CVE Daily
← All tags

Tag: Microsoft Windows

All CVEs associated with "Microsoft Windows". Page 13/121 • 14515 CVEs.

Subscribe CVEs: RSS for “Microsoft Windows”  ·  RSS (High+Critical only)

About “Microsoft Windows”

A curated feed of “Microsoft Windows”-related CVEs appears below. We currently track 14515 CVEs for this tag (all time). In the last 365 days, 1681 were published. Average CVSS is 7.3 (all time; 7.2 over 365d), and 66% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-122 - Heap-based Buffer Overflow, CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition').

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2025-08-12
High

CVE-2024-54678

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STE…

CVSS: 8.2 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
Medium

CVE-2025-42943

SAP GUI for Windows may allow the leak of NTML hashes when specific ABAP frontend services are called with UNC paths. For a successful attack, the attacker needs developer authorization in a specific…

CVSS: 4.5 CWE: CWE-250 - Execution with Unnecessary Privileges View on NVD
2025-08-11
High

CVE-2025-25235

Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP re…

CVSS: 8.6 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
2025-08-08
High

CVE-2025-8088

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild…

CVSS: 8.8 CWE: CWE-35 - Path Traversal: '.../...//' View on NVD
2025-08-07
High

CVE-2025-26513

The installer for SAN Host Utilities for Windows versions prior to 8.0 is susceptible to a vulnerability which when successfully exploited could allow a local user to escalate their privileges.

CVSS: 7.0 CWE: CWE-269 - Improper Privilege Management View on NVD
Low

CVE-2025-48709

BMC Control-M/Server 9.0.21.300 displays cleartext database credentials in process lists and logs. An authenticated attacker with shell access could observe these credentials and use them to log in t…

CVSS: 3.8 CWE: CWE-214 - Invocation of Process Using Visible Sensitive Information View on NVD
High

CVE-2025-55077

Tyler Technologies ERP Pro 9 SaaS allows an authenticated user to escape the application and execute limited operating system commands within the remote Microsoft Windows environment with the privile…

CVSS: 7.4 CWE: CWE-250 - Execution with Unnecessary Privileges View on NVD
2025-08-06
Medium

CVE-2025-50234

MCCMS v2.7.0 has an SSRF vulnerability located in the index() method of the sys\apps\controllers\api\Gf.php file, where the pic parameter is processed. The pic parameter is decrypted using the sys_au…

CVSS: 6.5 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
Medium

CVE-2025-23335

NVIDIA Triton Inference Server for Windows and Linux and the Tensor RT backend contain a vulnerability where an attacker could cause an underflow by a specific model configuration and a specific inpu…

CVSS: 4.4 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
Medium

CVE-2025-23334

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds read by sending a request. A successful exploit of…

CVSS: 5.9 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2025-23333

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds read by manipulating shared memory data. A successf…

CVSS: 5.9 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2025-23331

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause a memory allocation with excessive size value, leading to a segmentation fault, by providing an…

CVSS: 7.5 CWE: CWE-789 - Memory Allocation with Excessive Size Value View on NVD
High

CVE-2025-23327

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an integer overflow through specially crafted inputs. A successful exploit of this vulnerab…

CVSS: 7.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2025-23326

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an integer overflow through a specially crafted input. A successful exploit of this vulnera…

CVSS: 7.5 CWE: CWE-680 - Integer Overflow to Buffer Overflow View on NVD
High

CVE-2025-23325

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause uncontrolled recursion through a specially crafted input. A successful exploit of this vuln…

CVSS: 7.5 CWE: CWE-674 - Uncontrolled Recursion View on NVD
High

CVE-2025-23324

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause an integer overflow or wraparound, leading to a segmentation fault, by providing an invalid req…

CVSS: 7.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2025-23323

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause an integer overflow or wraparound, leading to a segmentation fault, by providing an invalid requ…

CVSS: 7.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2025-23322

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where multiple requests could cause a double free when a stream is cancelled before it is processed. A successful exploit…

CVSS: 7.5 CWE: CWE-415 - Double Free View on NVD
High

CVE-2025-23321

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause a divide by zero issue by issuing an invalid request. A successful exploit of this vulnerability…

CVSS: 7.5 CWE: CWE-369 - Divide By Zero View on NVD
High

CVE-2025-23320

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause the shared memory limit to be exceeded by sending a very large reque…

CVSS: 7.5 CWE: CWE-209 - Generation of Error Message Containing Sensitive Information View on NVD
High

CVE-2025-23319

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write by sending a request. A successful exploit of…

CVSS: 8.1 CWE: CWE-805 - Buffer Access with Incorrect Length Value View on NVD
High

CVE-2025-23318

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability m…

CVSS: 8.1 CWE: CWE-805 - Buffer Access with Incorrect Length Value View on NVD
Critical

CVE-2025-23310

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause stack buffer overflow by specially crafted inputs. A successful exploit of this vulnerabili…

CVSS: 9.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2025-7771

ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. This insecure implementation can be ex…

CVSS: 8.7 CWE: CWE-782 - Exposed IOCTL with Insufficient Access Control View on NVD
Medium

CVE-2025-7376

Windows Shortcut Following (.LNK) vulnerability in multiple processes of Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsub…

CVSS: 5.9 CWE: CWE-64 - Windows Shortcut Following (.LNK) View on NVD
2025-08-05
Critical

CVE-2012-10030

FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbitrary files to sensitive system directories. The server accepts empty credential…

CVSS: 9.8 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
Medium

CVE-2025-51060

An issue was discovered in CPUID cpuz.sys 1.0.5.4. An attacker can use DeviceIoControl with the unvalidated parameters 0x9C402440 and 0x9C402444 as IoControlCodes to perform RDMSR and WRMSR, respecti…

CVSS: 6.5 CWE: CWE-284 - Improper Access Control View on NVD
2025-08-04
High

CVE-2025-51726

CyberGhostVPNSetup.exe (Windows installer) is signed using the weak cryptographic hash algorithm SHA-1, which is vulnerable to collision attacks. This allows a malicious actor to craft a fake install…

CVSS: 8.4 CWE: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm View on NVD
2025-08-02
Low

CVE-2025-23288

NVIDIA GPU Display Driver for Windows contains a vulnerability  where an attacker may cause an exposure of sensitive system information with local unprivileged system access. A successful exploit of…

CVSS: 3.3 CWE: CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere View on NVD
Low

CVE-2025-23287

NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may access sensitive system-level information. A successful exploit of this vulnerability may lead to Information disc…

CVSS: 3.3 CWE: CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere View on NVD
Medium

CVE-2025-23286

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where an attacker could read invalid memory. A successful exploit of this vulnerability might lead to information disclosure.

CVSS: 4.4 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2025-23281

NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker with local unprivileged access that can win a race condition might be able to trigger a use-after-free error. A succes…

CVSS: 7.0 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-23278

NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker might cause an improper index validation by issuing a call with crafted parameters. A successful exploit of this…

CVSS: 7.1 CWE: CWE-129 - Improper Validation of Array Index View on NVD
High

CVE-2025-23277

NVIDIA Display Driver for Linux and Windows contains a vulnerability in the kernel mode driver, where an attacker could access memory outside bounds permitted under normal use cases. A successful exp…

CVSS: 7.3 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2025-23276

NVIDIA Installer for Windows contains a vulnerability where an attacker may be able to escalate privileges. A successful exploit of this vulnerability may lead to escalation of privileges, denial of…

CVSS: 7.8 CWE: CWE-552 - Files or Directories Accessible to External Parties View on NVD
2025-08-01
Critical

CVE-2013-10047

An unrestricted file upload vulnerability exists in MiniWeb HTTP Server <= Build 300 that allows unauthenticated remote attackers to upload arbitrary files to the server’s filesystem. By abusing the…

CVSS: 9.3 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
2025-07-31
Medium

CVE-2025-23289

NVIDIA Omniverse Launcher for Windows and Linux contains a vulnerability in the launcher logs, where a user could cause sensitive information to be written to the log files through proxy servers. A s…

CVSS: 5.5 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
High

CVE-2013-10035

A code injection vulnerability exists in ProcessMaker Open Source versions 2.x when using the default 'neoclassic' skin. An authenticated user can execute arbitrary PHP code via multiple endpoints, i…

CVSS: 8.7 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Medium

CVE-2025-8151

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.9.1 via the 'save_block_css' function. This makes it possible…

CVSS: 4.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2025-07-29
Medium

CVE-2025-36071

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions…

CVSS: 6.5 CWE: CWE-772 - Missing Release of Resource after Effective Lifetime View on NVD
Medium

CVE-2024-52894

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of se…

CVSS: 4.9 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
Medium

CVE-2024-51473

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of…

CVSS: 6.5 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
Medium

CVE-2024-49828

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of se…

CVSS: 6.5 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
Medium

CVE-2025-2179

An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on Linux devices enables a locally authenticated non administrative user to disable the app even if the Gl…

CVSS: 6.8 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
Medium

CVE-2025-54422

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.1 and below, a critical security vulnerability exists in password handling m…

CVSS: 5.5 CWE: CWE-312 - Cleartext Storage of Sensitive Information View on NVD
2025-07-28
Medium

CVE-2025-7676

DLL hijacking of all PE32 executables when run on Windows for ARM64 CPU architecture. This allows an attacker to execute code, if the attacker can plant a DLL in the same directory as the executable.…

CVSS: 5.4 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2025-54531

In JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on Windows

CVSS: 7.7 CWE: CWE-23 - Relative Path Traversal View on NVD
Medium

CVE-2025-54569

In Malwarebytes Binisoft Windows Firewall Control before 6.16.0.0, the installer is vulnerable to local privilege escalation.

CVSS: 4.5 CWE: CWE-863 - Incorrect Authorization View on NVD
High

CVE-2025-4056

A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to spawn a program using long command lines.

CVSS: 7.5 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2025-07-27
Medium

CVE-2025-6241

LsiAgent.exe, a component of SysTrack from Lakeside Software, attempts to load several DLL files which are not present in the default installation. If a user-writable directory is present in the SYST…

CVSS: 4.4 CWE: N/A View on NVD
2025-07-25
Medium

CVE-2025-52455

Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (EPS Server modules) allows Resource Location Spoofing. This issue affects Tableau Server: before 2025.…

CVSS: 5.3 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
High

CVE-2025-52454

Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Amazon S3 Connector modules) allows Resource Location Spoofing. This issue affects Tableau Server: bef…

CVSS: 8.2 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
High

CVE-2025-52453

Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Flow Data Source modules) allows Resource Location Spoofing. This issue affects Tableau Server: before…

CVSS: 8.2 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
High

CVE-2025-52452

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salesforce Tableau Server on Windows, Linux (tabdoc api - duplicate-data-source modules) allows Absolut…

CVSS: 8.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2025-52449

Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (Extensible Protocol Service modules) allows Alternative Execution Due to Deceptive Filena…

CVSS: 8.5 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
High

CVE-2025-52448

Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (validate-initial-sql api modules) allows Interface Manipulation (data access to the prod…

CVSS: 8.1 CWE: CWE-639 - Authorization Bypass Through User-Controlled Key View on NVD
High

CVE-2025-52447

Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (set-initial-sql tabdoc command modules) allows Interface Manipulation (data access to th…

CVSS: 8.1 CWE: CWE-639 - Authorization Bypass Through User-Controlled Key View on NVD
High

CVE-2025-52446

Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (tab-doc api modules) allows Interface Manipulation (data access to the production databa…

CVSS: 8.0 CWE: CWE-639 - Authorization Bypass Through User-Controlled Key View on NVD
High

CVE-2024-13976

A DLL injection vulnerability exists in Commvault for Windows 11.20.0, 11.28.0, 11.32.0, 11.34.0, and 11.36.0. During the installation of maintenance updates, an attacker with local access may exploi…

CVSS: 8.5 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2024-13975

A local privilege escalation vulnerability exists in Commvault for Windows versions 11.20.0, 11.28.0, 11.32.0, 11.34.0, and 11.36.0. In affected configurations, a local attacker who owns a client sys…

CVSS: 8.5 CWE: CWE-269 - Improper Privilege Management View on NVD
2025-07-24
Medium

CVE-2025-40680

Lack of sensitive data encryption in CapillaryScope v2.5.0 of Capillary io, which stores both the proxy credentials and the JWT session token in plain text within different registry keys on the Windo…

CVSS: 6.9 CWE: CWE-311 - Missing Encryption of Sensitive Data View on NVD
2025-07-23
High

CVE-2025-8069

During the AWS Client VPN client installation on Windows devices, the install process references the C:\usr\local\windows-x86_64-openssl-localbuild\ssl directory location to fetch the OpenSSL configu…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2010-10012

A path traversal vulnerability exists in httpdasm version 0.92, a lightweight Windows HTTP server, that allows unauthenticated attackers to read arbitrary files on the host system. By sending a speci…

CVSS: 8.7 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2024-12310

A vulnerability in Imprivata Enterprise Access Management (formerly Imprivata OneSign) allows bypassing the login screen of the shared kiosk workstation and allows unauthorized access to the underlyi…

CVSS: 7.0 CWE: CWE-287 - Improper Authentication View on NVD
Critical

CVE-2025-8070

The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value vulnerability. This allows a local attacker to execute arbitrary code by placing a malicious executable…

CVSS: 9.2 CWE: CWE-428 - Unquoted Search Path or Element View on NVD
2025-07-22
High

CVE-2025-54072

yt-dlp is a feature-rich command-line audio/video downloader. In versions 2025.06.25 and below, when the --exec option is used on Windows with the default placeholder (or {}), insufficient sanitizati…

CVSS: 7.5 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2025-07-19
High

CVE-2025-54313

eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-g…

CVSS: 7.5 CWE: CWE-506 - Embedded Malicious Code View on NVD
2025-07-18
High

CVE-2025-27210

An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX. This vulnerability affects Windows users of `path.join` AP…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2025-07-17
High

CVE-2025-7433

A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2025.1 and older allows arbitrary code execution.

CVSS: 8.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2025-7472

A local privilege escalation vulnerability in the Intercept X for Windows installer prior version 1.22 can lead to a local user gaining system level privileges, if the installer is run as SYSTEM.

CVSS: 7.5 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2024-13972

A vulnerability related to registry permissions in the Intercept X for Windows updater prior to Core Agent version 2024.3.2 can lead to a local user gaining SYSTEM level privileges during a product u…

CVSS: 8.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2025-07-16
High

CVE-2025-34126

A path traversal vulnerability exists in RIPS Scanner version 0.54. The vulnerability allows remote attackers to read arbitrary files on the system with the privileges of the web server by sending cr…

CVSS: 8.7 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2025-07-15
Critical

CVE-2025-34110

A directory traversal vulnerability exists in ColoradoFTP Server ≤ 1.3 Build 8 for Windows, allowing unauthenticated attackers to read or write arbitrary files outside the configured FTP root directo…

CVSS: 9.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2025-34106

A buffer overflow vulnerability exists in PDF Shaper versions 3.5 and 3.6 when converting a crafted PDF file to an image using the 'Convert PDF to Image' functionality. An attacker can exploit this v…

CVSS: 8.4 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2025-34105

A stack-based buffer overflow vulnerability exists in the built-in web interface of DiskBoss Enterprise versions 7.4.28, 7.5.12, and 8.2.14. The vulnerability arises from improper bounds checking on…

CVSS: 10.0 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2025-7672

The improper default setting in JiranSoft CrossEditor4 on Windows, Linux, Unix (API modules) potentaily allows Stored XSS. This issue affects CrossEditor4: from 4.0.0.01 before 4.6.0.23.

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2025-07-14
High

CVE-2025-27582

The Secure Password extension in One Identity Password Manager before 5.14.4 allows local privilege escalation. The issue arises from a flawed security hardening mechanism within the kiosk browser us…

CVSS: 7.6 CWE: CWE-829 - Inclusion of Functionality from Untrusted Control Sphere View on NVD
High

CVE-2025-7619

BatchSignCS, a background Windows application developed by WellChoose, has an Arbitrary File Write vulnerability. If a user visits a malicious website while the application is running, remote attacke…

CVSS: 8.8 CWE: CWE-23 - Relative Path Traversal View on NVD
2025-07-11
Medium

CVE-2025-5028

Installation file of ESET security products on Windows allow an attacker to misuse to delete an arbitrary file without having the permissions to do so.

CVSS: 6.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2025-07-10
Critical

CVE-2025-34101

An unauthenticated command injection vulnerability exists in Serviio Media Server versions 1.4 through 1.8 on Windows, in the /rest/action API endpoint exposed by the console component (default port…

CVSS: 9.3 CWE: CWE-20 - Improper Input Validation View on NVD
Critical

CVE-2025-34095

An OS command injection vulnerability exists in Mako Server versions 2.5 and 2.6, specifically within the tutorial interface provided by the examples/save.lsp endpoint. An unauthenticated attacker ca…

CVSS: 9.3 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
Medium

CVE-2025-49464

Classic buffer overflow in certain Zoom Clients for Windows may allow an authorised user to conduct a denial of service via network access.

CVSS: 6.5 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
High

CVE-2024-43394

Server-Side Request Forgery (SSRF) in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via  mod_rewrite or apache expressions that pass unvalidated request i…

CVSS: 7.5 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
Medium

CVE-2025-46789

Classic buffer overflow in certain Zoom Clients for Windows may allow an authorized user to conduct a denial of service via network access.

CVSS: 6.5 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
High

CVE-2025-46334

Git GUI allows you to use the Git source control management tools via a GUI. A malicious repository can ship versions of sh.exe or typical textconv filter programs such as astextplain. Due to the unf…

CVSS: 8.6 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2025-07-09
High

CVE-2025-0141

An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on enables a locally authenticated non administrative user to escalate their privileges to root on macOS a…

CVSS: 8.4 CWE: CWE-426 - Untrusted Search Path View on NVD
Medium

CVE-2025-0140

An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app even if the Gl…

CVSS: 6.8 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
2025-07-08
High

CVE-2025-6759

Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Windows Virtual Delivery Agent for CVAD and Citrix DaaS

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
Low

CVE-2025-49760

External control of file name or path in Windows Storage allows an authorized attacker to perform spoofing over a network.

CVSS: 3.5 CWE: CWE-73 - External Control of File Name or Path View on NVD
High

CVE-2025-49753

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2025-49740

Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network.

CVSS: 8.8 CWE: CWE-693 - Protection Mechanism Failure View on NVD
High

CVE-2025-49735

Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network.

CVSS: 8.1 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-49733

Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-49730

Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2025-49729

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2025-49727

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

CVSS: 7.0 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2025-49726

Use after free in Windows Notification allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-49725

Use after free in Windows Notification allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-49724

Use after free in Windows Connected Devices Platform Service allows an unauthorized attacker to execute code over a network.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-49723

Missing authorization in Windows StateRepository API allows an authorized attacker to perform tampering locally.

CVSS: 8.8 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-49722

Uncontrolled resource consumption in Windows Print Spooler Components allows an authorized attacker to deny service over an adjacent network.

CVSS: 5.7 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2025-49721

Heap-based buffer overflow in Windows Fast FAT Driver allows an unauthorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2025-49716

Uncontrolled resource consumption in Windows Netlogon allows an unauthorized attacker to deny service over a network.

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2025-49691

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over an adjacent network.

CVSS: 8.0 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2025-49688

Double free in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

CVSS: 8.8 CWE: CWE-415 - Double Free View on NVD
High

CVE-2025-49686

Null pointer dereference in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2025-49685

Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally.

CVSS: 7.0 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-49682

Use after free in Windows Media allows an authorized attacker to elevate privileges locally.

CVSS: 7.3 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2025-49681

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2025-49680

Improper link resolution before file access ('link following') in Windows Performance Recorder allows an authorized attacker to deny service locally.

CVSS: 7.3 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2025-49679

Numeric truncation error in Windows Shell allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-197 - Numeric Truncation Error View on NVD
High

CVE-2025-49678

Null pointer dereference in Windows NTFS allows an authorized attacker to elevate privileges locally.

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2025-49676

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2025-49674

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2025-49673

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2025-49672

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Medium

CVE-2025-49671

Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2025-49670

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

CVSS: 6.5 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2025-49669

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2025-49668

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD