CVE Daily
← All tags

Tag: Microsoft Windows

All CVEs associated with "Microsoft Windows". Page 15/121 • 14515 CVEs.

Subscribe CVEs: RSS for “Microsoft Windows”  ·  RSS (High+Critical only)

About “Microsoft Windows”

A curated feed of “Microsoft Windows”-related CVEs appears below. We currently track 14515 CVEs for this tag (all time). In the last 365 days, 1681 were published. Average CVSS is 7.3 (all time; 7.2 over 365d), and 66% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-122 - Heap-based Buffer Overflow, CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition').

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2025-06-04
High

CVE-2025-30415

Denial of service due to improper handling of malformed input. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40077, Acronis Cyber Protect…

CVSS: 7.5 CWE: CWE-1286 - Improper Validation of Syntactic Correctness of Input View on NVD
2025-06-03
High

CVE-2025-30167

Jupyter Core is a package for the core common functionality of Jupyter projects. When using Jupyter Core prior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched for config…

CVSS: 7.3 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2025-46355

Incorrect default permissions issue in PC Time Tracer prior to 5.2. If exploited, arbitrary code may be executed with SYSTEM privilege on Windows system where the product is running by a local authen…

CVSS: 7.3 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2025-06-02
High

CVE-2025-20298

In Universal Forwarder for Windows versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Univ…

CVSS: 8.0 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2025-05-29
Medium

CVE-2025-3050

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when using Q replicati…

CVSS: 5.3 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2025-2518

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditio…

CVSS: 5.3 CWE: CWE-789 - Memory Allocation with Excessive Size Value View on NVD
Medium

CVE-2024-49350

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash…

CVSS: 6.5 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2025-5334

Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows an authenticated user to gain unauthorized access to privat…

CVSS: 7.5 CWE: CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor View on NVD
2025-05-28
Low

CVE-2025-24473

A exposure of sensitive system information to an unauthorized control sphere vulnerability in Fortinet FortiClientWindows 7.2.0 through 7.2.1, FortiClientWindows 7.0.13 through 7.0.14 may allow an un…

CVSS: 3.7 CWE: CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere View on NVD
2025-05-27
Medium

CVE-2025-5265

Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user'…

CVSS: 4.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
2025-05-23
High

CVE-2025-24917

In Tenable Network Monitor versions prior to 6.5.1 on a Windows host, it was found that a non-administrative user could stage files in a local directory to run arbitrary code with SYSTEM privileges,…

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2025-24916

When installing Tenable Network Monitor to a non-default location on a Windows host, Tenable Network Monitor versions prior to 6.5.1 did not enforce secure permissions for sub-directories. This could…

CVSS: 7.0 CWE: CWE-284 - Improper Access Control View on NVD
2025-05-22
High

CVE-2024-13948

Windows permissions for ASPECT configuration toolsets are not fully secured allow-ing exposure of configuration informationThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*…

CVSS: 7.3 CWE: CWE-276 - Incorrect Default Permissions View on NVD
Medium

CVE-2025-46716

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, Api_SetSecureParam fails to sanitize…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2025-46715

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, Api_GetSecureParam fails to sanitize…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2025-46714

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to 1.15.12, API_GET_SECURE_PARAM has an arithmetic overfl…

CVSS: 7.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
High

CVE-2025-46713

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 0.0.1 and prior to 1.15.12, API_SET_SECURE_PARAM may have an arithmetic o…

CVSS: 7.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2025-3943

Use of GET Request Method With Sensitive Query Strings vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Parameter I…

CVSS: 4.1 CWE: CWE-598 - Use of HTTP Request With Sensitive Query String View on NVD
Medium

CVE-2025-3942

Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. T…

CVSS: 4.3 CWE: CWE-117 - Improper Output Neutralization for Logs View on NVD
Medium

CVE-2025-3941

Improper Handling of Windows ::DATA Alternate Data Stream vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Input Data Manipulation. This is…

CVSS: 5.4 CWE: CWE-69 - Improper Handling of Windows ::DATA Alternate Data Stream View on NVD
Medium

CVE-2025-3940

Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This…

CVSS: 5.3 CWE: CWE-1173 - Improper Use of Validation Framework View on NVD
Medium

CVE-2025-3939

Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects…

CVSS: 5.3 CWE: CWE-204 - Observable Response Discrepancy View on NVD
Medium

CVE-2025-3938

Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niaga…

CVSS: 6.8 CWE: CWE-325 - Missing Cryptographic Step View on NVD
High

CVE-2025-3937

Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Crypta…

CVSS: 7.7 CWE: CWE-916 - Use of Password Hash With Insufficient Computational Effort View on NVD
Medium

CVE-2025-3936

Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Exploiting Incorrectly Configured Ac…

CVSS: 6.5 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2025-05-21
Low

CVE-2025-48064

GitHub Desktop is an open-source, Electron-based GitHub app designed for git development. Prior to version 3.4.20-beta3, an attacker convincing a user to view a file in a commit of their making in th…

CVSS: 3.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2025-2102

Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue affects HYPR Passwordless: before 10.1.

CVSS: 5.7 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2025-0372

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue affects HYPR Passwordl…

CVSS: 5.9 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
2025-05-19
Medium

CVE-2025-3223

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in GE Vernova WorkstationST on Windows (EGD Configuration Server modules) allows Path Traversal.This issue…

CVSS: 5.9 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2025-05-16
High

CVE-2025-4211

Improper Link Resolution Before File Access ('Link Following') vulnerability in QFileSystemEngine in the Qt corelib module on Windows which potentially allows Symlink Attacks and the use of Malicious…

CVSS: 7.3 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2025-47809

Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with…

CVSS: 8.2 CWE: CWE-272 - Least Privilege Violation View on NVD
2025-05-15
Medium

CVE-2025-43853

The WebAssembly Micro Runtime's (WAMR) iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface (WASI) and command line interface. Anyone running WAMR…

CVSS: 5.5 CWE: CWE-61 - UNIX Symbolic Link (Symlink) Following View on NVD
Low

CVE-2025-27525

Information Exposure vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before 12…

CVSS: 3.9 CWE: CWE-525 - Use of Web Browser Cache Containing Sensitive Information View on NVD
Medium

CVE-2025-27524

Weak encryption vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before 12-00-0…

CVSS: 5.3 CWE: CWE-326 - Inadequate Encryption Strength View on NVD
High

CVE-2025-27523

XXE vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before 12-00-08, from 11-1…

CVSS: 8.7 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
2025-05-14
Critical

CVE-2025-4641

Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager WebDriverManager on Windows, MacOS, Linux (XML parsing components modules) allows Data Serialization…

CVSS: 9.3 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
Low

CVE-2025-0135

An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app. The GlobalPr…

CVSS: 3.3 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
High

CVE-2025-0131

An incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated no…

CVSS: 7.1 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
Medium

CVE-2025-46785

Buffer over-read in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.

CVSS: 6.5 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2025-30667

NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.

CVSS: 6.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2025-30666

NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.

CVSS: 6.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2025-30665

NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.

CVSS: 6.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2025-05-13
High

CVE-2025-20618

Stack-based buffer overflow for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow a privileged user to potentially enable denial of service via local access.

CVSS: 7.9 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
Medium

CVE-2025-20108

Uncontrolled search path element for some Intel(R) Network Adapter Driver installers for Windows 11 before version 29.4 may allow an authenticated user to potentially enable escalation of privilege v…

CVSS: 6.7 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
Medium

CVE-2025-20062

Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

CVSS: 6.1 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-20046

Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

CVSS: 8.0 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2025-20039

Race condition for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

CVSS: 6.6 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2025-20032

Improper input validation for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow a privileged user to potentially enable denial of service via local access.

CVSS: 7.9 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2025-20026

Out-of-bounds read for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

CVSS: 6.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2025-20006

Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

CVSS: 7.4 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2024-45333

Improper access control for some Intel(R) Data Center GPU Flex Series for Windows driver before version 31.0.101.4314 may allow an authenticated user to potentially enable denial of service via local…

CVSS: 7.3 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2024-43101

Improper access control for some Intel(R) Data Center GPU Flex Series for Windows driver software before version 31.0.101.4255 may allow an authenticated user to potentially enable denial of service…

CVSS: 5.3 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2024-36292

Improper buffer restrictions for some Intel(R) Data Center GPU Flex Series for Windows driver before version 31.0.101.4314 may allow an authenticated user to potentially enable denial of service via…

CVSS: 7.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2025-4660

A remote code execution vulnerability exists in the Windows agent component of SecureConnector due to improper access controls on a named pipe. The pipe is accessible to the Everyone group and does n…

CVSS: 9.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2025-32709

Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-32707

Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2025-32706

Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2025-32701

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-30400

Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-30388

Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2025-30385

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2025-29974

Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose information over an adjacent network.

CVSS: 5.7 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2025-29969

Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network.

CVSS: 7.5 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
High

CVE-2025-29966

Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network.

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2025-29964

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2025-29963

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2025-29962

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Medium

CVE-2025-29961

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2025-29960

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2025-29959

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

CVSS: 6.5 CWE: CWE-908 - Use of Uninitialized Resource View on NVD
Medium

CVE-2025-29958

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

CVSS: 6.5 CWE: CWE-908 - Use of Uninitialized Resource View on NVD
Medium

CVE-2025-29957

Uncontrolled resource consumption in Windows Deployment Services allows an unauthorized attacker to deny service locally.

CVSS: 6.2 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2025-29956

Buffer over-read in Windows SMB allows an authorized attacker to disclose information over a network.

CVSS: 5.4 CWE: CWE-126 - Buffer Over-read View on NVD
Medium

CVE-2025-29955

Improper input validation in Windows Hyper-V allows an unauthorized attacker to deny service locally.

CVSS: 6.2 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2025-29954

Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.

CVSS: 5.9 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2025-29840

Stack-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.

CVSS: 8.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
Medium

CVE-2025-29839

Out-of-bounds read in Windows File Server allows an unauthorized attacker to disclose information locally.

CVSS: 4.0 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2025-29838

Null pointer dereference in Windows Drivers allows an unauthorized attacker to elevate privileges locally.

CVSS: 7.4 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2025-29837

Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to disclose information locally.

CVSS: 5.5 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2025-29836

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2025-29835

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2025-29833

Time-of-check time-of-use (toctou) race condition in Windows Virtual Machine Bus allows an unauthorized attacker to execute code locally.

CVSS: 7.7 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
Medium

CVE-2025-29832

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2025-29830

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

CVSS: 6.5 CWE: CWE-908 - Use of Uninitialized Resource View on NVD
Medium

CVE-2025-29829

Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally.

CVSS: 5.5 CWE: CWE-908 - Use of Uninitialized Resource View on NVD
Medium

CVE-2025-27488

Use of hard-coded credentials in Windows Hardware Lab Kit allows an authorized attacker to elevate privileges locally.

CVSS: 6.7 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
High

CVE-2025-27468

Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally.

CVSS: 7.0 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2025-24063

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2025-35471

conda-forge openssl-feedstock before 066e83c (2024-05-20), on Microsoft Windows, configures OpenSSL to use an OPENSSLDIR file path that can be written to by non-privilged local users. By writing a sp…

CVSS: 7.3 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
Medium

CVE-2025-43005

SAP GUI for Windows allows an unauthenticated attacker to exploit insecure obfuscation algorithms used by the GuiXT application to store user credentials. While this issue does not impact the Integri…

CVSS: 4.3 CWE: CWE-256 - Plaintext Storage of a Password View on NVD
2025-05-11
High

CVE-2025-4540

A vulnerability was found in MTSoftware C-Lodop 6.6.1.1 on Windows. It has been rated as critical. This issue affects some unknown processing of the component CLodopPrintService. The manipulation lea…

CVSS: 7.0 CWE: CWE-426 - Untrusted Search Path View on NVD
2025-05-10
High

CVE-2025-4525

A vulnerability, which was classified as critical, has been found in Discord 1.0.9188 on Windows. Affected by this issue is some unknown functionality in the library WINSTA.dll. The manipulation lead…

CVSS: 7.0 CWE: CWE-426 - Untrusted Search Path View on NVD
2025-05-09
High

CVE-2024-9524

Link Following Local Privilege Escalation Vulnerability in System Speedup Service in Avira Operations GmbH Avira Prime Version 1.1.96.2 on Windows 10 x64 allows local attackers to escalate privileges…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2024-13962

Link Following Local Privilege Escalation Vulnerability in TuneupSvc in Gen Digital Inc. Avast Cleanup Premium Version 24.2.16593.17810 on Windows 10 Pro x64 allows local attackers to escalate privil…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2024-13961

Link Following Local Privilege Escalation Vulnerability in TuneupSvc in Avast Cleanup Premium Version 24.2.16593.17810 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2024-13960

Link Following Local Privilege Escalation Vulnerability in TuneUp Service in AVG TuneUp Version 23.4 (build 15592) on Windows 10 allows local attackers to escalate privileges and execute arbitrary co…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2024-13959

Link Following Local Privilege Escalation Vulnerability in TuneupSvc.exe in AVG TuneUp 24.2.16593.9844 on Windows allows local attackers to escalate privileges and execute arbitrary code in the conte…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2024-13944

Link Following Local Privilege Escalation Vulnerability in NortonUtilitiesSvc in Norton Utilities Ultimate Version 24.2.16862.6344 on Windows 10 Pro x64 allows local attackers to escalate privileges…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2024-13759

Local Privilege Escalation in Avira.Spotlight.Service.exe in Avira Prime 1.1.96.2 on Windows 10 x64  allows local attackers to gain system-level privileges via arbitrary file deletion

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2025-05-07
High

CVE-2025-26169

IXON VPN Client before 1.4.4 on Windows allows Local Privilege Escalation to SYSTEM because there is code execution from a configuration file that can be controlled by a low-privileged user. There is…

CVSS: 8.1 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2025-05-06
Low

CVE-2025-46735

Terraform WinDNS Provider allows users to manage their Windows DNS server resources through Terraform. A security issue has been found in Terraform WinDNS Provider before version `1.0.5`. The `windns…

CVSS: 1.1 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
2025-05-05
Medium

CVE-2025-1493

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service due to concurrent execution of shared reso…

CVSS: 5.3 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2025-1000

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when connecting to a…

CVSS: 5.3 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2025-0915

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 under specific configurations could allow an authenticated user to cause a denial…

CVSS: 5.3 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2025-46335

Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. A Stored Cross-Site Scripting (XSS) vulnerability has been identified in…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-1992

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user in federation environment, to cause a denial of ser…

CVSS: 5.3 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
2025-05-01
Medium

CVE-2024-52903

IBM Db2 for Linux, UNIX and Windows 12.1.0 and 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

CVSS: 5.3 CWE: CWE-248 - Uncaught Exception View on NVD
Medium

CVE-2025-4178

A vulnerability was found in xiaowei1118 java_server up to 11a5bac8f4ba1c17e4bc1b27cad6d24868500e3a on Windows and classified as critical. This issue affects some unknown processing of the file /src/…

CVSS: 5.4 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2025-23246

NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows a guest to consume uncontrolled resources. A successful exploit of this v…

CVSS: 5.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2025-23245

NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows a guest to access global resources. A successful exploit of this vulnerab…

CVSS: 5.5 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
High

CVE-2025-37750

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in decryption with multichannel After commit f7025d861694 ("smb: client: allocate crypto only for primary se…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
2025-04-30
High

CVE-2025-46619

A security issue has been discovered in Couchbase Server before 7.6.4 and fixed in v.7.6.4 and v.7.2.7 for Windows that could allow unauthorized access to sensitive files. Depending on the level of p…

CVSS: 7.6 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2025-3599

Symantec Endpoint Protection Windows Agent, running an ERASER Engine prior to 119.1.7.8, may be susceptible to an Elevation of Privilege vulnerability, which may allow an attacker to delete resources…

CVSS: 6.5 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
2025-04-29
Medium

CVE-2025-4084

Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's…

CVSS: 5.7 CWE: CWE-116 - Improper Encoding or Escaping of Output View on NVD
2025-04-28
High

CVE-2025-3224

A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. During an update, Docker De…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2025-42598

Multiple SEIKO EPSON printer drivers for Windows OS are configured with an improper access permission settings when installed or used in a language other than English. If a user is directed to place…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
Medium

CVE-2025-31144

Quick Agent V3 and Quick Agent V2 contain an issue with improper restriction of communication channel to intended endpoints. If exploited, a remote unauthenticated attacker may attempt to log in to a…

CVSS: 5.8 CWE: CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints View on NVD
High

CVE-2025-26692

Quick Agent V3 and Quick Agent V2 contain an issue with improper limitation of a pathname to a restricted directory ('Path Traversal'). If exploited, arbitrary code may be executed by a remote unauth…

CVSS: 8.1 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2025-04-25
High

CVE-2025-3928

Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors…

CVSS: 8.8 CWE: N/A View on NVD
2025-04-24
Critical

CVE-2025-43858

YoutubeDLSharp is a wrapper for the command-line video downloaders youtube-dl and yt-dlp. In versions starting from 1.0.0-beta4 and prior to 1.1.2, an unsafe conversion of arguments allows the inject…

CVSS: 9.2 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD