Total
176 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-24990 | 2025-10-15 | 7.8 High | ||
| Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update. Fax modem hardware dependent on this specific driver will no longer work on Windows. Microsoft recommends removing any existing dependencies on this hardware. | ||||
| CVE-2025-59187 | 2025-10-14 | 7.8 High | ||
| Improper input validation in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55696 | 2025-10-14 | 7.8 High | ||
| Time-of-check time-of-use (toctou) race condition in NtQueryInformation Token function (ntifs.h) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59207 | 2025-10-14 | 7.8 High | ||
| Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55681 | 2025-10-14 | 7 High | ||
| Out-of-bounds read in Windows DWM allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55677 | 2025-10-14 | 7.8 High | ||
| Untrusted pointer dereference in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2024-38104 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-10-14 | 8.8 High |
| Windows Fax Service Remote Code Execution Vulnerability | ||||
| CVE-2024-37969 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-10-14 | 8 High |
| Secure Boot Security Feature Bypass Vulnerability | ||||
| CVE-2025-27048 | 1 Qualcomm | 1 Snapdragon | 2025-10-10 | 7.8 High |
| Memory corruption while processing camera platform driver IOCTL calls. | ||||
| CVE-2025-27060 | 1 Qualcomm | 1 Snapdragon | 2025-10-10 | 8.8 High |
| Memory corruption while performing SCM call with malformed inputs. | ||||
| CVE-2025-47338 | 1 Qualcomm | 1 Snapdragon | 2025-10-10 | 7.8 High |
| Memory corruption while processing escape commands from userspace. | ||||
| CVE-2023-36033 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-10-09 | 7.8 High |
| Windows DWM Core Library Elevation of Privilege Vulnerability | ||||
| CVE-2023-36045 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-10-08 | 7.8 High |
| Microsoft Office Graphics Remote Code Execution Vulnerability | ||||
| CVE-2025-53801 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2025-10-02 | 7.8 High |
| Untrusted pointer dereference in Windows DWM allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54114 | 1 Microsoft | 10 Windows 10 1607, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-10-02 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to deny service locally. | ||||
| CVE-2025-1255 | 1 Rti | 1 Connext Professional | 2025-10-02 | 9.1 Critical |
| Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.2.0 before 7.3.0.9. | ||||
| CVE-2025-4993 | 1 Rti | 1 Connext Professional | 2025-10-01 | 9.1 Critical |
| Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.10, from 6.1.0 before 6.1.2.27, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*. | ||||
| CVE-2025-55230 | 1 Microsoft | 20 Windows, Windows 10, Windows 10 1507 and 17 more | 2025-09-30 | 7.8 High |
| Untrusted pointer dereference in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54905 | 1 Microsoft | 6 365 Apps, Office, Office Long Term Servicing Channel and 3 more | 2025-09-25 | 7.1 High |
| Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2021-47434 | 1 Linux | 1 Linux Kernel | 2025-09-25 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: xhci: Fix command ring pointer corruption while aborting a command The command ring pointer is located at [6:63] bits of the command ring control register (CRCR). All the control bits like command stop, abort are located at [0:3] bits. While aborting a command, we read the CRCR and set the abort bit and write to the CRCR. The read will always give command ring pointer as all zeros. So we essentially write only the control bits. Since we split the 64 bit write into two 32 bit writes, there is a possibility of xHC command ring stopped before the upper dword (all zeros) is written. If that happens, xHC updates the upper dword of its internal command ring pointer with all zeros. Next time, when the command ring is restarted, we see xHC memory access failures. Fix this issue by only writing to the lower dword of CRCR where all control bits are located. | ||||