threat
engine
.sh
Back
·
··:··
Home
/
Product
/
microsoft windows 10 1507
Product
microsoft windows 10 1507
500 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-64680
< 10.0.10240.21161
Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-64679
< 10.0.10240.21161
Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-62209
< 10.0.10240.21161
Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information
5.5
MEDIUM
CVE-2025-62208
< 10.0.10240.21161
Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information
5.5
MEDIUM
CVE-2025-59295
< 10.0.10240.21161
Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker to execute code over a network.
8.8
HIGH
CVE-2025-59294
< 10.0.10240.21161
Exposure of sensitive information to an unauthorized actor in Windows Taskbar Live allows an unauthorized attacker to disclose inf
2.1
LOW
CVE-2025-59282
< 10.0.10240.21161
Concurrent execution using shared resource with improper synchronization ('race condition') in Inbox COM Objects allows an unautho
7.0
HIGH
CVE-2025-59280
< 10.0.10240.21161
Improper authentication in Windows SMB Client allows an unauthorized attacker to perform tampering over a network.
3.1
LOW
CVE-2025-59278
< 10.0.10240.21161
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileg
7.8
HIGH
CVE-2025-59277
< 10.0.10240.21161
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileg
7.8
HIGH
CVE-2025-59275
< 10.0.10240.21161
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileg
7.8
HIGH
CVE-2025-59259
< 10.0.10240.21161
Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny servic
6.5
MEDIUM
CVE-2025-59254
< 10.0.10240.21161
Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-59253
< 10.0.10240.21161
Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny service locally.
5.5
MEDIUM
CVE-2025-59244
< 10.0.10240.21161
External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network.
6.5
MEDIUM
CVE-2025-59242
< 10.0.10240.21161
Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges lo
7.8
HIGH
CVE-2025-59230
< 10.0.10240.21161
Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-59214
< 10.0.10240.21161
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spo
6.5
MEDIUM
CVE-2025-59211
< 10.0.10240.21161
Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disc
5.5
MEDIUM
CVE-2025-59209
< 10.0.10240.21161
Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disc
5.5
MEDIUM
CVE-2025-59208
< 10.0.10240.21161
Out-of-bounds read in Windows MapUrlToZone allows an unauthorized attacker to disclose information over a network.
7.1
HIGH
CVE-2025-59205
< 10.0.10240.21161
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows
7.0
HIGH
CVE-2025-59203
< 10.0.10240.21161
Insertion of sensitive information into log file in Windows StateRepository API allows an authorized attacker to disclose informat
5.5
MEDIUM
CVE-2025-59201
< 10.0.10240.21161
Improper access control in Network Connection Status Indicator (NCSI) allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-59200
< 10.0.10240.21161
Concurrent execution using shared resource with improper synchronization ('race condition') in Data Sharing Service Client allows
7.7
HIGH
CVE-2025-59198
< 10.0.10240.21161
Improper input validation in Microsoft Windows Search Component allows an authorized attacker to deny service locally.
5.0
MEDIUM
CVE-2025-59197
< 10.0.10240.21161
Insertion of sensitive information into log file in Windows ETL Channel allows an authorized attacker to disclose information loca
5.5
MEDIUM
CVE-2025-59196
< 10.0.10240.21161
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an auth
7.0
HIGH
CVE-2025-59192
< 10.0.10240.21161
Buffer over-read in Storport.sys Driver allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-59190
< 10.0.10240.21161
Improper input validation in Microsoft Windows Search Component allows an unauthorized attacker to deny service locally.
5.5
MEDIUM
CVE-2025-59187
< 10.0.10240.21161
Improper input validation in Windows Kernel allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-59185
< 10.0.10240.21161
External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network.
6.5
MEDIUM
CVE-2025-58739
< 10.0.10240.21161
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spo
6.5
MEDIUM
CVE-2025-58738
< 10.0.10240.21161
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
7.0
HIGH
CVE-2025-58736
< 10.0.10240.21161
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
7.0
HIGH
CVE-2025-58735
< 10.0.10240.21161
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
7.0
HIGH
CVE-2025-58734
< 10.0.10240.21161
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
7.0
HIGH
CVE-2025-58733
< 10.0.10240.21161
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
7.0
HIGH
CVE-2025-58732
< 10.0.10240.21161
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
7.0
HIGH
CVE-2025-58730
< 10.0.10240.21161
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
7.0
HIGH
CVE-2025-58729
< 10.0.10240.21161
Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny servic
6.5
MEDIUM
CVE-2025-58726
< 10.0.10240.21161
Improper access control in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
7.5
HIGH
CVE-2025-58725
< 10.0.10240.21161
Heap-based buffer overflow in Windows COM allows an authorized attacker to elevate privileges locally.
7.0
HIGH
CVE-2025-58718
< 10.0.10240.21161
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
8.8
HIGH
CVE-2025-58717
< 10.0.10240.21161
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information ove
6.5
MEDIUM
CVE-2025-58716
< 10.0.10240.21161
Improper input validation in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.
8.8
HIGH
CVE-2025-58715
< 10.0.10240.21161
Integer overflow or wraparound in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.
8.8
HIGH
CVE-2025-58714
< 10.0.10240.21161
Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges local
7.8
HIGH
CVE-2025-55701
< 10.0.10240.21161
Improper validation of specified type of input in Microsoft Windows allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-55700
< 10.0.10240.21161
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information ove
6.5
MEDIUM
CVE-2025-55699
< 10.0.10240.21161
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information
5.5
MEDIUM
CVE-2025-55695
< 10.0.10240.21161
Out-of-bounds read in Windows WLAN Auto Config Service allows an authorized attacker to disclose information locally.
5.5
MEDIUM
CVE-2025-55692
< 10.0.10240.21161
Improper input validation in Windows Error Reporting allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-55687
< 10.0.10240.21161
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Resilient File System (ReFS
7.4
HIGH
CVE-2025-55678
< 10.0.10240.21161
Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.
7.0
HIGH
CVE-2025-55338
< 10.0.10240.21161
Missing Ability to Patch ROM Code in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physica
6.1
MEDIUM
CVE-2025-55335
< 10.0.10240.21161
Use after free in Windows NTFS allows an unauthorized attacker to elevate privileges locally.
7.4
HIGH
CVE-2025-55333
< 10.0.10240.21161
Incomplete comparison with missing factors in Windows BitLocker allows an unauthorized attacker to bypass a security feature with
6.1
MEDIUM
CVE-2025-55328
< 10.0.10240.21161
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorize
7.8
HIGH
CVE-2025-55325
< 10.0.10240.21161
Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
5.5
MEDIUM
CVE-2025-53768
< 10.0.10240.21161
Use after free in Xbox allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-50152
< 10.0.10240.21161
Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-25004
< 10.0.10240.21161
Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.
7.3
HIGH
CVE-2025-24990
< 10.0.10240.21161
Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating s
7.8
HIGH
CVE-2025-24052
< 10.0.10240.21161
Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating s
7.8
HIGH
CVE-2025-55234
< 10.0.10240.21128
SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vuln
8.8
HIGH
CVE-2025-55226
< 10.0.10240.21128
Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorize
6.7
MEDIUM
CVE-2025-54918
< 10.0.10240.21128
Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.
