Filtered by vendor Microsoft
Subscriptions
Total
23185 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-37735 | 2 Elastic, Microsoft | 2 Defend, Windows | 2026-02-26 | 7 High |
| Improper preservation of permissions in Elastic Defend on Windows hosts can lead to arbitrary files on the system being deleted by the Defend service running as SYSTEM. In some cases, this could result in local privilege escalation. | ||||
| CVE-2025-55328 | 1 Microsoft | 28 Hyper-v, Server, Windows and 25 more | 2026-02-26 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55331 | 1 Microsoft | 20 Windows, Windows 10, Windows 10 21h2 and 17 more | 2026-02-26 | 7 High |
| Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55678 | 1 Microsoft | 30 Directx, Windows, Windows 10 and 27 more | 2026-02-26 | 7 High |
| Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-11205 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-26 | 8.8 High |
| Heap buffer overflow in WebGPU in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-55680 | 1 Microsoft | 22 Windows, Windows 10, Windows 10 1809 and 19 more | 2026-02-26 | 7.8 High |
| Time-of-check time-of-use (toctou) race condition in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-11206 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-26 | 7.1 High |
| Heap buffer overflow in Video in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-55684 | 1 Microsoft | 8 Windows, Windows 11, Windows 11 24h2 and 5 more | 2026-02-26 | 7 High |
| Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-12036 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-26 | 8.8 High |
| Out of bounds memory access in V8 in Google Chrome prior to 141.0.7390.122 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-55688 | 1 Microsoft | 8 Windows, Windows 11, Windows 11 24h2 and 5 more | 2026-02-26 | 7 High |
| Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-11756 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-26 | 8.8 High |
| Use after free in Safe Browsing in Google Chrome prior to 141.0.7390.107 allowed a remote attacker who had compromised the renderer process to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-55690 | 1 Microsoft | 8 Windows, Windows 11, Windows 11 24h2 and 5 more | 2026-02-26 | 7 High |
| Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-11458 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-26 | 8.1 High |
| Heap buffer overflow in Sync in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-55691 | 1 Microsoft | 8 Windows, Windows 11, Windows 11 24h2 and 5 more | 2026-02-26 | 7 High |
| Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-11460 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-26 | 8.8 High |
| Use after free in Storage in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to execute arbitrary code via a crafted video file. (Chromium security severity: High) | ||||
| CVE-2025-55692 | 1 Microsoft | 27 Windows, Windows 10, Windows 10 1507 and 24 more | 2026-02-26 | 7.8 High |
| Improper input validation in Windows Error Reporting allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55693 | 1 Microsoft | 8 Windows, Windows 11, Windows 11 24h2 and 5 more | 2026-02-26 | 7.4 High |
| Use after free in Windows Kernel allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2025-55694 | 1 Microsoft | 10 Windows, Windows 11, Windows 11 24h2 and 7 more | 2026-02-26 | 7.8 High |
| Improper access control in Windows Error Reporting allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55695 | 1 Microsoft | 30 Windows, Windows 10, Windows 10 1507 and 27 more | 2026-02-26 | 5.5 Medium |
| Out-of-bounds read in Windows WLAN Auto Config Service allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-55697 | 1 Microsoft | 7 Azure, Azure Local, Windows Server and 4 more | 2026-02-26 | 7.8 High |
| Heap-based buffer overflow in Azure Local allows an authorized attacker to elevate privileges locally. | ||||