Windows

Improper link resolution before file access ('link following') in Microsoft Windows allows an authorized attacker to elevate privileges locally. [CVSS 7.1 HIGH]

Null pointer dereference in Windows Kernel Memory allows an authorized attacker to deny service locally. [CVSS 4.4 MEDIUM]

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network. [CVSS 6.5 MEDIUM]

Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally. [CVSS 7.3 HIGH]

A heap-based buffer overflow in the Windows NTFS driver allows unauthenticated local code execution, providing kernel-level access when a user mounts a crafted NTFS filesystem image. This KEV-listed vulnerability (CVE-2025-24993) targets the most widely used Windows filesystem, making it a significant threat through malicious USB drives, VHD files, or network shares.

Buffer over-read in Windows NTFS allows an unauthorized attacker to disclose information locally. [CVSS 5.5 MEDIUM]

Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally. [CVSS 5.5 MEDIUM] [CISA KEV - actively exploited]

Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack. [CVSS 6.6 MEDIUM]

Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack. [CVSS 6.6 MEDIUM]

An integer overflow in the Windows Fast FAT Driver allows unauthenticated local code execution through crafted FAT filesystem images. KEV-listed with public PoC, this vulnerability (CVE-2025-24985) can be triggered by mounting a malicious USB drive or VHD file, making it a potent vector for physical access attacks and social engineering scenarios.

Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack. [CVSS 4.6 MEDIUM] [CISA KEV - actively exploited]

A use-after-free vulnerability in the Windows Win32 Kernel Subsystem enables local privilege escalation from authorized user to SYSTEM level. This KEV-listed vulnerability (CVE-2025-24983) requires the attacker to win a race condition but has been actively exploited in targeted attacks. Microsoft has released patches for all supported Windows versions.

Untrusted pointer dereference in Windows Subsystem for Linux allows an unauthorized attacker to execute code locally. [CVSS 8.4 HIGH]

Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally. [CVSS 7.3 HIGH]

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. [CVSS 6.5 MEDIUM]

Heap-based buffer overflow in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally. [CVSS 7.8 HIGH]

Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature locally. [CVSS 7.8 HIGH]

Incorrect conversion between numeric types in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. [CVSS 7.8 HIGH]

Heap-based buffer overflow in Windows Telephony Server allows an unauthorized attacker to execute code over a network. [CVSS 8.8 HIGH]

Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to disclose information with a physical attack. [CVSS 4.3 MEDIUM]

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network. [CVSS 6.5 MEDIUM] [CISA KEV - actively exploited]

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. [CVSS 8.8 HIGH]

Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally. [CVSS 7.8 HIGH]

Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally. [CVSS 7.8 HIGH]

Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. [CVSS 8.1 HIGH]

Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally. [CVSS 7.8 HIGH]

Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. [CVSS 8.1 HIGH]

Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. [CVSS 4.3 MEDIUM]

Heap-based buffer overflow in Windows exFAT File System allows an unauthorized attacker to execute code locally. [CVSS 7.8 HIGH]

Crypt::Random Perl package 1.05 through 1.55 may use rand() function, which is not cryptographically strong, for cryptographic functions. [CVSS 8.8 HIGH]

CWE-282 "Improper Ownership Management" in GE Vernova EnerVista UR Setup allows Authentication Bypass. The software's startup authentication can be disabled by altering a Windows registry setting that any user can modify. [CVSS 8.0 HIGH]

A vulnerability was discovered in the Arctera InfoScale 7.0 through 8.0.2 where a .NET remoting endpoint can be exploited due to the insecure deserialization of potentially untrusted messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

The pairing API request handler in Microsoft HoloLens 1 (Windows Holographic) through 10.0.17763.3046 and HoloLens 2 (Windows Holographic) through 10.0.22621.1244 allows remote attackers to cause a. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Incorrect access permission of a specific folder issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Incorrect access permission of a specific service issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

A vulnerability in the interprocess communication (IPC) channel of Cisco Secure Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Carbon Black Cloud Windows Sensor, prior to 4.0.3, may be susceptible to an Information Leak vulnerability, which s a type of issue whereby sensitive information may b exposed due to a vulnerability. Rated low severity (CVSS 2.5). No vendor patch available.

Insufficiently Protected Credentials vulnerability in OpenText Identity Manager Advanced Edition on Windows, Linux, 64 bit allows Privilege Abuse. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Improper Limitation of a Pathname to a Restricted Directory in DevTools in Google Chrome on Windows prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Improper verification of the digital signature in ksojscore.dll in Kingsoft WPS Office in versions equal or less than 12.1.0.18276 on Windows allows an attacker to load an arbitrary Windows library. Rated critical severity (CVSS 9.3), this vulnerability is low attack complexity. No vendor patch available.

There is an improper access control issue in ArcGIS Server versions 11.3 and below on Windows and Linux which, under unique circumstances, could allow a remote, low‑privileged authenticated attacker. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

A vulnerability was found in Blizzard Battle.Net up to 2.39.0.15212 on Windows and classified as critical. Rated high severity (CVSS 7.3). No vendor patch available.

GeoVision ASManager Windows desktop application with the version 6.1.2.0 or less (fixed in 6.2.0), is vulnerable to credentials disclosure due to improper memory handling in the ASManagerService.exe. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

There is a SQL injection issue in Esri ArcGIS Monitor versions 2023.0 through 2024.x on Windows and Linux that allows a remote, authenticated attacker with low privileges to improperly read limited. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM objects under certain circumstances where. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Improper Input Validation vulnerability in The Document Foundation LibreOffice allows Windows Executable hyperlink targets to be executed unconditionally on activation.8 before < 24.8.5. Rated high severity (CVSS 7.2), this vulnerability is no authentication required. No vendor patch available.

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the cuobjdump binary, where a user could cause a crash by passing a malformed ELF file to cuobjdump. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity. No vendor patch available.

NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the cuobjdump binary, where a user could cause a crash by passing a malformed ELF file to cuobjdump. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity. No vendor patch available.

NVIDIA CUDA toolkit for Windows contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

LocalSend is a free, open-source app that allows users to securely share files and messages with nearby devices over their local network without needing an internet connection. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Via the GUI of the "bestinformed Infoclient", a low-privileged user is by default able to change the server address of the "bestinformed Server" to which this client connects. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file locations are writable meaning other users can create invalid files to cause. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

g. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

trail data and the other acting as server managing client request) that could cause a loss of Confidentiality, Integrity and Availability of engineering workstation when an attacker with standard. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Uncontrolled search path for the Intel(R) RealSense D400 Series Universal Windows Platform (UWP) Driver for Windows(R) 10 all versions may allow an authenticated user to potentially enable escalation. Rated medium severity (CVSS 5.4). No vendor patch available.

Use after free in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before version 23.80 may allow an unauthenticated user to potentially enable denial of service via. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Stack-based buffer overflow in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before version 23.80 may allow an unauthenticated user to potentially enable denial of. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required. No vendor patch available.

Race condition in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before version 23.80 may allow an unauthenticated user to potentially enable denial of service via. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required. No vendor patch available.

Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before version 23.80 may allow an unauthenticated user to potentially enable denial of service. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required. No vendor patch available.

Uncontrolled search path for the Intel(R) XTU software for Windows before version 7.14.2.14 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Uncontrolled search path for the FPGA Support Package for the Intel(R) oneAPI DPC++/C++ Compiler software for Windows before version 2024.2 may allow an authenticated user to potentially enable. Rated medium severity (CVSS 5.4). No vendor patch available.

NULL pointer dereference in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before version 23.80 may allow an unauthenticated user to potentially enable denial of service. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Race condition in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before version 23.80 may allow an authenticated user to potentially enable denial of service via local. Rated medium severity (CVSS 5.7). No vendor patch available.

Incorrect default permissions for some Intel(R) DSA installer for Windows before version 24.2.19.5 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Uncontrolled search path for some Intel(R) MPI Library for Windows software before version 2021.13 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

CrowdStrike uses industry-standard TLS (transport layer security) to secure communications from the Falcon sensor to the CrowdStrike cloud. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

go-crypto-winnative Go crypto backend for Windows using Cryptography API: Next Generation (CNG). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Improper input validation in AMD Crash Defender could allow an attacker to provide the Windows® system process ID to a kernel-mode driver, resulting in an operating system crash, potentially leading. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Windows Disk Cleanup Tool Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Epss exploitation probability 37.8%.

Windows Setup Files Cleanup Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Windows Ancillary Function Driver for WinSock contains a heap-based buffer overflow enabling local privilege escalation to SYSTEM, exploited in the wild in February 2025.

Windows Core Messaging Elevation of Privileges Vulnerability. Rated high severity (CVSS 7.0).

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Windows Storage contains an elevation of privilege vulnerability through symlink following that allows authorized attackers to delete targeted files, enabling privilege escalation.

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Windows Installer Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Windows Kernel Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Windows Core Messaging Elevation of Privileges Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Windows Active Directory Domain Services API Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Windows Kerberos Denial of Service Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Windows Remote Desktop Configuration Service Tampering Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Windows Deployment Services Denial of Service Vulnerability. Rated medium severity (CVSS 6.0).