8.8
HIGH
CVE-2025-54917
< 10.0.10240.21128
Protection mechanism failure in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
4.3
MEDIUM
CVE-2025-54916
< 10.0.10240.21128
Stack-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.
7.8
HIGH
CVE-2025-54915
< 10.0.10240.21128
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker t
6.7
MEDIUM
CVE-2025-54913
< 10.0.10240.21128
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows UI XAML Maps MapControlSett
7.8
HIGH
CVE-2025-54912
< 10.0.10240.21128
Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-54911
< 10.0.10240.21128
Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally.
7.3
HIGH
CVE-2025-54895
< 10.0.10240.21128
Integer overflow or wraparound in Windows SPNEGO Extended Negotiation allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-54894
< 10.0.10240.21128
Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
7.8
HIGH
CVE-2025-54116
< 10.0.10240.21128
Improper access control in Windows MultiPoint Services allows an authorized attacker to elevate privileges locally.
7.3
HIGH
CVE-2025-54112
< 10.0.10240.21128
Use after free in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally.
7.0
HIGH
CVE-2025-54111
< 10.0.10240.21128
Use after free in Windows UI XAML Phone DatePickerFlyout allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-54110
< 10.0.10240.21128
Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges locally.
8.8
HIGH
CVE-2025-54109
< 10.0.10240.21128
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker t
6.7
MEDIUM
CVE-2025-54107
< 10.0.10240.21128
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over
4.3
MEDIUM
CVE-2025-54104
< 10.0.10240.21128
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker t
6.7
MEDIUM
CVE-2025-54101
< 10.0.10240.21128
Use after free in Windows SMBv3 Client allows an authorized attacker to execute code over a network.
4.8
MEDIUM
CVE-2025-54099
< 10.0.10240.21128
Stack-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges l
7.0
HIGH
CVE-2025-54098
< 10.0.10240.21128
Improper access control in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-54094
< 10.0.10240.21128
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker t
6.7
MEDIUM
CVE-2025-54093
< 10.0.10240.21128
Time-of-check time-of-use (toctou) race condition in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
7.0
HIGH
CVE-2025-54091
< 10.0.10240.21128
Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-53810
< 10.0.10240.21128
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker t
6.7
MEDIUM
CVE-2025-53808
< 10.0.10240.21128
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker t
6.7
MEDIUM
CVE-2025-53804
< 10.0.10240.21128
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information
5.5
MEDIUM
CVE-2025-53803
< 10.0.10240.21128
Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose informati
5.5
MEDIUM
CVE-2025-53801
< 10.0.10240.21128
Untrusted pointer dereference in Windows DWM allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-53799
< 10.0.10240.21128
Use of uninitialized resource in Windows Imaging Component allows an unauthorized attacker to disclose information locally.
5.5
MEDIUM
CVE-2025-55230
< 10.0.10240.21073
Untrusted pointer dereference in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-55229
< 10.0.10240.21014
Improper verification of cryptographic signature in Windows Certificates allows an unauthorized attacker to perform spoofing over
5.3
MEDIUM
CVE-2025-53789
< 10.0.10240.21073
Missing authentication for critical function in Windows StateRepository API allows an authorized attacker to elevate privileges lo
7.8
HIGH
CVE-2025-53778
< 10.0.10240.21100
Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.
8.8
HIGH
CVE-2025-53766
< 10.0.10240.21100
Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.
9.8
CRITICAL
CVE-2025-53726
< 10.0.10240.21100
Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to eleva
7.8
HIGH
CVE-2025-53725
< 10.0.10240.21100
Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to eleva
7.8
HIGH
CVE-2025-53724
< 10.0.10240.21100
Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to eleva
7.8
HIGH
CVE-2025-53723
< 10.0.10240.21100
Numeric truncation error in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-53722
< 10.0.10240.21100
Uncontrolled resource consumption in Windows Remote Desktop Services allows an unauthorized attacker to deny service over a networ
7.5
HIGH
CVE-2025-53718
< 10.0.10240.21100
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
7.0
HIGH
CVE-2025-53155
< 10.0.10240.21100
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-53154
< 10.0.10240.21100
Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges loca
7.8
HIGH
CVE-2025-53152
< 10.0.10240.21100
Use after free in Desktop Windows Manager allows an authorized attacker to execute code locally.
7.8
HIGH
CVE-2025-53149
< 10.0.10240.21100
Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locall
7.8
HIGH
CVE-2025-53147
< 10.0.10240.21100
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
7.0
HIGH
CVE-2025-53145
< 10.0.10240.21100
Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute
8.8
HIGH
CVE-2025-53144
< 10.0.10240.21100
Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute
8.8
HIGH
CVE-2025-53143
< 10.0.10240.21100
Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute
8.8
HIGH
CVE-2025-53141
< 10.0.10240.21100
Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges loca
7.8
HIGH
CVE-2025-53140
< 10.0.10240.21100
Use after free in Kernel Transaction Manager allows an authorized attacker to elevate privileges locally.
7.0
HIGH
CVE-2025-53137
< 10.0.10240.21100
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
7.0
HIGH
CVE-2025-53136
< 10.0.10240.21100
Exposure of sensitive information to an unauthorized actor in Windows NT OS Kernel allows an authorized attacker to disclose infor
5.5
MEDIUM
CVE-2025-53135
< 10.0.10240.21100
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorize
7.0
HIGH
CVE-2025-53134
< 10.0.10240.21100
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver f
7.0
HIGH
CVE-2025-53132
< 10.0.10240.21100
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an aut
7.8
HIGH
CVE-2025-50177
< 10.0.10240.21100
Use after free in Windows Message Queuing allows an unauthorized attacker to execute code over a network.
8.1
HIGH
CVE-2025-50173
< 10.0.10240.21100
Weak authentication in Windows Installer allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-50167
< 10.0.10240.21100
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorize
7.0
HIGH
CVE-2025-50166
< 10.0.10240.21100
Integer overflow or wraparound in Windows Distributed Transaction Coordinator allows an authorized attacker to disclose informatio
6.5
MEDIUM
CVE-2025-50161
< 10.0.10240.21100
Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
7.3
HIGH
CVE-2025-50159
< 10.0.10240.21100
Use after free in Remote Access Point-to-Point Protocol (PPP) EAP-TLS allows an authorized attacker to elevate privileges locally.
7.3
HIGH
CVE-2025-50158
< 10.0.10240.21100
Time-of-check time-of-use (toctou) race condition in Windows NTFS allows an unauthorized attacker to disclose information locally.
7.0
HIGH
CVE-2025-50155
< 10.0.10240.21100
Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to eleva
7.8
HIGH
CVE-2025-50154
< 10.0.10240.21100
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spo
6.5
MEDIUM
CVE-2025-50153
< 10.0.10240.21100
Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-49762
< 10.0.10240.21100
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver f
7.0
HIGH
CVE-2025-49761
< 10.0.10240.21100
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-49743
< 10.0.10240.21100
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows
6.7
MEDIUM
CVE-2025-49760
< 10.0.10240.21073
External control of file name or path in Windows Storage allows an authorized attacker to perform spoofing over a network.
