Skip to main content

Windows

1584 CVEs product

Monthly

CVE-2025-23355 MEDIUM This Month

NVIDIA Nsight Graphics for Windows contains a vulnerability in an ngfx component, where an attacker could cause a DLL highjacking attack. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and denial of service.

Denial Of Service RCE Nsight Graphics Windows
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-23297 HIGH This Week

NVIDIA Installer for NvAPP for Windows contains a vulnerability in the FrameviewSDK installation process, where an attacker with local unprivileged access could modify files in the Frameview SDK directory. A successful exploit of this vulnerability might lead to escalation of privileges.

Privilege Escalation Windows
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-11233 MEDIUM PATCH This Month

Starting from Rust 1.87.0 and before Rust 1.89.0, the tier 3 Cygwin target (`x86_64-pc-cygwin`) didn't correctly handle path separators, causing the standard library's Path API to ignore path components separated by backslashes. Due to this, programs compiled for Cygwin that validate paths could misbehave, potentially allowing path traversal attacks or malicious filesystem operations. Rust 1.89.0 fixes the issue by handling both Win32 and Unix style paths in the standard library for the Cygwin target. While we assess the severity of this vulnerability as "medium", please note that the tier 3 Cygwin compilation target is only available when building it from source: no pre-built binaries are distributed by the Rust project, and it cannot be installed through Rustup. Unless you manually compiled the `x86_64-pc-cygwin` target you are not affected by this vulnerability. Users of the tier 1 MinGW target (`x86_64-pc-windows-gnu`) are also explicitly not affected.

Path Traversal Ubuntu Debian Red Hat Suse +1
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.2%
CVE-2025-41421 MEDIUM PATCH This Month

Improper handling of symbolic links in the TeamViewer Full Client and Host for Windows - in versions prior to 15.70 of TeamViewer Remote and Tensor - allows an attacker with local, unprivileged access to a device lacking adequate malware protection to escalate privileges by spoofing the update file path. This may result in unauthorized access to sensitive information.

Authentication Bypass Windows
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-34235 CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (Windows client deployments) contain a registry key that can be. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft Privilege Escalation Virtual Appliance Application Virtual Appliance Host +1
NVD
CVSS 4.0
9.5
EPSS
0.3%
CVE-2025-34196 CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application prior to 25.1.1413 (Windows client deployments) contain a hardcoded private key for the. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft Virtual Appliance Application Virtual Appliance Host Windows
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-41246 HIGH This Month

VMware Tools for Windows contains an improper authorisation vulnerability due to the way it handles user access controls. Rated high severity (CVSS 7.6). No vendor patch available.

Authentication Bypass Microsoft VMware Windows
NVD
CVSS 3.1
7.6
EPSS
0.0%
CVE-2025-59938 MEDIUM POC This Week

Wazuh is a free and open source platform used for threat prevention, detection, and response. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Microsoft Wazuh Windows
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-59844 HIGH This Month

SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Microsoft Windows
NVD GitHub
CVSS 4.0
7.7
EPSS
0.2%
CVE-2025-9267 HIGH This Week

In Seagate Toolkit on Windows a vulnerability exists in the Toolkit Installer prior to versions 2.35.0.6 where it attempts to load DLLs from the current working directory without validating their. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Windows
NVD GitHub
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-54081 MEDIUM POC PATCH This Month

Sunshine is a self-hosted game stream host for Moonlight. Rated medium severity (CVSS 6.7). Public exploit code available.

Microsoft Information Disclosure Sunshine Windows
NVD GitHub
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-9844 HIGH This Month

Uncontrolled Search Path Element vulnerability in Salesforce Salesforce CLI on Windows allows Replace Trusted Executable.106.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-36064 MEDIUM This Month

IBM Sterling Connect:Express for Microsoft Windows 3.1.0.0 through 3.1.0.22 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Microsoft Information Disclosure Sterling Connect Windows
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-9038 HIGH This Week

Improper Privilege Management vulnerability in GE Vernova S1 Agile Configuration Software on Windows allows Privilege Escalation.1 and previous version. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
CVSS 4.0
7.5
EPSS
0.0%
CVE-2025-34195 HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application prior to 20.0.1330 (Windows client deployments) contain a remote code execution vulnerability. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Microsoft Privilege Escalation Virtual Appliance Application +2
NVD
CVSS 4.0
8.6
EPSS
0.5%
CVE-2025-34194 HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413 (Windows client deployments) contain an insecure temporary-file. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Privilege Escalation Virtual Appliance Application Virtual Appliance Host Windows
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-34193 HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413 include Windows client components. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python RCE Microsoft Privilege Escalation Virtual Appliance Application +2
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-59220 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 21h2 Windows 10 22h2 +7
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-53947 MEDIUM This Month

A local attacker with low privileges on the Windows system where the software is installed can exploit this vulnerability to corrupt sensitive data. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Information Disclosure Windows
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-23336 MEDIUM Monitor

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause a denial of service by loading a misconfigured model. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Nvidia Microsoft Triton Inference Server Windows
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2025-23329 HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause memory corruption by identifying and accessing the shared memory region used by the Python. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nvidia Buffer Overflow Microsoft Authentication Bypass +3
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-23328 HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an out-of-bounds write through a specially crafted input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia Memory Corruption Buffer Overflow Microsoft Denial Of Service +2
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-23316 CRITICAL This Week

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause a remote code execution by manipulating the model name parameter in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Denial Of Service Nvidia RCE Microsoft +4
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-59457 HIGH This Month

In JetBrains TeamCity before 2025.07.2 missing Git URL validation allowed credential leakage on Windows. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Teamcity Windows
NVD
CVSS 3.1
7.7
EPSS
0.0%
CVE-2025-9818 MEDIUM This Month

A vulnerability (CWE-428) has been identified in the Uninterruptible Power Supply (UPS) management application provided by OMRON SOCIAL SOLUTIONS Co., Ltd., where the executable file paths of Windows. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-59307 HIGH This Month

RAID Manager provided by Century Corporation registers a Windows service with an unquoted file path. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Windows
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2025-57625 HIGH This Month

CYRISMA Sensor before 444 for Windows has an Insecure Folder and File Permissions vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Microsoft Privilege Escalation Windows
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-59050 HIGH POC PATCH This Week

Greenshot is an open source Windows screenshot utility. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Deserialization Microsoft Greenshot Windows
NVD GitHub
CVSS 3.1
8.4
EPSS
0.3%
CVE-2025-30075 LOW Monitor

In Alludo MindManager before 25.0.208 on Windows, attackers could potentially execute code as other local users on the same machine if they could write DLL files to directories within victims' DLL. Rated low severity (CVSS 2.2). No vendor patch available.

Microsoft Information Disclosure Windows
NVD
CVSS 3.1
2.2
EPSS
0.0%
CVE-2025-10491 HIGH This Month

The MongoDB Windows installation MSI may leave ACLs unset on custom installation directories allowing a local attacker to introduce executable code to MongoDB's process via DLL hijacking.0 version. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2022-50257 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: xen/gntdev: Prevent leaking grants Prior to this commit, if a grant mapping operation failed partially, some of the entries in the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Microsoft Linux Linux Kernel Windows +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-3025 HIGH This Month

Elevation of Privileges in the cleaning feature of Gen Digital CCleaner version 6.33.11465 on Windows allows a local user to gain SYSTEM privileges via exploiting insecure file delete operations. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Path Traversal Information Disclosure Windows
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-4235 HIGH This Month

An information exposure vulnerability in the Palo Alto Networks User-ID Credential Agent (Windows-based) can expose the service account password under specific non-default configurations. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Microsoft Information Disclosure Windows
NVD
CVSS 4.0
7.2
EPSS
0.0%
CVE-2025-27233 MEDIUM This Month

Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. Rated medium severity (CVSS 5.7). No vendor patch available.

Command Injection Microsoft Windows
NVD
CVSS 4.0
5.7
EPSS
0.0%
CVE-2025-8061 HIGH This Month

A potential insufficient access control vulnerability was reported in the Lenovo Dispatcher 3.0 and Dispatcher 3.1 drivers used by some Lenovo consumer notebooks that could allow an authenticated. Rated high severity (CVSS 7.3). No vendor patch available.

Lenovo Microsoft Information Disclosure Windows
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-10231 HIGH This Month

An Incorrect File Handling Permission bug exists on the N-central Windows Agent and Probe that, in the right circumstances, can allow a local low-level user to run commands with elevated permissions. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Privilege Escalation N Central Windows
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-10227 MEDIUM This Month

Missing Encryption of Sensitive Data (CWE-311) in the Object Archive component in AxxonSoft Axxon One (C-Werk) before 2.0.8 on Windows and Linux allows a local attacker with access to exported. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Axxon One Windows
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-10226 CRITICAL This Week

Dependency on Vulnerable Third-Party Component (CWE-1395) in the PostgreSQL backend in AxxonSoft Axxon One (C-Werk) 2.0.8 and earlier on Windows and Linux allows a remote attacker to escalate. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PostgreSQL Microsoft RCE Axxon One Windows
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2025-10225 HIGH This Month

Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) in the OpenSSL-based session module in AxxonSoft Axxon One (C-Werk) 2.0.6 and earlier on Windows allows a remote. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Buffer Overflow Microsoft Axxon One Windows
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2025-10224 MEDIUM This Month

Improper Authentication (CWE-287) in the LDAP authentication engine in AxxonSoft Axxon One (C-Werk) 2.0.2 and earlier on Windows allows a remote authenticated user to be denied access or misassigned. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Axxon One Windows
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-10223 MEDIUM This Month

Insufficient Session Expiration (CWE-613) in the Web Admin Panel in AxxonSoft Axxon One (C-Werk) prior to 2.0.3 on Windows allows a local or remote authenticated attacker to retain access with. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Axxon One Windows
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-10222 MEDIUM Monitor

Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) in the diagnostic dump component in AxxonSoft Axxon One VMS (C-Werk) 2.0.0 through 2.0.1 on Windows allows a local attacker to. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Axxon One Windows
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-10221 MEDIUM This Month

Insertion of Sensitive Information into Log File (CWE-532) in the ARP Agent component in AxxonSoft Axxon One / AxxonNet / C-WerkNet 2.0.4 and earlier on Windows platforms allows a local attacker to. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Axxon One Windows
NVD
CVSS 4.0
6.7
EPSS
0.0%
CVE-2025-10220 CRITICAL This Week

Use of Unmaintained Third Party Components (CWE-1104) in the NuGet dependency components in AxxonSoft Axxon One VMS 2.0.0 through 2.0.4 on Windows allows a remote attacker to execute arbitrary code. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Google Microsoft Axxon One Windows
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2025-40979 HIGH This Month

DLL search order hijacking vulnerability in the wave.exe executable for Windows 11, version 1.27.8. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Windows
NVD
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-10215 HIGH This Month

DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a FREngine.dll file of their. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Updf Windows
NVD
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-10214 HIGH This Month

DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a FREngine.dll file of their. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Updf Windows
NVD
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-10213 HIGH This Month

DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a dxtn.dll file of their choice. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Updf Windows
NVD
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-59042 PyPI HIGH PATCH This Week

PyInstaller bundles a Python application and all its dependencies into a single package. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

Code Injection RCE Microsoft Python Privilege Escalation +2
NVD GitHub
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-58135 MEDIUM This Month

Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosure of information via network access. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Information Disclosure Meeting Software Development Kit Rooms Rooms Controller +3
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-58134 MEDIUM Monitor

Incorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated user to conduct an impact to integrity via network access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Meeting Software Development Kit Rooms Rooms Controller +3
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-49459 HIGH This Month

Missing authorization in the installer for Zoom Workplace for Windows on ARM before version 6.5.0 may allow an authenticated user to conduct an escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Privilege Escalation Windows
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-43491 HIGH This Month

A vulnerability in the Poly Lens Desktop application running on the Windows platform might allow modifications to the filesystem, which might lead to SYSTEM level privileges being granted. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Poly Lens Desktop Windows
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-10199 HIGH This Month

A local privilege escalation vulnerability exists in Sunshine for Windows (version v2025.122.141614 and likely prior versions) due to an unquoted service path. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Sunshine Windows
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-10198 HIGH This Month

Sunshine for Windows, version v2025.122.141614, contains a DLL search-order hijacking vulnerability, allowing attackers to insert a malicious DLL in user-writeable PATH directories. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Sunshine Windows
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-55228 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally. Rated high severity (CVSS 7.8). No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 21h2 Windows 10 22h2 +7
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-55225 MEDIUM This Month

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure Windows Server 2008 Windows Server 2012 +6
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-55224 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally. Rated high severity (CVSS 7.8). No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-54919 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally. Rated high severity (CVSS 7.5). No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-54918 HIGH This Month

Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-54917 MEDIUM Monitor

Protection mechanism failure in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-54916 HIGH This Month

Stack-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Stack Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54915 MEDIUM This Month

Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2025-54913 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows UI XAML Maps MapControlSettings allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8). No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 1507 Windows 10 1607 +12
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-54912 HIGH This Month

Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54911 HIGH This Month

Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-54895 HIGH This Month

Integer overflow or wraparound in Windows SPNEGO Extended Negotiation allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8). No vendor patch available.

Buffer Overflow Microsoft Integer Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54116 HIGH This Week

Improper access control in Windows MultiPoint Services allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-54115 HIGH This Week

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-54114 HIGH This Week

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 1607 Windows 10 21h2 +9
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-54113 HIGH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Windows Server 2008 Windows Server 2012 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-54111 HIGH This Week

Use after free in Windows UI XAML Phone DatePickerFlyout allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8). No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54110 HIGH This Week

Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Integer Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-54109 MEDIUM This Month

Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2025-54107 MEDIUM Monitor

Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-54106 HIGH This Month

Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Integer Overflow Windows Server 2012 Windows Server 2016 +5
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-54104 MEDIUM This Month

Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2025-54103 HIGH This Month

Use after free in Windows Management Services allows an unauthorized attacker to elevate privileges locally. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 21h2 +7
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2025-54102 HIGH This Month

Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1607 +12
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54101 MEDIUM Monitor

Use after free in Windows SMBv3 Client allows an authorized attacker to execute code over a network. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +12
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2025-54099 HIGH This Week

Stack-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Buffer Overflow Microsoft Stack Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-54098 HIGH This Week

Improper access control in Windows Hyper-V allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54097 MEDIUM This Month

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure Windows Server 2008 Windows Server 2012 +6
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-54096 MEDIUM This Month

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure Windows Server 2008 Windows Server 2012 +6
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-54095 MEDIUM This Month

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure Windows Server 2008 Windows Server 2012 +6
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-54094 MEDIUM This Month

Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2025-54093 HIGH This Week

Time-of-check time-of-use (toctou) race condition in Windows TCP/IP allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-54092 HIGH This Week

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54091 HIGH This Week

Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53810 MEDIUM This Month

Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.7
EPSS
0.3%
EPSS 0% CVSS 6.7
MEDIUM This Month

NVIDIA Nsight Graphics for Windows contains a vulnerability in an ngfx component, where an attacker could cause a DLL highjacking attack. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and denial of service.

Denial Of Service RCE Nsight Graphics +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

NVIDIA Installer for NvAPP for Windows contains a vulnerability in the FrameviewSDK installation process, where an attacker with local unprivileged access could modify files in the Frameview SDK directory. A successful exploit of this vulnerability might lead to escalation of privileges.

Privilege Escalation Windows
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Starting from Rust 1.87.0 and before Rust 1.89.0, the tier 3 Cygwin target (`x86_64-pc-cygwin`) didn't correctly handle path separators, causing the standard library's Path API to ignore path components separated by backslashes. Due to this, programs compiled for Cygwin that validate paths could misbehave, potentially allowing path traversal attacks or malicious filesystem operations. Rust 1.89.0 fixes the issue by handling both Win32 and Unix style paths in the standard library for the Cygwin target. While we assess the severity of this vulnerability as "medium", please note that the tier 3 Cygwin compilation target is only available when building it from source: no pre-built binaries are distributed by the Rust project, and it cannot be installed through Rustup. Unless you manually compiled the `x86_64-pc-cygwin` target you are not affected by this vulnerability. Users of the tier 1 MinGW target (`x86_64-pc-windows-gnu`) are also explicitly not affected.

Path Traversal Ubuntu Debian +3
NVD GitHub VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Improper handling of symbolic links in the TeamViewer Full Client and Host for Windows - in versions prior to 15.70 of TeamViewer Remote and Tensor - allows an attacker with local, unprivileged access to a device lacking adequate malware protection to escalate privileges by spoofing the update file path. This may result in unauthorized access to sensitive information.

Authentication Bypass Windows
NVD
EPSS 0% CVSS 9.5
CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (Windows client deployments) contain a registry key that can be. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft Privilege Escalation +3
NVD
EPSS 0% CVSS 9.3
CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application prior to 25.1.1413 (Windows client deployments) contain a hardcoded private key for the. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft Virtual Appliance Application +2
NVD
EPSS 0% CVSS 7.6
HIGH This Month

VMware Tools for Windows contains an improper authorisation vulnerability due to the way it handles user access controls. Rated high severity (CVSS 7.6). No vendor patch available.

Authentication Bypass Microsoft VMware +1
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Week

Wazuh is a free and open source platform used for threat prevention, detection, and response. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Microsoft +2
NVD GitHub
EPSS 0% CVSS 7.7
HIGH This Month

SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Microsoft Windows
NVD GitHub
EPSS 0% CVSS 7.0
HIGH This Week

In Seagate Toolkit on Windows a vulnerability exists in the Toolkit Installer prior to versions 2.35.0.6 where it attempts to load DLLs from the current working directory without validating their. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Windows
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM POC PATCH This Month

Sunshine is a self-hosted game stream host for Moonlight. Rated medium severity (CVSS 6.7). Public exploit code available.

Microsoft Information Disclosure Sunshine +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Month

Uncontrolled Search Path Element vulnerability in Salesforce Salesforce CLI on Windows allows Replace Trusted Executable.106.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM Sterling Connect:Express for Microsoft Windows 3.1.0.0 through 3.1.0.22 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Microsoft Information Disclosure +2
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Improper Privilege Management vulnerability in GE Vernova S1 Agile Configuration Software on Windows allows Privilege Escalation.1 and previous version. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
EPSS 0% CVSS 8.6
HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application prior to 20.0.1330 (Windows client deployments) contain a remote code execution vulnerability. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Microsoft +4
NVD
EPSS 0% CVSS 8.5
HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413 (Windows client deployments) contain an insecure temporary-file. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Privilege Escalation Virtual Appliance Application +2
NVD
EPSS 0% CVSS 7.1
HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413 include Windows client components. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python RCE Microsoft +4
NVD
EPSS 0% CVSS 7.0
HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Microsoft Race Condition +9
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

A local attacker with low privileges on the Windows system where the software is installed can exploit this vulnerability to corrupt sensitive data. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Information Disclosure +1
NVD
EPSS 0% CVSS 4.4
MEDIUM Monitor

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause a denial of service by loading a misconfigured model. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Nvidia Microsoft +2
NVD
EPSS 0% CVSS 7.5
HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause memory corruption by identifying and accessing the shared memory region used by the Python. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nvidia Buffer Overflow +5
NVD
EPSS 0% CVSS 7.5
HIGH This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an out-of-bounds write through a specially crafted input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia Memory Corruption Buffer Overflow +4
NVD
EPSS 0% CVSS 9.8
CRITICAL This Week

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause a remote code execution by manipulating the model name parameter in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Denial Of Service Nvidia +6
NVD
EPSS 0% CVSS 7.7
HIGH This Month

In JetBrains TeamCity before 2025.07.2 missing Git URL validation allowed credential leakage on Windows. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Teamcity +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability (CWE-428) has been identified in the Uninterruptible Power Supply (UPS) management application provided by OMRON SOCIAL SOLUTIONS Co., Ltd., where the executable file paths of Windows. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows
NVD
EPSS 0% CVSS 8.4
HIGH This Month

RAID Manager provided by Century Corporation registers a Windows service with an unquoted file path. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Windows
NVD
EPSS 0% CVSS 8.8
HIGH This Month

CYRISMA Sensor before 444 for Windows has an Insecure Folder and File Permissions vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Microsoft Privilege Escalation +1
NVD
EPSS 0% CVSS 8.4
HIGH POC PATCH This Week

Greenshot is an open source Windows screenshot utility. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Deserialization Microsoft +2
NVD GitHub
EPSS 0% CVSS 2.2
LOW Monitor

In Alludo MindManager before 25.0.208 on Windows, attackers could potentially execute code as other local users on the same machine if they could write DLL files to directories within victims' DLL. Rated low severity (CVSS 2.2). No vendor patch available.

Microsoft Information Disclosure Windows
NVD
EPSS 0% CVSS 7.8
HIGH This Month

The MongoDB Windows installation MSI may leave ACLs unset on custom installation directories allowing a local attacker to introduce executable code to MongoDB's process via DLL hijacking.0 version. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: xen/gntdev: Prevent leaking grants Prior to this commit, if a grant mapping operation failed partially, some of the entries in the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Microsoft Linux +4
NVD
EPSS 0% CVSS 7.3
HIGH This Month

Elevation of Privileges in the cleaning feature of Gen Digital CCleaner version 6.33.11465 on Windows allows a local user to gain SYSTEM privileges via exploiting insecure file delete operations. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Path Traversal Information Disclosure +1
NVD
EPSS 0% CVSS 7.2
HIGH This Month

An information exposure vulnerability in the Palo Alto Networks User-ID Credential Agent (Windows-based) can expose the service account password under specific non-default configurations. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Microsoft Information Disclosure +1
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. Rated medium severity (CVSS 5.7). No vendor patch available.

Command Injection Microsoft Windows
NVD
EPSS 0% CVSS 7.3
HIGH This Month

A potential insufficient access control vulnerability was reported in the Lenovo Dispatcher 3.0 and Dispatcher 3.1 drivers used by some Lenovo consumer notebooks that could allow an authenticated. Rated high severity (CVSS 7.3). No vendor patch available.

Lenovo Microsoft Information Disclosure +1
NVD
EPSS 0% CVSS 7.0
HIGH This Month

An Incorrect File Handling Permission bug exists on the N-central Windows Agent and Probe that, in the right circumstances, can allow a local low-level user to run commands with elevated permissions. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Privilege Escalation N Central +1
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

Missing Encryption of Sensitive Data (CWE-311) in the Object Archive component in AxxonSoft Axxon One (C-Werk) before 2.0.8 on Windows and Linux allows a local attacker with access to exported. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Axxon One +1
NVD
EPSS 0% CVSS 9.3
CRITICAL This Week

Dependency on Vulnerable Third-Party Component (CWE-1395) in the PostgreSQL backend in AxxonSoft Axxon One (C-Werk) 2.0.8 and earlier on Windows and Linux allows a remote attacker to escalate. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PostgreSQL Microsoft RCE +2
NVD
EPSS 0% CVSS 8.7
HIGH This Month

Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) in the OpenSSL-based session module in AxxonSoft Axxon One (C-Werk) 2.0.6 and earlier on Windows allows a remote. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Buffer Overflow Microsoft +2
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Improper Authentication (CWE-287) in the LDAP authentication engine in AxxonSoft Axxon One (C-Werk) 2.0.2 and earlier on Windows allows a remote authenticated user to be denied access or misassigned. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Axxon One +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Insufficient Session Expiration (CWE-613) in the Web Admin Panel in AxxonSoft Axxon One (C-Werk) prior to 2.0.3 on Windows allows a local or remote authenticated attacker to retain access with. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Axxon One +1
NVD
EPSS 0% CVSS 4.8
MEDIUM Monitor

Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) in the diagnostic dump component in AxxonSoft Axxon One VMS (C-Werk) 2.0.0 through 2.0.1 on Windows allows a local attacker to. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Axxon One +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Insertion of Sensitive Information into Log File (CWE-532) in the ARP Agent component in AxxonSoft Axxon One / AxxonNet / C-WerkNet 2.0.4 and earlier on Windows platforms allows a local attacker to. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Axxon One +1
NVD
EPSS 0% CVSS 9.3
CRITICAL This Week

Use of Unmaintained Third Party Components (CWE-1104) in the NuGet dependency components in AxxonSoft Axxon One VMS 2.0.0 through 2.0.4 on Windows allows a remote attacker to execute arbitrary code. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Google Microsoft +2
NVD
EPSS 0% CVSS 7.0
HIGH This Month

DLL search order hijacking vulnerability in the wave.exe executable for Windows 11, version 1.27.8. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Windows
NVD
EPSS 0% CVSS 7.0
HIGH This Month

DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a FREngine.dll file of their. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Updf +1
NVD
EPSS 0% CVSS 7.0
HIGH This Month

DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a FREngine.dll file of their. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Updf +1
NVD
EPSS 0% CVSS 7.0
HIGH This Month

DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a dxtn.dll file of their choice. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Updf +1
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

PyInstaller bundles a Python application and all its dependencies into a single package. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

Code Injection RCE Microsoft +4
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosure of information via network access. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Information Disclosure Meeting Software Development Kit +5
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

Incorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated user to conduct an impact to integrity via network access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Meeting Software Development Kit +5
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Missing authorization in the installer for Zoom Workplace for Windows on ARM before version 6.5.0 may allow an authenticated user to conduct an escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Privilege Escalation +1
NVD
EPSS 0% CVSS 7.3
HIGH This Month

A vulnerability in the Poly Lens Desktop application running on the Windows platform might allow modifications to the filesystem, which might lead to SYSTEM level privileges being granted. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Poly Lens Desktop +1
NVD
EPSS 0% CVSS 7.8
HIGH This Month

A local privilege escalation vulnerability exists in Sunshine for Windows (version v2025.122.141614 and likely prior versions) due to an unquoted service path. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Sunshine +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Month

Sunshine for Windows, version v2025.122.141614, contains a DLL search-order hijacking vulnerability, allowing attackers to insert a malicious DLL in user-writeable PATH directories. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Sunshine +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally. Rated high severity (CVSS 7.8). No vendor patch available.

Information Disclosure Microsoft Race Condition +9
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure +8
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally. Rated high severity (CVSS 7.8). No vendor patch available.

Information Disclosure Microsoft Race Condition +11
NVD
EPSS 0% CVSS 7.5
HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally. Rated high severity (CVSS 7.5). No vendor patch available.

Information Disclosure Microsoft Race Condition +11
NVD
EPSS 0% CVSS 8.8
HIGH This Month

Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 +15
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

Protection mechanism failure in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 +15
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Stack-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Stack Overflow +16
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure +16
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows UI XAML Maps MapControlSettings allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8). No vendor patch available.

Information Disclosure Microsoft Race Condition +14
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +17
NVD
EPSS 0% CVSS 7.3
HIGH This Month

Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +17
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Integer overflow or wraparound in Windows SPNEGO Extended Negotiation allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8). No vendor patch available.

Buffer Overflow Microsoft Integer Overflow +16
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Improper access control in Windows MultiPoint Services allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 +13
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Microsoft Race Condition +11
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Microsoft Race Condition +11
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft +8
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Use after free in Windows UI XAML Phone DatePickerFlyout allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8). No vendor patch available.

Memory Corruption Denial Of Service Use After Free +15
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Integer Overflow +16
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure +16
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 +15
NVD
EPSS 0% CVSS 8.8
HIGH This Month

Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Integer Overflow +7
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure +16
NVD
EPSS 0% CVSS 7.4
HIGH This Month

Use after free in Windows Management Services allows an unauthorized attacker to elevate privileges locally. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +9
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +14
NVD
EPSS 0% CVSS 4.8
MEDIUM Monitor

Use after free in Windows SMBv3 Client allows an authorized attacker to execute code over a network. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +14
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Stack-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Buffer Overflow Microsoft Stack Overflow +16
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Improper access control in Windows Hyper-V allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 +15
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure +8
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure +8
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure +8
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure +16
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Time-of-check time-of-use (toctou) race condition in Windows TCP/IP allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 +15
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Race Condition +11
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft +15
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure +16
NVD
Prev Page 7 of 18 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy