Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows
Subscriptions
Total
8764 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-9164 | 2 Docker, Microsoft | 2 Desktop, Windows | 2025-10-28 | N/A |
| Docker Desktop Installer.exe is vulnerable to DLL hijacking due to insecure DLL search order. The installer searches for required DLLs in the user's Downloads folder before checking system directories, allowing local privilege escalation through malicious DLL placement.This issue affects Docker Desktop: through 4.48.0. | ||||
| CVE-2025-47979 | 1 Microsoft | 5 Windows, Windows Server, Windows Server 2022 and 2 more | 2025-10-27 | 5.5 Medium |
| Insertion of sensitive information into log file in Windows Failover Cluster allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-59257 | 1 Microsoft | 8 Windows, Windows 11, Windows 11 24h2 and 5 more | 2025-10-27 | 6.5 Medium |
| Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network. | ||||
| CVE-2025-59258 | 1 Microsoft | 9 Active Directory Federation Services, Windows, Windows Server and 6 more | 2025-10-27 | 6.2 Medium |
| Insertion of sensitive information into log file in Active Directory Federation Services allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2025-59280 | 1 Microsoft | 19 Windows, Windows 10, Windows 10 1507 and 16 more | 2025-10-27 | 3.1 Low |
| Improper authentication in Windows SMB Client allows an unauthorized attacker to perform tampering over a network. | ||||
| CVE-2025-59254 | 1 Microsoft | 18 Windows, Windows 10, Windows 10 1507 and 15 more | 2025-10-27 | 7.8 High |
| Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55337 | 1 Microsoft | 7 Bitlocker, Windows, Windows 11 and 4 more | 2025-10-27 | 6.1 Medium |
| Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | ||||
| CVE-2025-53139 | 1 Microsoft | 11 Windows, Windows 10, Windows 10 21h2 and 8 more | 2025-10-27 | 7.7 High |
| Cleartext transmission of sensitive information in Windows Hello allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2025-59502 | 1 Microsoft | 15 Remote, Windows, Windows 10 and 12 more | 2025-10-27 | 7.5 High |
| Uncontrolled resource consumption in Windows Remote Procedure Call allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2025-55332 | 1 Microsoft | 17 Bitlocker, Server, Windows and 14 more | 2025-10-27 | 6.1 Medium |
| Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | ||||
| CVE-2025-53717 | 1 Microsoft | 6 Windows, Windows 11, Windows 11 22h2 and 3 more | 2025-10-27 | 7 High |
| Reliance on untrusted inputs in a security decision in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-53150 | 1 Microsoft | 15 Windows, Windows 10, Windows 10 1809 and 12 more | 2025-10-27 | 7.8 High |
| Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-53768 | 1 Microsoft | 13 Windows, Windows 10, Windows 10 1507 and 10 more | 2025-10-27 | 7.8 High |
| Use after free in Xbox allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55679 | 1 Microsoft | 15 Windows, Windows 10, Windows 10 1809 and 12 more | 2025-10-27 | 5.1 Medium |
| Improper input validation in Windows Kernel allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2025-55326 | 1 Microsoft | 14 Windows, Windows 10, Windows 10 1809 and 11 more | 2025-10-27 | 7.5 High |
| Use after free in Connected Devices Platform Service (Cdpsvc) allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-55331 | 1 Microsoft | 13 Windows, Windows 10, Windows 10 21h2 and 10 more | 2025-10-27 | 7 High |
| Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59284 | 1 Microsoft | 8 Windows, Windows 11, Windows 11 22h2 and 5 more | 2025-10-27 | 3.3 Low |
| Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing locally. | ||||
| CVE-2025-55328 | 1 Microsoft | 21 Hyper-v, Server, Windows and 18 more | 2025-10-27 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-50175 | 1 Microsoft | 16 Windows, Windows 10, Windows 10 1809 and 13 more | 2025-10-27 | 7.8 High |
| Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55334 | 1 Microsoft | 6 Windows, Windows 11, Windows 11 22h2 and 3 more | 2025-10-27 | 6.2 Medium |
| Cleartext storage of sensitive information in Windows Kernel allows an unauthorized attacker to bypass a security feature locally. | ||||