3.5
LOW
CVE-2025-49744
< 10.0.10240.21073
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
7.0
HIGH
CVE-2025-49742
< 10.0.10240.21073
Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally.
7.8
HIGH
CVE-2025-49740
< 10.0.10240.21073
Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network.
8.8
HIGH
CVE-2025-49732
< 10.0.10240.21073
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-49730
< 10.0.10240.21073
Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate priv
7.8
HIGH
CVE-2025-49727
< 10.0.10240.21073
Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
7.0
HIGH
CVE-2025-49722
< 10.0.10240.21073
Uncontrolled resource consumption in Windows Print Spooler Components allows an authorized attacker to deny service over an adjace
5.7
MEDIUM
CVE-2025-49721
< 10.0.10240.21073
Heap-based buffer overflow in Windows Fast FAT Driver allows an unauthorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-49691
< 10.0.10240.21073
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over an adjacent network.
8.0
HIGH
CVE-2025-49689
< 10.0.10240.21073
Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-49687
< 10.0.10240.21073
Out-of-bounds read in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.
8.8
HIGH
CVE-2025-49686
< 10.0.10240.21073
Null pointer dereference in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-49684
< 10.0.10240.21073
Buffer over-read in Storage Port Driver allows an authorized attacker to disclose information locally.
5.5
MEDIUM
CVE-2025-49683
< 10.0.10240.21073
Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execute code locally.
7.8
HIGH
CVE-2025-49680
< 10.0.10240.21073
Improper link resolution before file access ('link following') in Windows Performance Recorder allows an authorized attacker to de
7.3
HIGH
CVE-2025-49679
< 10.0.10240.21073
Numeric truncation error in Windows Shell allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-49678
< 10.0.10240.21073
Null pointer dereference in Windows NTFS allows an authorized attacker to elevate privileges locally.
7.0
HIGH
CVE-2025-49675
< 10.0.10240.21073
Use after free in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-49667
< 10.0.10240.21073
Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-49665
< 10.0.10240.21073
Concurrent execution using shared resource with improper synchronization ('race condition') in Workspace Broker allows an authoriz
7.8
HIGH
CVE-2025-49664
< 10.0.10240.21073
Exposure of sensitive information to an unauthorized actor in Windows User-Mode Driver Framework Host allows an authorized attacke
5.5
MEDIUM
CVE-2025-49661
< 10.0.10240.21073
Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges
7.8
HIGH
CVE-2025-49660
< 10.0.10240.21073
Use after free in Windows Event Tracing allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-49659
< 10.0.10240.21073
Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-49658
< 10.0.10240.21073
Out-of-bounds read in Windows TDX.sys allows an authorized attacker to disclose information locally.
5.5
MEDIUM
CVE-2025-48823
< 10.0.10240.21073
Cryptographic issues in Windows Cryptographic Services allows an unauthorized attacker to disclose information over a network.
5.9
MEDIUM
CVE-2025-48821
< 10.0.10240.21073
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an a
7.1
HIGH
CVE-2025-48820
< 10.0.10240.21073
Improper link resolution before file access ('link following') in Windows AppX Deployment Service allows an authorized attacker to
7.8
HIGH
CVE-2025-48819
< 10.0.10240.21073
Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized atta
7.1
HIGH
CVE-2025-48818
< 10.0.10240.21073
Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security featur
6.8
MEDIUM
CVE-2025-48817
< 10.0.10240.21073
Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
8.8
HIGH
CVE-2025-48816
< 10.0.10240.21073
Integer overflow or wraparound in HID class driver allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-48815
< 10.0.10240.21073
Access of resource using incompatible type ('type confusion') in Windows SSDP Service allows an authorized attacker to elevate pri
7.8
HIGH
CVE-2025-48811
< 10.0.10240.21073
Missing support for integrity check in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevat
6.7
MEDIUM
CVE-2025-48808
< 10.0.10240.21073
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information
5.5
MEDIUM
CVE-2025-48806
< 10.0.10240.21073
Use after free in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally.
7.8
HIGH
CVE-2025-48805
< 10.0.10240.21073
Heap-based buffer overflow in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally.
7.8
HIGH
CVE-2025-48804
< 10.0.10240.21073
Acceptance of extraneous untrusted data with trusted data in Windows BitLocker allows an unauthorized attacker to bypass a securit
6.8
MEDIUM
CVE-2025-48803
< 10.0.10240.21073
Missing support for integrity check in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevat
6.7
MEDIUM
CVE-2025-48800
< 10.0.10240.21073
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical att
6.8
MEDIUM
CVE-2025-48001
< 10.0.10240.21073
Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security featur
6.8
MEDIUM
CVE-2025-47996
< 10.0.10240.21073
Integer underflow (wrap or wraparound) in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally
7.8
HIGH
CVE-2025-47987
< 10.0.10240.21073
Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-47986
< 10.0.10240.21073
Use after free in Universal Print Management Service allows an authorized attacker to elevate privileges locally.
8.8
HIGH
CVE-2025-47985
< 10.0.10240.21073
Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-47984
< 10.0.10240.21073
Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.
7.5
HIGH
CVE-2025-47981
< 10.0.10240.21073
Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.
9.8
CRITICAL
CVE-2025-47980
< 10.0.10240.21073
Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an unauthorized attacker to disclos
6.2
MEDIUM
CVE-2025-47976
< 10.0.10240.21073
Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-47975
< 10.0.10240.21073
Double free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
7.0
HIGH
CVE-2025-47973
< 10.0.10240.21073
Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-47972
< 10.0.10240.21073
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Input Method Editor (IME)
8.0
HIGH
CVE-2025-47971
< 10.0.10240.21073
Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-47159
< 10.0.10240.21073
Protection mechanism failure in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privi
7.8
HIGH
CVE-2025-47955
< 10.0.10240.21014
Improper privilege management in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges loca
7.8
HIGH
CVE-2025-47160
< 10.0.10240.21034
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
5.4
MEDIUM
CVE-2025-33075
< 10.0.10240.21034
Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privi
7.8
HIGH
CVE-2025-33073
< 10.0.10240.21034
Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.
8.8
HIGH
CVE-2025-33070
< 10.0.10240.21034
Use of uninitialized resource in Windows Netlogon allows an unauthorized attacker to elevate privileges over a network.
8.1
HIGH
CVE-2025-33067
< 10.0.10240.21034
Improper privilege management in Windows Kernel allows an unauthorized attacker to elevate privileges locally.
8.4
HIGH
CVE-2025-33066
< 10.0.10240.21034
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code ove
8.8
HIGH
CVE-2025-33065
< 10.0.10240.21034
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
5.5
MEDIUM
CVE-2025-33064
< 10.0.10240.21034
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over
8.8
HIGH
CVE-2025-33060
< 10.0.10240.21034
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
5.5
MEDIUM
CVE-2025-33059
< 10.0.10240.21034
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
5.5
MEDIUM
CVE-2025-33058
< 10.0.10240.21034
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
5.5
MEDIUM
CVE-2025-33057
< 10.0.10240.21034
Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network.
6.5
MEDIUM
CVE-2025-33056
< 10.0.10240.21034
Improper access control in Microsoft Local Security Authority Server (lsasrv) allows an unauthorized attacker to deny service over
7.5
HIGH
CVE-2025-33055
< 10.0.10240.21034
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
5.5
MEDIUM
CVE-2025-33053
< 10.0.10240.21034
External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network.
8.8
HIGH
CVE-2025-32724
< 10.0.10240.21034
Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to
7.5
HIGH
CVE-2025-32722
< 10.0.10240.21034
Improper access control in Windows Storage Port Driver allows an authorized attacker to disclose information locally.
5.5
MEDIUM
CVE-2025-32721
< 10.0.10240.21034
Improper link resolution before file access ('link following') in Windows Recovery Driver allows an authorized attacker to elevate
7.3
HIGH
CVE-2025-32720
< 10.0.10240.21034
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
5.5
MEDIUM
CVE-2025-32719
< 10.0.10240.21034
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
5.5
MEDIUM
CVE-2025-32718
< 10.0.10240.21034
Integer overflow or wraparound in Windows SMB allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-32716
< 10.0.10240.21034
Out-of-bounds read in Windows Media allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-32715
< 10.0.10240.21034
Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network.
6.5
MEDIUM
CVE-2025-32714
< 10.0.10240.21034
Improper access control in Windows Installer allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-32713
< 10.0.10240.21034
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-32712
< 10.0.10240.21034
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-24069
< 10.0.10240.21034
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
5.5
MEDIUM
CVE-2025-24068
< 10.0.10240.21034
Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
5.5
MEDIUM
CVE-2025-24065
< 10.0.10240.21034
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
5.5
MEDIUM
CVE-2025-47827
< 10.0.10240.21161
In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signatu
4.6
MEDIUM
CVE-2025-32709
< 10.0.10240.21014
Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges loca
7.8
HIGH
CVE-2025-32707
< 10.0.10240.21014
Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-32706
< 10.0.10240.21014
Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-32701
< 10.0.10240.21014
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-30397
< 10.0.10240.21014
Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to exe
7.5
HIGH
CVE-2025-30388
< 10.0.10240.21014
Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
7.8
HIGH
CVE-2025-29974
< 10.0.10240.21014
Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose information over an adjacent
5.7
MEDIUM
CVE-2025-29969
< 10.0.10240.21014
Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a net
7.5
HIGH
CVE-2025-29967
< 10.0.10240.21014
Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
8.8
HIGH
CVE-2025-29966
< 10.0.10240.21014
Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network.
8.8
HIGH
CVE-2025-29962
< 10.0.10240.21014
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
8.8
HIGH
CVE-2025-29961
< 10.0.10240.21014
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information ove
6.5
MEDIUM
CVE-2025-29960
< 10.0.10240.21014
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information ove
6.5
MEDIUM
CVE-2025-29959
< 10.0.10240.21014
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose info
6.5
MEDIUM
CVE-2025-29958
< 10.0.10240.21014
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose info
6.5
MEDIUM
CVE-2025-29957
< 10.0.10240.21014
Uncontrolled resource consumption in Windows Deployment Services allows an unauthorized attacker to deny service locally.
6.2
MEDIUM
CVE-2025-29956
< 10.0.10240.21014
Buffer over-read in Windows SMB allows an authorized attacker to disclose information over a network.
5.4
MEDIUM
CVE-2025-29954
< 10.0.10240.21014
Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny
5.9
MEDIUM
CVE-2025-29842
< 10.0.10240.21014
Acceptance of extraneous untrusted data with trusted data in UrlMon allows an unauthorized attacker to bypass a security feature o
7.5
HIGH
CVE-2025-29840
< 10.0.10240.21014
Stack-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
8.8
HIGH
CVE-2025-29839
< 10.0.10240.21014
Out-of-bounds read in Windows File Server allows an unauthorized attacker to disclose information locally.
4.0
MEDIUM
CVE-2025-29837
< 10.0.10240.21014
Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to disclose info
5.5
MEDIUM
CVE-2025-29836
< 10.0.10240.21014
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information ove
6.5
MEDIUM
CVE-2025-29835
< 10.0.10240.21014
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information ove
6.5
MEDIUM
CVE-2025-29833
< 10.0.10240.21014
Time-of-check time-of-use (toctou) race condition in Windows Virtual Machine Bus allows an unauthorized attacker to execute code l
7.7
HIGH
CVE-2025-29832
< 10.0.10240.21014
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information ove
6.5
MEDIUM
CVE-2025-29830
< 10.0.10240.21014
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose info
6.5
MEDIUM
CVE-2025-29829
< 10.0.10240.21014
Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information lo
5.5
MEDIUM
CVE-2025-27468
< 10.0.10240.21014
Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally.
7.0
HIGH
CVE-2025-24063
< 10.0.10240.21014
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-29824
< 10.0.10240.20978
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-29810
< 10.0.10240.20978
Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network.
7.5
HIGH
CVE-2025-29809
< 10.0.10240.20978
Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally.
7.1
HIGH
CVE-2025-27742
all versions
Out-of-bounds read in Windows NTFS allows an unauthorized attacker to disclose information locally.
5.5
MEDIUM
CVE-2025-27741
< 10.0.10240.20978
Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-27738
< 10.0.10240.20978
Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a netwo
6.5
MEDIUM
CVE-2025-27737
< 10.0.10240.20978
Improper input validation in Windows Security Zone Mapping allows an unauthorized attacker to bypass a security feature locally.
8.6
HIGH
CVE-2025-27735
< 10.0.10240.20978
Insufficient verification of data authenticity in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacke
6.0
MEDIUM
CVE-2025-27733
< 10.0.10240.20978
Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-27732
< 10.0.10240.20978
Sensitive data storage in improperly locked memory in Windows Win32K - GRFX allows an authorized attacker to elevate privileges lo
7.0
HIGH
CVE-2025-27727
< 10.0.10240.20978
Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privi
7.8
HIGH
CVE-2025-27491
< 10.0.10240.20978
Use after free in Windows Hyper-V allows an authorized attacker to execute code over a network.
7.1
HIGH
CVE-2025-27487
< 10.0.10240.20978
Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network.
8.0
HIGH
CVE-2025-27484
< 10.0.10240.20978
Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized atta
7.5
HIGH
CVE-2025-27483
< 10.0.10240.20978
Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-27481
< 10.0.10240.20978
Stack-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
8.8
HIGH
CVE-2025-27478
< 10.0.10240.20978
Heap-based buffer overflow in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally.
7.0
HIGH
CVE-2025-27477
< 10.0.10240.20978
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
8.8
HIGH
CVE-2025-27473
< 10.0.10240.20978
Uncontrolled resource consumption in Windows HTTP.sys allows an unauthorized attacker to deny service over a network.
7.5
HIGH
CVE-2025-27472
< 10.0.10240.20978
Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a
5.4
MEDIUM
CVE-2025-27471
< 10.0.10240.20978
Sensitive data storage in improperly locked memory in Microsoft Streaming Service allows an unauthorized attacker to deny service
5.9
MEDIUM
CVE-2025-27469
< 10.0.10240.20978
Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny
7.5
HIGH
CVE-2025-26688
< 10.0.10240.20978
Stack-based buffer overflow in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-26687
< 10.0.10240.20978
Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network.
7.5
HIGH
CVE-2025-26686
< 10.0.10240.20978
Sensitive data storage in improperly locked memory in Windows TCP/IP allows an unauthorized attacker to execute code over a networ
7.5
HIGH
CVE-2025-26679
< 10.0.10240.20978
Use after free in RPC Endpoint Mapper Service allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-26673
< 10.0.10240.20978
Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny
7.5
HIGH
CVE-2025-26672
< 10.0.10240.20978
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over
6.5
MEDIUM
CVE-2025-26670
< 10.0.10240.20978
Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a netw
8.1
HIGH
CVE-2025-26669
< 10.0.10240.20978
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information ove
8.8
HIGH
CVE-2025-26668
< 10.0.10240.20978
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code ove
7.5
HIGH
CVE-2025-26665
< 10.0.10240.20978
Sensitive data storage in improperly locked memory in Windows upnphost.dll allows an authorized attacker to elevate privileges loc
7.0
HIGH
CVE-2025-26663
< 10.0.10240.20978
Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a netw
8.1
HIGH
CVE-2025-26648
< 10.0.10240.20978
Sensitive data storage in improperly locked memory in Windows Kernel allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-26641
< 10.0.10240.20978
Uncontrolled resource consumption in Windows Cryptographic Services allows an unauthorized attacker to deny service over a network
7.5
HIGH
CVE-2025-26637
< 10.0.10240.20978
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical att
6.8
MEDIUM
CVE-2025-24073
< 10.0.10240.20978
Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-21222
< 10.0.10240.20978
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
8.8
HIGH
CVE-2025-21221
< 10.0.10240.20978
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
8.8
HIGH
CVE-2025-21205
< 10.0.10240.20978
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
8.8
HIGH
CVE-2025-21204
< 10.0.10240.20978
Improper link resolution before file access ('link following') in Windows Update Stack allows an authorized attacker to elevate pr
7.8
HIGH
CVE-2025-21197
< 10.0.10240.20978
Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the a
6.5
MEDIUM
CVE-2025-21191
< 10.0.10240.20978
Time-of-check time-of-use (toctou) race condition in Windows Local Security Authority (LSA) allows an authorized attacker to eleva
7.0
HIGH
CVE-2025-26645
< 10.0.10240.20947
Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
8.8
HIGH
CVE-2025-26634
< 10.0.10240.20915
Heap-based buffer overflow in Windows Core Messaging allows an authorized attacker to elevate privileges over a network.
7.5
HIGH
CVE-2025-26633
< 10.0.10240.20947
Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.
7.0
HIGH
CVE-2025-24996
< 10.0.10240.20947
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
6.5
MEDIUM
CVE-2025-24995
< 10.0.10240.20947
Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locall
7.8
HIGH
CVE-2025-24993
< 10.0.10240.20947
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
7.8
HIGH
CVE-2025-24992
< 10.0.10240.20947
Buffer over-read in Windows NTFS allows an unauthorized attacker to disclose information locally.
5.5
MEDIUM
CVE-2025-24991
< 10.0.10240.20947
Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally.
5.5
MEDIUM
CVE-2025-24988
< 10.0.10240.20947
Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack.
6.6
MEDIUM
CVE-2025-24987
< 10.0.10240.20947
Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack.
6.6
MEDIUM
CVE-2025-24985
< 10.0.10240.20947
Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.
7.8
HIGH
CVE-2025-24984
< 10.0.10240.20947
Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a ph
4.6
MEDIUM
CVE-2025-24983
< 10.0.10240.20947
Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.
7.0
HIGH
CVE-2025-24072
< 10.0.10240.20947
Use after free in Microsoft Local Security Authority Server (lsasrv) allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-24071
< 10.0.10240.20947
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spo
6.5
MEDIUM
CVE-2025-24067
< 10.0.10240.20947
Heap-based buffer overflow in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-24066
< 10.0.10240.20947
Heap-based buffer overflow in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-24061
< 10.0.10240.20947
Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature locall
7.8
HIGH
CVE-2025-24059
< 10.0.10240.20947
Incorrect conversion between numeric types in Windows Common Log File System Driver allows an authorized attacker to elevate privi
7.8
HIGH
CVE-2025-24056
< 10.0.10240.20947
Heap-based buffer overflow in Windows Telephony Server allows an unauthorized attacker to execute code over a network.
8.8
HIGH
CVE-2025-24055
< 10.0.10240.20947
Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to disclose information with a physical attack.
4.3
MEDIUM
CVE-2025-24054
< 10.0.10240.20947
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
6.5
MEDIUM
CVE-2025-24051
< 10.0.10240.20947
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code ove
8.8
HIGH
CVE-2025-24046
< 10.0.10240.20947
Use after free in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-24044
< 10.0.10240.20947
Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2025-24035
< 10.0.10240.20947
Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute c
8.1
HIGH
CVE-2025-21247
< 10.0.10240.20947
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over
4.3
MEDIUM
CVE-2025-21180
< 10.0.10240.20947
Heap-based buffer overflow in Windows exFAT File System allows an unauthorized attacker to execute code locally.
7.8
HIGH
CVE-2025-21420
< 10.0.10240.20915
Windows Disk Cleanup Tool Elevation of Privilege Vulnerability
7.8
HIGH
CVE-2025-21419
< 10.0.10240.20915
Windows Setup Files Cleanup Elevation of Privilege Vulnerability
7.1
HIGH
CVE-2025-21414
< 10.0.10240.20915
Windows Core Messaging Elevation of Privileges Vulnerability
7.0
HIGH
CVE-2025-21407
< 10.0.10240.20915
Windows Telephony Service Remote Code Execution Vulnerability
8.8
HIGH
CVE-2025-21406
< 10.0.10240.20915
Windows Telephony Service Remote Code Execution Vulnerability
8.8
HIGH
CVE-2025-21391
< 10.0.10240.20915
Windows Storage Elevation of Privilege Vulnerability
7.1
HIGH
CVE-2025-21377
< 10.0.10240.20915
NTLM Hash Disclosure Spoofing Vulnerability
6.5
MEDIUM
CVE-2025-21376
< 10.0.10240.20915
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
8.1
HIGH
CVE-2025-21375
< 10.0.10240.20915
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
7.8
HIGH
CVE-2025-21373
< 10.0.10240.20915
Windows Installer Elevation of Privilege Vulnerability
7.8
HIGH
CVE-2025-21371
< 10.0.10240.20915
Windows Telephony Service Remote Code Execution Vulnerability
8.8
HIGH
CVE-2025-21369
< 10.0.10240.20915
Microsoft Digest Authentication Remote Code Execution Vulnerability
8.8
HIGH
CVE-2025-21368
< 10.0.10240.20915
Microsoft Digest Authentication Remote Code Execution Vulnerability
8.8
HIGH
CVE-2025-21359
< 10.0.10240.20915
Windows Kernel Security Feature Bypass Vulnerability
7.8
HIGH
CVE-2025-21358
< 10.0.10240.20915
Windows Core Messaging Elevation of Privileges Vulnerability
7.8
HIGH
CVE-2025-21352
< 10.0.10240.20915
Internet Connection Sharing (ICS) Denial of Service Vulnerability
6.5
MEDIUM
CVE-2025-21350
< 10.0.10240.20915
Windows Kerberos Denial of Service Vulnerability
5.9
MEDIUM
CVE-2025-21349
< 10.0.10240.20915
Windows Remote Desktop Configuration Service Tampering Vulnerability
6.8
MEDIUM
CVE-2025-21347
< 10.0.10240.20915
Windows Deployment Services Denial of Service Vulnerability
6.0
MEDIUM
CVE-2025-21337
< 10.0.10240.20915
Windows NTFS Elevation of Privilege Vulnerability
3.3
LOW
CVE-2025-21201
< 10.0.10240.20915
Windows Telephony Server Remote Code Execution Vulnerability
8.8
HIGH
CVE-2025-21200
< 10.0.10240.20915
Windows Telephony Service Remote Code Execution Vulnerability
8.8
HIGH
CVE-2025-21190
< 10.0.10240.20915
Windows Telephony Service Remote Code Execution Vulnerability
8.8
HIGH
CVE-2025-21184
< 10.0.10240.20915
Windows Core Messaging Elevation of Privileges Vulnerability
7.0
HIGH
CVE-2025-21181
< 10.0.10240.20915
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
7.5
HIGH
CVE-2025-21417
< 10.0.10240.20890
Windows Telephony Service Remote Code Execution Vulnerability
8.8
HIGH
CVE-2025-21413
< 10.0.10240.20890
Windows Telephony Service Remote Code Execution Vulnerability
8.8
HIGH
CVE-2025-21411
< 10.0.10240.20890
Windows Telephony Service Remote Code Execution Vulnerability
8.8
HIGH
CVE-2025-21409
< 10.0.10240.20890
Windows Telephony Service Remote Code Execution Vulnerability
8.8
HIGH
CVE-2025-21389
< 10.0.10240.20890
Uncontrolled resource consumption in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to deny se
7.5
HIGH
CVE-2025-21378
< 10.0.10240.20890
Windows CSC Service Elevation of Privilege Vulnerability
7.8
HIGH
CVE-2025-21374
< 10.0.10240.20890
Windows CSC Service Information Disclosure Vulnerability
5.5
MEDIUM
CVE-2025-21341
< 10.0.10240.20890
Windows Digital Media Elevation of Privilege Vulnerability
6.6
MEDIUM
CVE-2025-21339
< 10.0.10240.20890
Windows Telephony Service Remote Code Execution Vulnerability
8.8
HIGH
CVE-2025-21338
< 10.0.10240.20890
GDI+ Remote Code Execution Vulnerability
7.8
HIGH
CVE-2025-21336
< 10.0.10240.20890
Windows Cryptographic Information Disclosure Vulnerability
5.6
MEDIUM
CVE-2025-21332
< 10.0.10240.20890
MapUrlToZone Security Feature Bypass Vulnerability
4.3
MEDIUM
CVE-2025-21331
< 10.0.10240.20890
Windows Installer Elevation of Privilege Vulnerability
7.3
HIGH
CVE-2025-21329
< 10.0.10240.20890
MapUrlToZone Security Feature Bypass Vulnerability
4.3
MEDIUM
CVE-2025-21328
< 10.0.10240.20890
MapUrlToZone Security Feature Bypass Vulnerability
4.3
MEDIUM
CVE-2025-21327
< 10.0.10240.20890
Windows Digital Media Elevation of Privilege Vulnerability
6.6
MEDIUM
CVE-2025-21324
< 10.0.10240.20890
Windows Digital Media Elevation of Privilege Vulnerability
6.6
MEDIUM
CVE-2025-21323
< 10.0.10240.20890
Windows Kernel Memory Information Disclosure Vulnerability
5.5
MEDIUM
CVE-2025-21321
< 10.0.10240.20890
Windows Kernel Memory Information Disclosure Vulnerability
5.5
MEDIUM
CVE-2025-21320
< 10.0.10240.20890
Windows Kernel Memory Information Disclosure Vulnerability
5.5
MEDIUM
CVE-2025-21319
< 10.0.10240.20890
Windows Kernel Memory Information Disclosure Vulnerability
5.5
MEDIUM
CVE-2025-21318
< 10.0.10240.20890
Windows Kernel Memory Information Disclosure Vulnerability
5.5
MEDIUM
CVE-2025-21316
< 10.0.10240.20890
Windows Kernel Memory Information Disclosure Vulnerability
5.5
MEDIUM
CVE-2025-21312
< 10.0.10240.20890
Windows Smart Card Reader Information Disclosure Vulnerability
2.4
LOW
CVE-2025-21310
< 10.0.10240.20890
Windows Digital Media Elevation of Privilege Vulnerability
6.6
MEDIUM
CVE-2025-21308
< 10.0.10240.20890
Windows Themes Spoofing Vulnerability
6.5
MEDIUM
CVE-2025-21307
< 10.0.10240.20890
Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
9.8
CRITICAL
CVE-2025-21306
< 10.0.10240.20890
Windows Telephony Service Remote Code Execution Vulnerability
8.8
HIGH
CVE-2025-21305
< 10.0.10240.20890
Windows Telephony Service Remote Code Execution Vulnerability
8.8
HIGH
CVE-2025-21303
< 10.0.10240.20890
Windows Telephony Service Remote Code Execution Vulnerability
8.8
HIGH
CVE-2025-21302
< 10.0.10240.20890
Windows Telephony Service Remote Code Execution Vulnerability
8.8
HIGH
CVE-2025-21301
< 10.0.10240.20890
Windows Geolocation Service Information Disclosure Vulnerability
6.5
MEDIUM
CVE-2025-21300
< 10.0.10240.20890
Windows Universal Plug and Play (UPnP) Device Host Denial of Service Vulnerability
7.5
HIGH
CVE-2025-21299
< 10.0.10240.20890
Windows Kerberos Security Feature Bypass Vulnerability
7.1
HIGH
CVE-2025-21298
< 10.0.10240.20890
Windows OLE Remote Code Execution Vulnerability
9.8
CRITICAL
CVE-2025-21296
< 10.0.10240.20890
BranchCache Remote Code Execution Vulnerability
7.5
HIGH
CVE-2025-21295
< 10.0.10240.20890
SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability
8.1
HIGH
CVE-2025-21294
< 10.0.10240.20890
Microsoft Digest Authentication Remote Code Execution Vulnerability
8.1
HIGH
CVE-2025-21293
< 10.0.10240.20890
Active Directory Domain Services Elevation of Privilege Vulnerability
8.8
HIGH
CVE-2025-21290
< 10.0.10240.20890
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
7.5
HIGH
CVE-2025-21289
< 10.0.10240.20890
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
7.5
HIGH
CVE-2025-21288
< 10.0.10240.20890
Windows COM Server Information Disclosure Vulnerability
6.5
MEDIUM
CVE-2025-21287
< 10.0.10240.20890
Windows Installer Elevation of Privilege Vulnerability
7.8
HIGH
CVE-2025-21286
< 10.0.10240.20890
Windows Telephony Service Remote Code Execution Vulnerability
8.8
HIGH
CVE-2025-21285
< 10.0.10240.20890
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
7.5
HIGH
CVE-2025-21284
< 10.0.10240.20890
Windows Virtual Trusted Platform Module Denial of Service Vulnerability
5.5
MEDIUM
CVE-2025-21282
< 10.0.10240.20890
Windows Telephony Service Remote Code Execution Vulnerability
8.8
HIGH
CVE-2025-21281
< 10.0.10240.20890
Microsoft COM for Windows Elevation of Privilege Vulnerability
7.8
HIGH
CVE-2025-21280
< 10.0.10240.20890
Windows Virtual Trusted Platform Module Denial of Service Vulnerability
5.5
MEDIUM
CVE-2025-21278
< 10.0.10240.20890
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
6.2
MEDIUM
CVE-2025-21277
< 10.0.10240.20890
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
7.5
HIGH
CVE-2025-21276
< 10.0.10240.20890
Windows MapUrlToZone Denial of Service Vulnerability
7.5
HIGH
CVE-2025-21274
< 10.0.10240.20890
Windows Event Tracing Denial of Service Vulnerability
5.5
MEDIUM
CVE-2025-21273
< 10.0.10240.20890
Windows Telephony Service Remote Code Execution Vulnerability
8.8
HIGH
CVE-2025-21272
< 10.0.10240.20890
Windows COM Server Information Disclosure Vulnerability
6.5
MEDIUM
CVE-2025-21270
< 10.0.10240.20890
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
7.5
HIGH
CVE-2025-21269
< 10.0.10240.20890
Windows HTML Platforms Security Feature Bypass Vulnerability
4.3
MEDIUM
CVE-2025-21268
< 10.0.10240.20890
MapUrlToZone Security Feature Bypass Vulnerability
4.3
MEDIUM
CVE-2025-21266
< 10.0.10240.20890
Windows Telephony Service Remote Code Execution Vulnerability
8.8
HIGH
CVE-2025-21265
< 10.0.10240.20890
Windows Digital Media Elevation of Privilege Vulnerability
6.6
MEDIUM
CVE-2025-21263
< 10.0.10240.20890
Windows Digital Media Elevation of Privilege Vulnerability
6.6
MEDIUM
CVE-2025-21261
< 10.0.10240.20890
Windows Digital Media Elevation of Privilege Vulnerability
6.6
MEDIUM
CVE-2025-21260
< 10.0.10240.20890
Windows Digital Media Elevation of Privilege Vulnerability
6.6
MEDIUM
CVE-2025-21258
< 10.0.10240.20890
Windows Digital Media Elevation of Privilege Vulnerability
6.6
MEDIUM
CVE-2025-21256
< 10.0.10240.20890
Windows Digital Media Elevation of Privilege Vulnerability
6.6
MEDIUM
CVE-2025-21255
< 10.0.10240.20890
Windows Digital Media Elevation of Privilege Vulnerability
6.6
MEDIUM
CVE-2025-21252
< 10.0.10240.20890
Windows Telephony Service Remote Code Execution Vulnerability
8.8
HIGH
CVE-2025-21251
< 10.0.10240.20890
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
7.5
HIGH
CVE-2025-21250
< 10.0.10240.20890
Windows Telephony Service Remote Code Execution Vulnerability
8.8
HIGH
CVE-2025-21249
< 10.0.10240.20890
Windows Digital Media Elevation of Privilege Vulnerability
6.6
MEDIUM
CVE-2025-21248
< 10.0.10240.20890
Windows Telephony Service Remote Code Execution Vulnerability
8.8
HIGH
CVE-2025-21246
< 10.0.10240.20890
Windows Telephony Service Remote Code Execution Vulnerability
8.8
HIGH
CVE-2025-21245
< 10.0.10240.20890
Windows Telephony Service Remote Code Execution Vulnerability
8.8
HIGH
CVE-2025-21244
< 10.0.10240.20890
Windows Telephony Service Remote Code Execution Vulnerability
8.8
HIGH
CVE-2025-21243
< 10.0.10240.20890
Windows Telephony Service Remote Code Execution Vulnerability
8.8
HIGH
CVE-2025-21242
< 10.0.10240.20890
Windows Kerberos Information Disclosure Vulnerability
5.9
MEDIUM
CVE-2025-21241
< 10.0.10240.20890
Windows Telephony Service Remote Code Execution Vulnerability
8.8
HIGH
CVE-2025-21240
< 10.0.10240.20890
Windows Telephony Service Remote Code Execution Vulnerability
8.8
HIGH
CVE-2025-21239
< 10.0.10240.20890
Windows Telephony Service Remote Code Execution Vulnerability
8.8
HIGH
CVE-2025-21238
< 10.0.10240.20890
Windows Telephony Service Remote Code Execution Vulnerability
8.8
HIGH
CVE-2025-21237
< 10.0.10240.20890
Windows Telephony Service Remote Code Execution Vulnerability
8.8
HIGH
CVE-2025-21236
< 10.0.10240.20890
Windows Telephony Service Remote Code Execution Vulnerability
8.8
HIGH
CVE-2025-21233
< 10.0.10240.20890
Windows Telephony Service Remote Code Execution Vulnerability
8.8
HIGH
CVE-2025-21232
< 10.0.10240.20890
Windows Digital Media Elevation of Privilege Vulnerability
6.6
MEDIUM
CVE-2025-21231
< 10.0.10240.20890
IP Helper Denial of Service Vulnerability
7.5
HIGH
CVE-2025-21230
< 10.0.10240.20890
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
7.5
HIGH
CVE-2025-21229
< 10.0.10240.20890
Windows Digital Media Elevation of Privilege Vulnerability
6.6
MEDIUM
CVE-2025-21228
< 10.0.10240.20890
Windows Digital Media Elevation of Privilege Vulnerability
6.6
MEDIUM
CVE-2025-21227
< 10.0.10240.20890
Windows Digital Media Elevation of Privilege Vulnerability
6.6
MEDIUM
CVE-2025-21226
< 10.0.10240.20890
Windows Digital Media Elevation of Privilege Vulnerability
6.6
MEDIUM
CVE-2025-21223
< 10.0.10240.20890
Windows Telephony Service Remote Code Execution Vulnerability
8.8
HIGH
CVE-2025-21220
< 10.0.10240.20890
Microsoft Message Queuing Information Disclosure Vulnerability
7.5
HIGH
CVE-2025-21219
< 10.0.10240.20890
MapUrlToZone Security Feature Bypass Vulnerability
4.3
MEDIUM
CVE-2025-21217
< 10.0.10240.20890
Windows NTLM Spoofing Vulnerability
6.5
MEDIUM
CVE-2025-21215
< 10.0.10240.20890
Secure Boot Security Feature Bypass Vulnerability
4.6
MEDIUM
CVE-2025-21214
< 10.0.10240.20890
Windows BitLocker Information Disclosure Vulnerability
4.2
MEDIUM
CVE-2025-21213
< 10.0.10240.20890
Secure Boot Security Feature Bypass Vulnerability
4.6
MEDIUM
CVE-2025-21211
< 10.0.10240.20890
Secure Boot Security Feature Bypass Vulnerability
6.8
MEDIUM
CVE-2025-21210
< 10.0.10240.20890
Windows BitLocker Information Disclosure Vulnerability
4.2
MEDIUM
CVE-2025-21202
< 10.0.10240.20890
Windows Recovery Environment Agent Elevation of Privilege Vulnerability
6.1
MEDIUM
CVE-2025-21189
< 10.0.10240.20890
MapUrlToZone Security Feature Bypass Vulnerability
4.3
MEDIUM
CVE-2024-49138
< 10.0.10240.20857
Windows Common Log File System Driver Elevation of Privilege Vulnerability
7.8
HIGH
CVE-2024-49127
< 10.0.10240.20857
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
8.1
HIGH
CVE-2024-49126
< 10.0.10240.20857
Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability
8.1
HIGH
CVE-2024-49124
< 10.0.10240.20857
Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability
8.1
HIGH
CVE-2024-49122
< 10.0.10240.20857
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
8.1
HIGH
CVE-2024-49121
< 10.0.10240.20857
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
7.5
HIGH
CVE-2024-49118
< 10.0.10240.20857
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
8.1
HIGH
CVE-2024-49113
< 10.0.10240.20857
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
7.5
HIGH
CVE-2024-49112
< 10.0.10240.20857
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
9.8
CRITICAL
CVE-2024-49107
< 10.0.10240.20857
WmsRepair Service Elevation of Privilege Vulnerability
7.3
HIGH
CVE-2024-49105
< 10.0.10240.20857
Remote Desktop Client Remote Code Execution Vulnerability
8.4
HIGH
CVE-2024-49104
< 10.0.10240.20857
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
8.8
HIGH
CVE-2024-49102
< 10.0.10240.20857
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
8.8
HIGH
CVE-2024-49096
< 10.0.10240.20857
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
7.5
HIGH
CVE-2024-49090
< 10.0.10240.20857
Windows Common Log File System Driver Elevation of Privilege Vulnerability
7.8
HIGH
CVE-2024-49089
< 10.0.10240.20857
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
7.2
HIGH
CVE-2024-49088
< 10.0.10240.20857
Windows Common Log File System Driver Elevation of Privilege Vulnerability
7.8
HIGH
CVE-2024-49084
< 10.0.10240.20857
Windows Kernel Elevation of Privilege Vulnerability
7.0
HIGH
CVE-2024-49082
< 10.0.10240.20857
Windows File Explorer Information Disclosure Vulnerability
6.8
MEDIUM
CVE-2024-49080
< 10.0.10240.20857
Windows IP Routing Management Snapin Remote Code Execution Vulnerability
8.8
HIGH
CVE-2024-49079
< 10.0.10240.20857
Input Method Editor (IME) Remote Code Execution Vulnerability
7.8
HIGH
CVE-2024-49072
< 10.0.10240.20857
Windows Task Scheduler Elevation of Privilege Vulnerability
7.8
HIGH
CVE-2024-49046
< 10.0.10240.20826
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
7.8
HIGH
CVE-2024-49039
< 10.0.10240.20826
Windows Task Scheduler Elevation of Privilege Vulnerability
8.8
HIGH
CVE-2024-43645
< 10.0.10240.20826
Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability
6.7
MEDIUM
CVE-2024-43644
< 10.0.10240.20826
Windows Client-Side Caching Elevation of Privilege Vulnerability
7.8
HIGH
CVE-2024-43643
< 10.0.10240.20826
Windows USB Video Class System Driver Elevation of Privilege Vulnerability
6.8
MEDIUM
CVE-2024-43641
< 10.0.10240.20826
Windows Registry Elevation of Privilege Vulnerability
7.8
HIGH
CVE-2024-43638
< 10.0.10240.20826
Windows USB Video Class System Driver Elevation of Privilege Vulnerability
6.8
MEDIUM
CVE-2024-43637
< 10.0.10240.20826
Windows USB Video Class System Driver Elevation of Privilege Vulnerability
6.8
MEDIUM
CVE-2024-43636
< 10.0.10240.20826
Win32k Elevation of Privilege Vulnerability
7.8
HIGH
CVE-2024-43635
< 10.0.10240.20826
Windows Telephony Service Remote Code Execution Vulnerability
8.8
HIGH
CVE-2024-43634
< 10.0.10240.20826
Windows USB Video Class System Driver Elevation of Privilege Vulnerability
6.8
MEDIUM
CVE-2024-43628
< 10.0.10240.20826
Windows Telephony Service Remote Code Execution Vulnerability
8.8
HIGH
CVE-2024-43627
< 10.0.10240.20826
Windows Telephony Service Remote Code Execution Vulnerability
8.8
HIGH
CVE-2024-43626
< 10.0.10240.20826
Windows Telephony Service Elevation of Privilege Vulnerability
7.8
HIGH
CVE-2024-43623
< 10.0.10240.20826
Windows NT OS Kernel Elevation of Privilege Vulnerability
7.8
HIGH
CVE-2024-43622
< 10.0.10240.20826
Windows Telephony Service Remote Code Execution Vulnerability
8.8
HIGH
CVE-2024-43621
< 10.0.10240.20826
Windows Telephony Service Remote Code Execution Vulnerability
8.8
HIGH
CVE-2024-43620
< 10.0.10240.20826
Windows Telephony Service Remote Code Execution Vulnerability
8.8
HIGH
CVE-2024-43451
< 10.0.10240.20826
NTLM Hash Disclosure Spoofing Vulnerability
6.5
MEDIUM
CVE-2024-43449
< 10.0.10240.20826
Windows USB Video Class System Driver Elevation of Privilege Vulnerability
6.8
MEDIUM
CVE-2024-38203
< 10.0.10240.20826
Windows Package Library Manager Information Disclosure Vulnerability
6.2
MEDIUM
CVE-2024-43599
< 10.0.10240.20796
Remote Desktop Client Remote Code Execution Vulnerability
8.8
HIGH
CVE-2024-43583
< 10.0.10240.20796
Winlogon Elevation of Privilege Vulnerability
7.8
HIGH
CVE-2024-43573
< 10.0.10240.20796
Windows MSHTML Platform Spoofing Vulnerability
6.5
MEDIUM
CVE-2024-43572
< 10.0.10240.20796
Microsoft Management Console Remote Code Execution Vulnerability
7.8
HIGH
CVE-2024-43570
< 10.0.10240.20796
Windows Kernel Elevation of Privilege Vulnerability
6.4
MEDIUM
CVE-2024-43565
< 10.0.10240.20796
Windows Network Address Translation (NAT) Denial of Service Vulnerability
7.5
HIGH
CVE-2024-43563
< 10.0.10240.20796
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
7.8
HIGH
CVE-2024-43562
< 10.0.10240.20796
Windows Network Address Translation (NAT) Denial of Service Vulnerability
7.5
HIGH
CVE-2024-43560
< 10.0.10240.20796
Microsoft Windows Storage Port Driver Elevation of Privilege Vulnerability
7.8
HIGH
CVE-2024-43556
< 10.0.10240.20796
Windows Graphics Component Elevation of Privilege Vulnerability
7.8
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin