High
CVE-2025-49667
Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
Tag: Microsoft Windows
All CVEs associated with "Microsoft Windows". Page 14/121 • 14515 CVEs.
Subscribe CVEs: RSS for “Microsoft Windows” · RSS (High+Critical only)
About “Microsoft Windows”
A curated feed of “Microsoft Windows”-related CVEs appears below. We currently track 14515 CVEs for this tag (all time). In the last 365 days, 1681 were published. Average CVSS is 7.3 (all time; 7.2 over 365d), and 66% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-122 - Heap-based Buffer Overflow, CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition').
In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-07-08
High
CVE-2025-49666
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to execute code over a network.
Medium
CVE-2025-49664
Exposure of sensitive information to an unauthorized actor in Windows User-Mode Driver Framework Host allows an authorized attacker to disclose information locally.
High
CVE-2025-49663
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
High
CVE-2025-49661
Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
High
CVE-2025-49660
Use after free in Windows Event Tracing allows an authorized attacker to elevate privileges locally.
High
CVE-2025-49659
Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.
Medium
CVE-2025-49658
Out-of-bounds read in Windows TDX.sys allows an authorized attacker to disclose information locally.
High
CVE-2025-49657
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
High
CVE-2025-48824
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Medium
CVE-2025-48823
Cryptographic issues in Windows Cryptographic Services allows an unauthorized attacker to disclose information over a network.
High
CVE-2025-48822
Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
High
CVE-2025-48821
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.
High
CVE-2025-48820
Improper link resolution before file access ('link following') in Windows AppX Deployment Service allows an authorized attacker to elevate privileges locally.
High
CVE-2025-48819
Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.
Medium
CVE-2025-48818
Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
High
CVE-2025-48815
Access of resource using incompatible type ('type confusion') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
High
CVE-2025-48814
Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an unauthorized attacker to bypass a security feature over a network.
Medium
CVE-2025-48811
Missing support for integrity check in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
Medium
CVE-2025-48810
Processor optimization removal or modification of security-critical code in Windows Secure Kernel Mode allows an authorized attacker to disclose information locally.
Medium
CVE-2025-48809
Processor optimization removal or modification of security-critical code in Windows Kernel allows an authorized attacker to disclose information locally.
Medium
CVE-2025-48808
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.
Medium
CVE-2025-48804
Acceptance of extraneous untrusted data with trusted data in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
Medium
CVE-2025-48803
Missing support for integrity check in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
Medium
CVE-2025-48802
Improper certificate validation in Windows SMB allows an authorized attacker to perform spoofing over a network.
Medium
CVE-2025-48800
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
High
CVE-2025-48799
Improper link resolution before file access ('link following') in Windows Update Service allows an authorized attacker to elevate privileges locally.
Medium
CVE-2025-48003
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
Medium
CVE-2025-48002
Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to disclose information over an adjacent network.
Medium
CVE-2025-48001
Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
High
CVE-2025-48000
Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.
Medium
CVE-2025-47999
Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.
High
CVE-2025-47998
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
High
CVE-2025-47996
Integer underflow (wrap or wraparound) in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.
High
CVE-2025-47987
Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally.
High
CVE-2025-47985
Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate privileges locally.
High
CVE-2025-47984
Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.
High
CVE-2025-47982
Improper input validation in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.
Critical
CVE-2025-47981
Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.
Medium
CVE-2025-47980
Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an unauthorized attacker to disclose information locally.
Medium
CVE-2025-47978
Out-of-bounds read in Windows Kerberos allows an authorized attacker to deny service over a network.
High
CVE-2025-47976
Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
High
CVE-2025-47975
Double free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
High
CVE-2025-47159
Protection mechanism failure in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
Medium
CVE-2025-26636
Processor optimization removal or modification of security-critical code in Windows Kernel allows an authorized attacker to disclose information locally.
Medium
CVE-2025-42979
The GuiXT application, which is integrated with SAP GUI for Windows, uses obfuscation algorithms instead of secure symmetric ciphers for storing the credentials of an RFC user on the client PC. This…
2025-07-05
Medium
CVE-2023-50786
Dradis through 4.16.0 allows referencing external images (resources) over HTTPS, instead of forcing the use of embedded (uploaded) images. This can be leveraged by an authorized author to attempt to…
2025-07-03
Medium
CVE-2025-43713
ASNA Assist and ASNA Registrar before 2025-03-31 allow deserialization attacks against .NET remoting. These are Windows system services that support license key management and deprecated Windows netw…
High
CVE-2025-27461
During startup, the device automatically logs in the EPC2 Windows user without requesting a password.
High
CVE-2025-27460
The hard drives of the device are not encrypted using a full volume encryption feature such as BitLocker. This allows an attacker with physical access to the device to use an alternative operating sy…
2025-07-02
High
CVE-2025-36630
In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege.
2025-07-01
High
CVE-2024-46992
Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 30.0.0-alpha.1 to before 30.0.5 and 31.0.0-alpha.1 to before 31.0.0-…
2025-06-26
Critical
CVE-2024-52928
Arc before 1.26.1 on Windows has a bypass issue in the site settings that allows websites (with previously granted permissions) to add new permissions when the user clicks anywhere on the website.
2025-06-25
High
CVE-2025-49797
Multiple Brother driver installers for Windows contain a privilege escalation vulnerability. If exploited, an arbitrary program may be executed with the administrative privilege. As for the details o…
High
CVE-2025-41255
Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates (e.g., self-signed), unnecessarily installing it to the Windows Certificate Store of the current user…
2025-06-24
Medium
CVE-2025-6557
Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code…
High
CVE-2025-36537
Incorrect Permission Assignment for Critical Resource in the TeamViewer Client (Full and Host) of TeamViewer Remote and Tensor prior Version 15.67 on Windows allows a local unprivileged user to trigg…
2025-06-23
Critical
CVE-2025-6513
Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it.
2025-06-18
Medium
CVE-2025-6240
Improper Input Validation vulnerability in Profisee on Windows (filesystem modules) allows Path Traversal after authentication to the Profisee system.This issue affects Profisee: from 2020R1 before 2…
Medium
CVE-2022-49976
In the Linux kernel, the following vulnerability has been resolved: platform/x86: x86-android-tablets: Fix broken touchscreen on Chuwi Hi8 with Windows BIOS The x86-android-tablets handling for the…
Medium
CVE-2022-49963
In the Linux kernel, the following vulnerability has been resolved: drm/i915/ttm: fix CCS handling Crucible + recent Mesa seems to sometimes hit: GEM_BUG_ON(num_ccs_blks > NUM_CCS_BLKS_PER_XFER)…
2025-06-17
High
CVE-2025-4879
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
High
CVE-2025-0320
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Secure Access Client for Windows
2025-06-16
High
CVE-2025-49124
Untrusted Search Path vulnerability in Apache Tomcat installer for Windows. During installation, the Tomcat installer for Windows used icacls.exe without specifying a full path. This issue affects A…
High
CVE-2025-36632
In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could execute code with SYSTEM privilege.
2025-06-13
High
CVE-2025-36633
In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could arbitrarily delete local system files with SYSTEM privilege, potentially leading to loca…
High
CVE-2025-36631
In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege.
High
CVE-2025-5491
Acer ControlCenter contains Remote Code Execution vulnerability. The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconf…
2025-06-12
High
CVE-2025-4613
Path traversal in Google Web Designer's template handling versions prior to 16.3.0.0407 on Windows allows attacker to achieve remote code execution by tricking users into downloading a malicious ad t…
2025-06-11
Medium
CVE-2025-0913
os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follo…
Medium
CVE-2025-26383
The iSTAR Configuration Utility (ICU) tool leaks memory, which could result in the unintended exposure of unauthorized data from the Windows PC that ICU is running on.
High
CVE-2025-49148
ClipShare is a lightweight and cross-platform tool for clipboard sharing. Prior to 3.8.5, ClipShare Server for Windows uses the default Windows DLL search order and loads system libraries like CRYPTB…
Medium
CVE-2025-5986
A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. Thi…
Critical
CVE-2024-1244
Improper input validation in the OSSEC HIDS agent for Windows prior to version 3.8.0 allows an attacker in with control over the OSSEC server or in possession of the agent's key to configure the agen…
High
CVE-2024-1243
Improper input validation in the Wazuh agent for Windows prior to version 4.8.0 allows an attacker with control over the Wazuh server or agent key to configure the agent to connect to a malicious UNC…
2025-06-10
Medium
CVE-2025-47969
Exposure of sensitive information to an unauthorized actor in Windows Hello allows an authorized attacker to disclose information locally.
High
CVE-2025-47962
Improper access control in Windows SDK allows an authorized attacker to elevate privileges locally.
Medium
CVE-2025-47956
External control of file name or path in Windows Security App allows an authorized attacker to perform spoofing locally.
High
CVE-2025-47955
Improper privilege management in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
Medium
CVE-2025-47160
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
High
CVE-2025-33075
Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally.
High
CVE-2025-33073
Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.
High
CVE-2025-33071
Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network.
High
CVE-2025-33070
Use of uninitialized resource in Windows Netlogon allows an unauthorized attacker to elevate privileges over a network.
High
CVE-2025-33068
Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
High
CVE-2025-33067
Improper privilege management in Windows Kernel allows an unauthorized attacker to elevate privileges locally.
High
CVE-2025-33066
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Medium
CVE-2025-33065
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
High
CVE-2025-33064
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
Medium
CVE-2025-33063
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Medium
CVE-2025-33062
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Medium
CVE-2025-33061
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Medium
CVE-2025-33060
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Medium
CVE-2025-33059
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Medium
CVE-2025-33058
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Medium
CVE-2025-33057
Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network.
Medium
CVE-2025-33055
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Medium
CVE-2025-33052
Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose information locally.
High
CVE-2025-33050
Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network.
High
CVE-2025-32725
Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network.
High
CVE-2025-32724
Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.
Medium
CVE-2025-32722
Improper access control in Windows Storage Port Driver allows an authorized attacker to disclose information locally.
High
CVE-2025-32721
Improper link resolution before file access ('link following') in Windows Recovery Driver allows an authorized attacker to elevate privileges locally.
Medium
CVE-2025-32720
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Medium
CVE-2025-32719
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
High
CVE-2025-32718
Integer overflow or wraparound in Windows SMB allows an authorized attacker to elevate privileges locally.
High
CVE-2025-32716
Out-of-bounds read in Windows Media allows an authorized attacker to elevate privileges locally.
High
CVE-2025-32714
Improper access control in Windows Installer allows an authorized attacker to elevate privileges locally.
High
CVE-2025-32713
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
High
CVE-2025-32712
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
High
CVE-2025-32710
Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
High
CVE-2025-29828
Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network.
Medium
CVE-2025-24069
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Medium
CVE-2025-24068
Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Medium
CVE-2025-24065
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
2025-06-04
Medium
CVE-2025-20259
Multiple vulnerabilities in the update process of Cisco ThousandEyes Endpoint Agent for Windows could allow an authenticated, local attacker to delete arbitrary files on an affected device. These…
Medium
CVE-2025-48962
Sensitive information disclosure due to SSRF. The following products are affected: Acronis Cyber Protect 16 (Windows, Linux) before build 39938.
High
CVE-2025-48961
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39938.
Medium
CVE-2025-48960
Weak server key used for TLS encryption. The following products are affected: Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39938.
Medium
CVE-2025-48959
Local privilege escalation due to insecure file permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 40077.