Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows
Subscriptions
Total
8765 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-50175 | 1 Microsoft | 16 Windows, Windows 10, Windows 10 1809 and 13 more | 2025-10-27 | 7.8 High |
| Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55334 | 1 Microsoft | 6 Windows, Windows 11, Windows 11 22h2 and 3 more | 2025-10-27 | 6.2 Medium |
| Cleartext storage of sensitive information in Windows Kernel allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2025-55248 | 4 Apple, Linux, Microsoft and 1 more | 22 Macos, Linux Kernel, .net and 19 more | 2025-10-27 | 4.8 Medium |
| Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network. | ||||
| CVE-2025-50152 | 1 Microsoft | 18 Windows, Windows 10, Windows 10 1507 and 15 more | 2025-10-27 | 7.8 High |
| Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-11955 | 2 Microsoft, Thegreenbow | 6 Windows, Ipsec Vpn Client, Thegreenbow Vpn Client and 3 more | 2025-10-27 | N/A |
| Incorrect validation of OCSP certificates vulnerability in TheGreenBow VPN, versions 7.5 and 7.6. During the IKEv2 authentication step, the OCSP-enabled VPN client establishes the tunnel even if it does not receive an OCSP response or if the OCSP response signature is invalid. | ||||
| CVE-2025-12055 | 2 Microsoft, Mpdv Mikrolab | 4 Windows, Fedra 2, Hydra X and 1 more | 2025-10-27 | 7.5 High |
| HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from an unauthenticated local file disclosure vulnerability in all releases until Maintenance Pack 36 with Servicepack 8 (week 36/2025), which allows an attacker to read arbitrary files from the Windows operating system. The "Filename" parameter of the public $SCHEMAS$ ressource is vulnerable and can be exploited easily. | ||||
| CVE-2025-59275 | 1 Microsoft | 19 Windows, Windows 10, Windows 10 1507 and 16 more | 2025-10-27 | 7.8 High |
| Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59277 | 1 Microsoft | 19 Windows, Windows 10, Windows 10 1507 and 16 more | 2025-10-27 | 7.8 High |
| Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59278 | 1 Microsoft | 19 Windows, Windows 10, Windows 10 1507 and 16 more | 2025-10-27 | 7.8 High |
| Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59282 | 1 Microsoft | 21 Iis, Windows, Windows 10 and 18 more | 2025-10-27 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Inbox COM Objects allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-24990 | 1 Microsoft | 20 Windows, Windows 10, Windows 10 1507 and 17 more | 2025-10-27 | 7.8 High |
| Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update. Fax modem hardware dependent on this specific driver will no longer work on Windows. Microsoft recommends removing any existing dependencies on this hardware. | ||||
| CVE-2025-59230 | 1 Microsoft | 21 Remote, Windows, Windows 10 and 18 more | 2025-10-27 | 7.8 High |
| Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55338 | 1 Microsoft | 19 Bitlocker, Windows, Windows 10 and 16 more | 2025-10-27 | 6.1 Medium |
| Missing Ability to Patch ROM Code in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | ||||
| CVE-2025-55683 | 1 Microsoft | 7 Windows, Windows Server, Windows Server 2016 and 4 more | 2025-10-27 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-55684 | 1 Microsoft | 6 Windows, Windows 11, Windows 11 24h2 and 3 more | 2025-10-27 | 7 High |
| Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55687 | 1 Microsoft | 19 Windows, Windows 10, Windows 10 1507 and 16 more | 2025-10-27 | 7.4 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Resilient File System (ReFS) allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2025-55330 | 1 Microsoft | 11 Bitlocker, Windows, Windows 11 and 8 more | 2025-10-27 | 6.1 Medium |
| Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | ||||
| CVE-2022-47986 | 3 Ibm, Linux, Microsoft | 3 Aspera Faspex, Linux Kernel, Windows | 2025-10-27 | 9.8 Critical |
| IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512. | ||||
| CVE-2025-61865 | 2 Iodata, Microsoft | 2 Narsus App, Windows | 2025-10-27 | N/A |
| NarSuS App registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege. | ||||
| CVE-2025-11575 | 2 Microsoft, Mongodb | 2 Windows, Mongodb | 2025-10-27 | 7.8 High |
| Incorrect Default Permissions vulnerability in MongoDB Atlas SQL ODBC driver on Windows allows Privilege Escalation.This issue affects MongoDB Atlas SQL ODBC driver: from 1.0.0 through 2.0.0. | ||||