Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows
Subscriptions
Total
8797 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-53804 | 1 Microsoft | 18 Windows, Windows 10, Windows 10 1507 and 15 more | 2025-10-02 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-53803 | 1 Microsoft | 18 Windows, Windows 10, Windows 10 1507 and 15 more | 2025-10-02 | 5.5 Medium |
| Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-54895 | 1 Microsoft | 19 Windows, Windows 10, Windows 10 1507 and 16 more | 2025-10-02 | 7.8 High |
| Integer overflow or wraparound in Windows SPNEGO Extended Negotiation allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54115 | 1 Microsoft | 15 Hyper-v, Windows, Windows 10 and 12 more | 2025-10-02 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54092 | 1 Microsoft | 15 Hyper-v, Windows, Windows 10 and 12 more | 2025-10-02 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54091 | 1 Microsoft | 19 Hyper-v, Windows, Windows 10 and 16 more | 2025-10-02 | 7.8 High |
| Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54103 | 1 Microsoft | 12 Windows, Windows 10, Windows 10 21h2 and 9 more | 2025-10-02 | 7.4 High |
| Use after free in Windows Management Services allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2025-54099 | 1 Microsoft | 19 Windows, Windows 10, Windows 10 1507 and 16 more | 2025-10-02 | 7 High |
| Stack-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54098 | 1 Microsoft | 19 Windows, Windows 10, Windows 10 1507 and 16 more | 2025-10-02 | 7.8 High |
| Improper access control in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54097 | 1 Microsoft | 9 Windows, Windows Server, Windows Server 2008 and 6 more | 2025-10-02 | 6.5 Medium |
| Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-54107 | 1 Microsoft | 19 Windows, Windows 10, Windows 10 1507 and 16 more | 2025-10-02 | 4.3 Medium |
| Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. | ||||
| CVE-2025-55228 | 1 Microsoft | 12 Windows, Windows 10, Windows 10 21h2 and 9 more | 2025-10-02 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally. | ||||
| CVE-2025-54918 | 1 Microsoft | 19 Windows, Windows 10, Windows 10 1507 and 16 more | 2025-10-02 | 8.8 High |
| Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-54917 | 1 Microsoft | 19 Windows, Windows 10, Windows 10 1507 and 16 more | 2025-10-02 | 4.3 Medium |
| Protection mechanism failure in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. | ||||
| CVE-2025-54255 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2025-10-02 | 4 Medium |
| Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Violation of Secure Design Principles vulnerability that could result in a security feature bypass impacting integrity. An attacker does not have to be authenticated. Exploitation of this issue does not require user interaction, and scope is unchanged. | ||||
| CVE-2025-54912 | 1 Microsoft | 20 Bitlocker, Windows, Windows 10 and 17 more | 2025-10-02 | 7.8 High |
| Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2024-46465 | 2 Microsoft, Primx | 2 Windows, Cryhod | 2025-10-01 | 7.8 High |
| By default, dedicated folders of CRYHOD for Windows up to 2024.3 can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of CRYHOD has to be modified to prevent this vulnerability. | ||||
| CVE-2025-59215 | 1 Microsoft | 6 Graphics Component, Windows, Windows 11 and 3 more | 2025-09-30 | 7 High |
| Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-41246 | 2 Microsoft, Vmware | 2 Windows, Tools | 2025-09-30 | 7.6 High |
| VMware Tools for Windows contains an improper authorisation vulnerability due to the way it handles user access controls. A malicious actor with non-administrative privileges on a guest VM, who is already authenticated through vCenter or ESX may exploit this issue to access other guest VMs. Successful exploitation requires knowledge of credentials of the targeted VMs and vCenter or ESX. | ||||
| CVE-2024-43176 | 3 Ibm, Linux, Microsoft | 4 Openpages, Openpages With Watson, Linux Kernel and 1 more | 2025-09-29 | 5.4 Medium |
| IBM OpenPages 9.0 could allow an authenticated user to obtain sensitive information such as configurations that should only be available to privileged users. | ||||