (32 and 64 bit) client, this results in unauthorized file overwrite, potentially leading to denial of service. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Sonicwall Denial Of Service +1
NVD
EPSS 0% CVSS 7.3
HIGH This Week

BleachBit cleans files to free disk space and to maintain privacy. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft RCE Windows +1
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM This Month

A null pointer dereference vulnerability in the Palo Alto Networks Cortex® XDR agent on Windows devices allows a low-privileged local Windows user to crash the agent. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Null Pointer Dereference Paloalto +2
NVD
EPSS 0% CVSS 7.1
HIGH This Week

A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Paloalto Privilege Escalation +2
NVD
EPSS 0% CVSS 7.2
HIGH This Week

An Improper Link Resolution Before File Access ('Link Following') vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to manipulate file paths. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Sonicwall +1
NVD
EPSS 0% CVSS 7.2
HIGH This Week

A local privilege escalation vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to trigger an arbitrary file deletion. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Sonicwall +1
NVD
EPSS 0% CVSS 7.2
HIGH This Week

An improper privilege management vulnerability in the SonicWall NetExtender Windows (32 and 64 bit) client allows a low privileged attacker to modify configurations. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Sonicwall +1
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

In affected Microsoft Windows versions of Octopus Deploy, the server can be coerced into sending server-side requests that contain authentication material allowing a suitably positioned attacker to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft SSRF Octopus Server +1
NVD
EPSS 0% CVSS 7.8
HIGH POC KEV THREAT Act Now

Windows Common Log File System Driver contains a use-after-free enabling local privilege escalation, exploited in the wild in April 2025. CLFS driver vulnerabilities have become a recurring Windows kernel exploit target.

Use After Free Memory Corruption Microsoft +17
NVD
EPSS 1% CVSS 6.2
MEDIUM This Month

External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose information locally. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Admin Center +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Untrusted pointer dereference in Windows Kernel Memory allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 11 22h2 +6
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Improper input validation in Windows Mobile Broadband allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 11 22h2 +5
NVD
EPSS 1% CVSS 7.1
HIGH This Week

Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 +13
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2022 +1
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

Out-of-bounds read in Windows NTFS allows an unauthorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow +16
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow +8
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Weak authentication in Windows Active Directory Certificate Services allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2008 +7
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1809 +10
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows 10 1507 +14
NVD
EPSS 1% CVSS 8.6
HIGH This Week

Improper input validation in Windows Security Zone Mapping allows an unauthorized attacker to bypass a security feature locally. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows 10 1507 +15
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

Exposure of sensitive information to an unauthorized actor in Windows Power Dependency Coordinator allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1607 +12
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

Insufficient verification of data authenticity in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows 10 1507 +13
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow +8
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Sensitive data storage in improperly locked memory in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 +15
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Improper input validation in OpenSSH for Windows allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure SSH +11
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Denial Of Service Windows 10 1809 +9
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Use after free in Windows Shell allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft +8
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Out-of-bounds read in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow +3
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 +15
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Information Disclosure Race Condition +7
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Use after free in Windows Hyper-V allows an authorized attacker to execute code over a network. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Use After Free Memory Corruption Microsoft +15
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Heap-based buffer overflow in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Heap Overflow +9
NVD
EPSS 33% CVSS 7.5
HIGH Act Now

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 33.1% and no vendor patch available.

Microsoft Denial Of Service Windows Server 2012 +5
NVD
EPSS 33% CVSS 7.5
HIGH Act Now

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 33.1% and no vendor patch available.

Microsoft Denial Of Service Windows Server 2012 +5
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 +15
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow +7
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Stack-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Stack Overflow +16
NVD
EPSS 39% CVSS 7.5
HIGH Act Now

Insufficient resource pool in Windows Kerberos allows an unauthorized attacker to deny service over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 39.5% and no vendor patch available.

Microsoft Authentication Bypass Windows Server 2012 +6
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Heap-based buffer overflow in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Buffer Overflow Heap Overflow +16
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Heap Overflow +16
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft +11
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Sensitive data storage in improperly locked memory in Windows Update Stack allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Information Disclosure Windows 11 22h2 +3
NVD
EPSS 4% CVSS 6.5
MEDIUM This Month

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2008 +7
NVD
EPSS 42% CVSS 7.5
HIGH Act Now

Uncontrolled resource consumption in Windows HTTP.sys allows an unauthorized attacker to deny service over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 42.4% and no vendor patch available.

Microsoft Denial Of Service Windows 10 1507 +15
NVD
EPSS 3% CVSS 5.4
MEDIUM This Month

Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows 10 1507 +2
NVD
EPSS 39% CVSS 7.5
HIGH Act Now

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 39.5% and no vendor patch available.

Microsoft Denial Of Service Windows Server 2012 +5
NVD
EPSS 42% CVSS 7.5
HIGH Act Now

Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 42.4% and no vendor patch available.

Microsoft Denial Of Service Windows 10 1507 +15
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft +11
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Memory Corruption Microsoft +18
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Sensitive data storage in improperly locked memory in Windows TCP/IP allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 +15
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7). No vendor patch available.

Use After Free Memory Corruption Microsoft +10
NVD
EPSS 42% CVSS 7.5
HIGH Act Now

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 42.4% and no vendor patch available.

Microsoft Denial Of Service Windows Server 2012 +5
NVD
EPSS 1% CVSS 8.4
HIGH This Week

Improper access control in Windows Defender Application Control (WDAC) allows an unauthorized attacker to bypass a security feature locally. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows 10 1809 +10
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Windows Server 2008 +7
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Out-of-bounds read in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow +9
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Heap Overflow +11
NVD
EPSS 44% CVSS 7.5
HIGH Act Now

Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 44.1% and no vendor patch available.

Microsoft Denial Of Service Windows 10 1507 +15
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Windows 10 1507 +15
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Memory Corruption Microsoft +9
NVD
EPSS 1% CVSS 8.1
HIGH This Week

Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Memory Corruption Microsoft +17
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow +16
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Buffer Overflow Heap Overflow +16
NVD
EPSS 5% CVSS 6.5
MEDIUM This Month

Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2008 +7
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Heap Overflow +11
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Sensitive data storage in improperly locked memory in Windows upnphost.dll allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 +15
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Windows Server 2008 +7
NVD
EPSS 1% CVSS 8.1
HIGH This Week

Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Memory Corruption Microsoft +17
NVD
EPSS 42% CVSS 7.5
HIGH Act Now

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 42.4% and no vendor patch available.

Microsoft Denial Of Service Windows Server 2012 +5
NVD
EPSS 40% CVSS 6.5
MEDIUM This Month

Exposed dangerous method or function in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 39.8% and no vendor patch available.

Microsoft Information Disclosure Windows 11 22h2 +6
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Information Disclosure Race Condition +7
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Sensitive data storage in improperly locked memory in Windows Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft +17
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Improper input validation in Windows Kerberos allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2008 +7
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

Automated recognition mechanism with inadequate detection or handling of adversarial input perturbations in Windows Hello allows an unauthorized attacker to perform spoofing locally. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Microsoft Authentication Bypass Windows 10 1809 +8
NVD
EPSS 42% CVSS 7.5
HIGH Act Now

Uncontrolled resource consumption in Windows Cryptographic Services allows an unauthorized attacker to deny service over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 42.4% and no vendor patch available.

Microsoft Denial Of Service Windows 10 1507 +15
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Denial Of Service Windows 10 1809 +9
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Integer overflow or wraparound in Windows USB Print Driver allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Heap Overflow +9
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows 10 1507 +12
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Weak authentication in Windows Hello allows an authorized attacker to bypass a security feature over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows 10 1809 +8
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1809 +10
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 +13
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 21h2 +8
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1809 +10
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1809 +10
NVD
Prev Page 13 of 18 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy