Low
CVE-2025-21337
Windows NTFS Elevation of Privilege Vulnerability
Tag: Microsoft Windows
All CVEs associated with "Microsoft Windows". Page 18/121 • 14515 CVEs.
Subscribe CVEs: RSS for “Microsoft Windows” · RSS (High+Critical only)
About “Microsoft Windows”
A curated feed of “Microsoft Windows”-related CVEs appears below. We currently track 14515 CVEs for this tag (all time). In the last 365 days, 1681 were published. Average CVSS is 7.3 (all time; 7.2 over 365d), and 66% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-122 - Heap-based Buffer Overflow, CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition').
In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-02-11
High
CVE-2025-21208
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
High
CVE-2025-21201
Windows Telephony Server Remote Code Execution Vulnerability
High
CVE-2025-21200
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21190
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21184
Windows Core Messaging Elevation of Privileges Vulnerability
High
CVE-2025-21183
Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability
High
CVE-2025-21182
Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability
Medium
CVE-2024-40586
An Improper Access Control vulnerability [CWE-284] in FortiClient Windows version 7.4.0, version 7.2.6 and below, version 7.0.13 and below may allow a local user to escalate his privileges via FortiS…
Medium
CVE-2025-24870
SAP GUI for Windows & RFC service credentials are incorrectly stored in the memory of the program allowing an unauthenticated attacker to access information within systems, resulting in privilege esc…
2025-02-10
Medium
CVE-2025-25193
Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118.Final. An unsafe reading of environment file could potentially cause a…
High
CVE-2025-1193
Improper host validation in the certificate validation component in Devolutions Remote Desktop Manager on 2024.3.19 and earlier on Windows allows an attacker to intercept and modify encrypted communi…
2025-02-06
Medium
CVE-2024-13614
Kaspersky has fixed a security issue in Kaspersky Anti-Virus SDK for Windows, Kaspersky Security for Virtualization Light Agent, Kaspersky Endpoint Security for Windows, Kaspersky Small Office Securi…
Medium
CVE-2025-24845
Improper neutralization of argument delimiters in a command ('Argument Injection') issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker provides specially crafted da…
Medium
CVE-2025-24483
NULL pointer dereference vulnerability exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker provides specially crafted data to the specific process of the Windows system w…
High
CVE-2025-23236
Buffer overflow vulnerability exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker performs a specific operation, SYSTEM privilege of the Windows system where the product…
High
CVE-2025-22894
Unprotected Windows messaging channel ('Shatter') issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker sends a specially crafted message to the specific process of t…
High
CVE-2025-20094
Unprotected Windows messaging channel ('Shatter') issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker sends a specially crafted message to the specific process of t…
High
CVE-2025-22890
Execution with unnecessary privileges issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker performs a specific operation, SYSTEM privilege of the Windows system wher…
2025-02-05
Medium
CVE-2025-24805
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. A local user with minimal privi…
Medium
CVE-2025-24804
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. According to Apple's documentat…
Medium
CVE-2025-24803
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. According to Apple's documentat…
Low
CVE-2025-23415
An insufficient verification of data authenticity vulnerability exists in BIG-IP APM Access Policy endpoint inspection that may allow an attacker to bypass endpoint inspection checks for VPN connecti…
2025-02-04
Medium
CVE-2025-1019
The z-order of the browser windows could be manipulated to hide the fullscreen notification. This could potentially be leveraged to perform a spoofing attack. This vulnerability was fixed in Firefox…
Medium
CVE-2025-1013
A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak. This vulnerability was fixed in Firefox 135, Fi…
2025-02-03
High
CVE-2024-35177
Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based env…
2025-02-02
Medium
CVE-2024-0131
NVIDIA GPU kernel driver for Windows and Linux contains a vulnerability where a potential user-mode attacker could read a buffer with an incorrect length. A successful exploit of this vulnerability…
2025-01-31
Medium
CVE-2025-24831
Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378.
Medium
CVE-2025-24830
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378.
Medium
CVE-2025-24829
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378.
Medium
CVE-2025-24828
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378.
Medium
CVE-2025-24827
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378.
2025-01-30
Medium
CVE-2025-0145
Untrusted search path in the installer for some Zoom Workplace Apps for Windows may allow an authorized user to conduct an escalation of privilege via local access.
Medium
CVE-2025-23007
A vulnerability in the NetExtender Windows client log export function allows unauthorized access to sensitive Windows system files, potentially leading to privilege escalation.
2025-01-29
High
CVE-2025-24789
Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake JDBC…
2025-01-28
Medium
CVE-2025-24826
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 4625.
High
CVE-2025-24479
A Local Code Execution Vulnerability exists in the product and version listed above. The vulnerability is due to a default setting in Windows and allows access to the Command Prompt as a higher privi…
High
CVE-2025-0065
Improper Neutralization of Argument Delimiters in the TeamViewer_service.exe component of TeamViewer Clients prior version 15.62 for Windows allows an attacker with local unprivileged access on a Win…
Medium
CVE-2025-23084
A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows…
High
CVE-2024-0150
NVIDIA GPU display driver for Windows and Linux contains a vulnerability where data is written past the end or before the beginning of a buffer. A successful exploit of this vulnerability might lead…
Medium
CVE-2024-0147
NVIDIA GPU display driver for Windows and Linux contains a vulnerability where referencing memory after it has been freed can lead to denial of service or data tampering.
2025-01-27
Medium
CVE-2025-0733
A vulnerability, which was classified as problematic, was found in Postman up to 11.20 on Windows. This affects an unknown part in the library profapi.dll. The manipulation leads to untrusted search…
Medium
CVE-2025-0732
A vulnerability, which was classified as problematic, has been found in Discord up to 1.0.9177 on Windows. Affected by this issue is some unknown functionality in the library profapi.dll. The manipul…
Medium
CVE-2024-52012
Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload"…
2025-01-24
Medium
CVE-2024-45077
IBM Maximo Asset Management 7.6.1.3 MXAPIASSET API is vulnerable to unrestricted file upload which allows authenticated low privileged user to upload restricted file types with a simple method of add…
High
CVE-2024-9495
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the CP210x VCP Windows installer can lead to privilege escalation and arbitrary code execution when running the impacted i…
2025-01-22
High
CVE-2025-0651
Improper Privilege Management vulnerability in Cloudflare WARP on Windows allows File Manipulation. User with a low system privileges can create a set of symlinks inside the C:\ProgramData\Cloudfla…
High
CVE-2024-55957
In Thermo Fisher Scientific Xcalibur before 4.7 SP1 and Thermo Foundation Instrument Control Software (ICSW) before 3.1 SP10, the driver packages have a local privilege escalation vulnerability due t…
Medium
CVE-2024-42013
In GRAU DATA Blocky before 3.1, Blocky-Gui has a Client-Side Enforcement of Server-Side Security vulnerability. An attacker with Windows administrative or debugging privileges can patch a binary in m…
Medium
CVE-2024-42012
GRAU DATA Blocky before 3.1 stores passwords encrypted rather than hashed. At the login screen, the user's password is compared to the user's decrypted cleartext password. An attacker with Windows ad…
2025-01-21
Medium
CVE-2024-37284
Improper handling of alternate encoding occurs when Elastic Defend on Windows systems attempts to scan a file or process encoded as a multibyte character. This leads to an uncaught exception causing…
2025-01-20
Medium
CVE-2024-13524
A vulnerability has been found in obsproject OBS Studio up to 30.0.2 on Windows and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to un…
2025-01-17
High
CVE-2025-21325
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
2025-01-15
Medium
CVE-2024-54540
The issue was addressed with improved input sanitization. This issue is fixed in Apple Music 1.5.0.152 for Windows. Processing maliciously crafted web content may disclose internal states of the app.
Critical
CVE-2025-0502
Transmission of Private Resources into a New Sphere ('Resource Leak') vulnerability in CrafterCMS Engine on Linux, MacOS, x86, Windows, 64 bit, ARM allows Directory Indexing, Resource Leak Exposure.T…
Low
CVE-2024-5198
OpenVPN ovpn-dco for Windows version 1.1.1 allows an unprivileged local attacker to send I/O control messages with invalid data to the driver resulting in a NULL pointer dereference leading to a syst…
Medium
CVE-2025-0440
Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Me…
2025-01-14
High
CVE-2025-23042
Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Gradio's Access Control List (ACL)…
High
CVE-2024-50338
Git Credential Manager (GCM) is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists…
High
CVE-2025-21417
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21413
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21411
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21409
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21389
Uncontrolled resource consumption in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to deny service over a network.
High
CVE-2025-21382
Windows Graphics Component Elevation of Privilege Vulnerability
High
CVE-2025-21378
Windows CSC Service Elevation of Privilege Vulnerability
Medium
CVE-2025-21374
Windows CSC Service Information Disclosure Vulnerability
High
CVE-2025-21370
Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
High
CVE-2025-21343
Windows Web Threat Defense User Service Information Disclosure Vulnerability
Medium
CVE-2025-21341
Windows Digital Media Elevation of Privilege Vulnerability
Medium
CVE-2025-21340
Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability
High
CVE-2025-21339
Windows Telephony Service Remote Code Execution Vulnerability
Medium
CVE-2025-21336
Windows Cryptographic Information Disclosure Vulnerability
High
CVE-2025-21335
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
High
CVE-2025-21334
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
High
CVE-2025-21333
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
High
CVE-2025-21331
Windows Installer Elevation of Privilege Vulnerability
High
CVE-2025-21330
Windows Remote Desktop Services Denial of Service Vulnerability
Medium
CVE-2025-21327
Windows Digital Media Elevation of Privilege Vulnerability
Medium
CVE-2025-21324
Windows Digital Media Elevation of Privilege Vulnerability
Medium
CVE-2025-21323
Windows Kernel Memory Information Disclosure Vulnerability
Medium
CVE-2025-21321
Windows Kernel Memory Information Disclosure Vulnerability
Medium
CVE-2025-21320
Windows Kernel Memory Information Disclosure Vulnerability
Medium
CVE-2025-21319
Windows Kernel Memory Information Disclosure Vulnerability
Medium
CVE-2025-21318
Windows Kernel Memory Information Disclosure Vulnerability
Medium
CVE-2025-21317
Windows Kernel Memory Information Disclosure Vulnerability
Medium
CVE-2025-21316
Windows Kernel Memory Information Disclosure Vulnerability
Medium
CVE-2025-21314
Windows SmartScreen Spoofing Vulnerability
Medium
CVE-2025-21313
Windows Security Account Manager (SAM) Denial of Service Vulnerability
Low
CVE-2025-21312
Windows Smart Card Reader Information Disclosure Vulnerability
Critical
CVE-2025-21311
Windows NTLM V1 Elevation of Privilege Vulnerability
Medium
CVE-2025-21310
Windows Digital Media Elevation of Privilege Vulnerability
High
CVE-2025-21309
Windows Remote Desktop Services Remote Code Execution Vulnerability
Medium
CVE-2025-21308
Windows Themes Spoofing Vulnerability
Critical
CVE-2025-21307
Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
High
CVE-2025-21306
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21305
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21303
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21302
Windows Telephony Service Remote Code Execution Vulnerability
Medium
CVE-2025-21301
Windows Geolocation Service Information Disclosure Vulnerability
High
CVE-2025-21300
Windows Universal Plug and Play (UPnP) Device Host Denial of Service Vulnerability
High
CVE-2025-21299
Windows Kerberos Security Feature Bypass Vulnerability
Critical
CVE-2025-21298
Windows OLE Remote Code Execution Vulnerability
High
CVE-2025-21297
Windows Remote Desktop Services Remote Code Execution Vulnerability
High
CVE-2025-21292
Windows Search Service Elevation of Privilege Vulnerability
High
CVE-2025-21291
Windows Direct Show Remote Code Execution Vulnerability
Medium
CVE-2025-21288
Windows COM Server Information Disclosure Vulnerability
High
CVE-2025-21287
Windows Installer Elevation of Privilege Vulnerability
High
CVE-2025-21286
Windows Telephony Service Remote Code Execution Vulnerability
Medium
CVE-2025-21284
Windows Virtual Trusted Platform Module Denial of Service Vulnerability
High
CVE-2025-21282
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21281
Microsoft COM for Windows Elevation of Privilege Vulnerability
Medium
CVE-2025-21280
Windows Virtual Trusted Platform Module Denial of Service Vulnerability
Medium
CVE-2025-21278
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
High
CVE-2025-21276
Windows MapUrlToZone Denial of Service Vulnerability
High
CVE-2025-21275
Windows App Package Installer Elevation of Privilege Vulnerability
Medium
CVE-2025-21274
Windows Event Tracing Denial of Service Vulnerability
High
CVE-2025-21273
Windows Telephony Service Remote Code Execution Vulnerability
Medium
CVE-2025-21272
Windows COM Server Information Disclosure Vulnerability
High
CVE-2025-21271
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability