Filtered by vendor Microsoft Subscriptions
Filtered by product Windows Subscriptions
Total 8074 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-1257 5 Apple, Cisco, Linux and 2 more 5 Macos, Catalyst Center, Linux Kernel and 2 more 2025-07-23 8.8 High
A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to manipulate an authenticated user into executing malicious actions without their awareness or consent. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a web-based management user to follow a specially crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the device with the privileges of the authenticated user. These actions include modifying the device configuration, disconnecting the user's session, and executing Command Runner commands.
CVE-2025-49733 1 Microsoft 13 Windows, Windows 10, Windows 10 1809 and 10 more 2025-07-23 7.8 High
Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
CVE-2025-49730 1 Microsoft 18 Windows, Windows 10, Windows 10 1507 and 15 more 2025-07-23 7.8 High
Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally.
CVE-2025-49722 1 Microsoft 18 Windows, Windows 10, Windows 10 1507 and 15 more 2025-07-23 5.7 Medium
Uncontrolled resource consumption in Windows Print Spooler Components allows an authorized attacker to deny service over an adjacent network.
CVE-2025-49675 1 Microsoft 18 Windows, Windows 10, Windows 10 1507 and 15 more 2025-07-23 7.8 High
Use after free in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-49667 1 Microsoft 18 Windows, Windows 10, Windows 10 1507 and 15 more 2025-07-23 7.8 High
Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
CVE-2025-48818 1 Microsoft 17 Bitlocker, Windows, Windows 10 and 14 more 2025-07-23 6.8 Medium
Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2025-48003 1 Microsoft 14 Bitlocker, Windows, Windows 10 and 11 more 2025-07-23 6.8 Medium
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2025-48001 1 Microsoft 17 Windows, Windows 10, Windows 10 1507 and 14 more 2025-07-23 6.8 Medium
Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2025-47996 1 Microsoft 18 Windows, Windows 10, Windows 10 1507 and 15 more 2025-07-23 7.8 High
Integer underflow (wrap or wraparound) in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.
CVE-2025-47981 1 Microsoft 18 Windows, Windows 10, Windows 10 1507 and 15 more 2025-07-23 9.8 Critical
Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.
CVE-2025-47975 1 Microsoft 18 Windows, Windows 10, Windows 10 1507 and 15 more 2025-07-23 7 High
Double free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
CVE-2025-47973 1 Microsoft 18 Windows, Windows 10, Windows 10 1507 and 15 more 2025-07-23 7.8 High
Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.
CVE-2025-49721 1 Microsoft 18 Windows, Windows 10, Windows 10 1507 and 15 more 2025-07-23 7.8 High
Heap-based buffer overflow in Windows Fast FAT Driver allows an unauthorized attacker to elevate privileges locally.
CVE-2025-47993 1 Microsoft 7 Pc Manager, Windows, Windows 11 and 4 more 2025-07-23 7.8 High
Improper access control in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
CVE-2025-49686 1 Microsoft 18 Windows, Windows 10, Windows 10 1507 and 15 more 2025-07-23 7.8 High
Null pointer dereference in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2025-47987 1 Microsoft 18 Windows, Windows 10, Windows 10 1507 and 15 more 2025-07-23 7.8 High
Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally.
CVE-2025-47976 1 Microsoft 18 Windows, Windows 10, Windows 10 1507 and 15 more 2025-07-23 7.8 High
Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
CVE-2023-37244 2 Microsoft, N-able 2 Windows, Automation Manager 2025-07-23 5.3 Medium
The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an attacker to manipulate the process into performing arbitrary file deletions. We recommend upgrading to version 2.91.0.0
CVE-2025-20206 2 Cisco, Microsoft 2 Secure Client, Windows 2025-07-22 7.1 High
A vulnerability in the interprocess communication (IPC) channel of Cisco Secure Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the Secure Firewall Posture Engine, formerly HostScan, is installed on Cisco Secure Client. This vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to a specific Cisco Secure Client process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker must have valid user credentials on the Windows system.