Medium
CVE-2025-21269
Windows HTML Platforms Security Feature Bypass Vulnerability
Tag: Microsoft Windows
All CVEs associated with "Microsoft Windows". Page 19/121 • 14515 CVEs.
Subscribe CVEs: RSS for “Microsoft Windows” · RSS (High+Critical only)
About “Microsoft Windows”
A curated feed of “Microsoft Windows”-related CVEs appears below. We currently track 14515 CVEs for this tag (all time). In the last 365 days, 1681 were published. Average CVSS is 7.3 (all time; 7.2 over 365d), and 66% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-122 - Heap-based Buffer Overflow, CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition').
In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-01-14
High
CVE-2025-21266
Windows Telephony Service Remote Code Execution Vulnerability
Medium
CVE-2025-21265
Windows Digital Media Elevation of Privilege Vulnerability
Medium
CVE-2025-21263
Windows Digital Media Elevation of Privilege Vulnerability
Medium
CVE-2025-21261
Windows Digital Media Elevation of Privilege Vulnerability
Medium
CVE-2025-21260
Windows Digital Media Elevation of Privilege Vulnerability
Medium
CVE-2025-21258
Windows Digital Media Elevation of Privilege Vulnerability
Medium
CVE-2025-21257
Windows WLAN AutoConfig Service Information Disclosure Vulnerability
Medium
CVE-2025-21256
Windows Digital Media Elevation of Privilege Vulnerability
Medium
CVE-2025-21255
Windows Digital Media Elevation of Privilege Vulnerability
High
CVE-2025-21252
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21250
Windows Telephony Service Remote Code Execution Vulnerability
Medium
CVE-2025-21249
Windows Digital Media Elevation of Privilege Vulnerability
High
CVE-2025-21248
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21246
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21245
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21244
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21243
Windows Telephony Service Remote Code Execution Vulnerability
Medium
CVE-2025-21242
Windows Kerberos Information Disclosure Vulnerability
High
CVE-2025-21241
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21240
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21239
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21238
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21237
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21236
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21235
Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
High
CVE-2025-21234
Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
High
CVE-2025-21233
Windows Telephony Service Remote Code Execution Vulnerability
Medium
CVE-2025-21232
Windows Digital Media Elevation of Privilege Vulnerability
Medium
CVE-2025-21229
Windows Digital Media Elevation of Privilege Vulnerability
Medium
CVE-2025-21228
Windows Digital Media Elevation of Privilege Vulnerability
Medium
CVE-2025-21227
Windows Digital Media Elevation of Privilege Vulnerability
Medium
CVE-2025-21226
Windows Digital Media Elevation of Privilege Vulnerability
Medium
CVE-2025-21225
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
High
CVE-2025-21224
Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
High
CVE-2025-21223
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21218
Windows Kerberos Denial of Service Vulnerability
Medium
CVE-2025-21217
Windows NTLM Spoofing Vulnerability
Medium
CVE-2025-21214
Windows BitLocker Information Disclosure Vulnerability
Medium
CVE-2025-21210
Windows BitLocker Information Disclosure Vulnerability
High
CVE-2025-21207
Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability
Medium
CVE-2025-21202
Windows Recovery Environment Agent Elevation of Privilege Vulnerability
Medium
CVE-2025-0459
A vulnerability, which was classified as problematic, has been found in libretro RetroArch up to 1.19.1 on Windows. Affected by this issue is some unknown functionality in the library profapi.dll of…
High
CVE-2025-0069
Due to DLL injection vulnerability in SAPSetup, an attacker with either local user privileges or with access to a compromised corporate user�s Windows account could gain higher privileges. With this,…
Medium
CVE-2025-0055
SAP GUI for Windows stores user input on the client PC to improve usability. Under very specific circumstances an attacker with administrative privileges or access to the victim�s user directory on t…
2025-01-13
Medium
CVE-2025-22134
When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try t…
2025-01-08
Medium
CVE-2024-40679
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file under specific c…
2025-01-06
High
CVE-2024-56765
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/vas: Add close() callback in vas_vm_ops struct The mapping VMA address is saved in VAS window struct when the pas…
2025-01-02
High
CVE-2024-9950
A vulnerability in Forescout SecureConnector v11.3.07.0109 on Windows allows unauthenticated user to modify compliance scripts due to insecure temporary directory.
Medium
CVE-2024-56414
Web installer integrity check used weak hash algorithm. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.
Medium
CVE-2024-56413
Missing session invalidation after user deletion. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.
High
CVE-2024-55543
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.
Medium
CVE-2024-55542
Local privilege escalation due to excessive permissions assigned to Tray Monitor service. The following products are affected: Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169, Acr…
Medium
CVE-2024-55541
Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39169.
High
CVE-2024-55540
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.
Medium
CVE-2024-55538
Sensitive information disclosure due to missing authentication. The following products are affected: Acronis True Image (macOS) before build 41725, Acronis True Image (Windows) before build 41736, Ac…
Medium
CVE-2024-49385
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis True Image (Windows) before build 41736, Acronis True Image OEM (Windows) before buil…
2024-12-24
High
CVE-2024-12746
A SQL injection in the Amazon Redshift ODBC Driver v2.1.5.0 (Windows or Linux) allows a user to gain escalated privileges via the SQLTables or SQLColumns Metadata APIs. Users are recommended to upgra…
2024-12-23
High
CVE-2024-12902
ANCHOR from Global Wisdom Software is an integrated product running on a Windows virtual machine. The underlying Windows OS of the product contains high-privilege service accounts. If these accounts…
2024-12-19
Low
CVE-2024-38864
Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p23, < 2.2.0p38 and <= 2.1.0p49 (EOL) allows a local attacker to read sensitive data.
High
CVE-2024-4230
External Control of File Name or Path vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a malici…
High
CVE-2024-4229
Incorrect Default Permissions vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a malicious loca…
Medium
CVE-2023-30443
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query.
High
CVE-2022-27595
An insecure library loading vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local attackers who have gained user access to execute unauthoriz…
2024-12-18
Medium
CVE-2022-40733
An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part…
Medium
CVE-2022-40732
An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part…
2024-12-13
High
CVE-2024-52065
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional on non-Windows (Persistence Service) allows Buffer Overflow via Environment Variables.…
2024-12-12
Medium
CVE-2024-49071
Improper authorization of an index that contains sensitive information from a Global Files search in Windows Defender allows an authorized attacker to disclose information over a network.
High
CVE-2024-49138
Windows Common Log File System Driver Elevation of Privilege Vulnerability
High
CVE-2024-49132
Windows Remote Desktop Services Remote Code Execution Vulnerability
High
CVE-2024-49129
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
High
CVE-2024-49128
Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
High
CVE-2024-49127
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
High
CVE-2024-49126
Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability
High
CVE-2024-49125
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
High
CVE-2024-49123
Windows Remote Desktop Services Remote Code Execution Vulnerability
High
CVE-2024-49121
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
High
CVE-2024-49120
Windows Remote Desktop Services Remote Code Execution Vulnerability
High
CVE-2024-49119
Windows Remote Desktop Services Remote Code Execution Vulnerability
High
CVE-2024-49117
Windows Hyper-V Remote Code Execution Vulnerability
High
CVE-2024-49116
Windows Remote Desktop Services Remote Code Execution Vulnerability
High
CVE-2024-49115
Windows Remote Desktop Services Remote Code Execution Vulnerability
High
CVE-2024-49114
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
High
CVE-2024-49113
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
Critical
CVE-2024-49112
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
Medium
CVE-2024-49110
Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
High
CVE-2024-49108
Windows Remote Desktop Services Remote Code Execution Vulnerability
High
CVE-2024-49106
Windows Remote Desktop Services Remote Code Execution Vulnerability
High
CVE-2024-49104
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Medium
CVE-2024-49103
Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability
High
CVE-2024-49102
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Medium
CVE-2024-49099
Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability
Medium
CVE-2024-49098
Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability
High
CVE-2024-49097
Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
High
CVE-2024-49095
Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
High
CVE-2024-49093
Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
Medium
CVE-2024-49092
Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
High
CVE-2024-49091
Windows Domain Name Service Remote Code Execution Vulnerability
High
CVE-2024-49090
Windows Common Log File System Driver Elevation of Privilege Vulnerability
High
CVE-2024-49089
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
High
CVE-2024-49088
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Medium
CVE-2024-49087
Windows Mobile Broadband Driver Information Disclosure Vulnerability
High
CVE-2024-49086
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
High
CVE-2024-49085
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
High
CVE-2024-49084
Windows Kernel Elevation of Privilege Vulnerability
Medium
CVE-2024-49083
Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
Medium
CVE-2024-49082
Windows File Explorer Information Disclosure Vulnerability
High
CVE-2024-49080
Windows IP Routing Management Snapin Remote Code Execution Vulnerability
Medium
CVE-2024-49078
Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
Medium
CVE-2024-49077
Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
High
CVE-2024-49076
Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
High
CVE-2024-49075
Windows Remote Desktop Services Denial of Service Vulnerability
High
CVE-2024-49074
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
Medium
CVE-2024-49073
Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
High
CVE-2024-49072
Windows Task Scheduler Elevation of Privilege Vulnerability
2024-12-11
High
CVE-2024-12363
Insufficient permissions in the TeamViewer Patch & Asset Management component prior to version 24.12 on Windows allows a local authenticated user to delete arbitrary files. TeamViewer Patch & Asset M…
2024-12-10
Low
CVE-2024-47576
SAP Product Lifecycle Costing Client (versions below 4.7.1) application loads on demand a DLL that is available with Windows OS. This DLL is loaded from the computer running SAP Product Lifecycle Cos…
2024-12-09
High
CVE-2024-55580
An issue was discovered in Qlik Sense Enterprise for Windows before November 2024 IR. Unprivileged users with network access may be able to execute remote commands that could cause high availability…
High
CVE-2024-55579
An issue was discovered in Qlik Sense Enterprise for Windows before November 2024 IR. An unprivileged user with network access may be able to create connection objects that trigger execution of arbit…
2024-12-07
Medium
CVE-2024-41762
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted q…