Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows
Subscriptions
Total
8074 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-1257 | 5 Apple, Cisco, Linux and 2 more | 5 Macos, Catalyst Center, Linux Kernel and 2 more | 2025-07-23 | 8.8 High |
A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to manipulate an authenticated user into executing malicious actions without their awareness or consent. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a web-based management user to follow a specially crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the device with the privileges of the authenticated user. These actions include modifying the device configuration, disconnecting the user's session, and executing Command Runner commands. | ||||
CVE-2025-49733 | 1 Microsoft | 13 Windows, Windows 10, Windows 10 1809 and 10 more | 2025-07-23 | 7.8 High |
Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. | ||||
CVE-2025-49730 | 1 Microsoft | 18 Windows, Windows 10, Windows 10 1507 and 15 more | 2025-07-23 | 7.8 High |
Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally. | ||||
CVE-2025-49722 | 1 Microsoft | 18 Windows, Windows 10, Windows 10 1507 and 15 more | 2025-07-23 | 5.7 Medium |
Uncontrolled resource consumption in Windows Print Spooler Components allows an authorized attacker to deny service over an adjacent network. | ||||
CVE-2025-49675 | 1 Microsoft | 18 Windows, Windows 10, Windows 10 1507 and 15 more | 2025-07-23 | 7.8 High |
Use after free in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally. | ||||
CVE-2025-49667 | 1 Microsoft | 18 Windows, Windows 10, Windows 10 1507 and 15 more | 2025-07-23 | 7.8 High |
Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. | ||||
CVE-2025-48818 | 1 Microsoft | 17 Bitlocker, Windows, Windows 10 and 14 more | 2025-07-23 | 6.8 Medium |
Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | ||||
CVE-2025-48003 | 1 Microsoft | 14 Bitlocker, Windows, Windows 10 and 11 more | 2025-07-23 | 6.8 Medium |
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | ||||
CVE-2025-48001 | 1 Microsoft | 17 Windows, Windows 10, Windows 10 1507 and 14 more | 2025-07-23 | 6.8 Medium |
Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | ||||
CVE-2025-47996 | 1 Microsoft | 18 Windows, Windows 10, Windows 10 1507 and 15 more | 2025-07-23 | 7.8 High |
Integer underflow (wrap or wraparound) in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally. | ||||
CVE-2025-47981 | 1 Microsoft | 18 Windows, Windows 10, Windows 10 1507 and 15 more | 2025-07-23 | 9.8 Critical |
Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network. | ||||
CVE-2025-47975 | 1 Microsoft | 18 Windows, Windows 10, Windows 10 1507 and 15 more | 2025-07-23 | 7 High |
Double free in Windows SSDP Service allows an authorized attacker to elevate privileges locally. | ||||
CVE-2025-47973 | 1 Microsoft | 18 Windows, Windows 10, Windows 10 1507 and 15 more | 2025-07-23 | 7.8 High |
Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally. | ||||
CVE-2025-49721 | 1 Microsoft | 18 Windows, Windows 10, Windows 10 1507 and 15 more | 2025-07-23 | 7.8 High |
Heap-based buffer overflow in Windows Fast FAT Driver allows an unauthorized attacker to elevate privileges locally. | ||||
CVE-2025-47993 | 1 Microsoft | 7 Pc Manager, Windows, Windows 11 and 4 more | 2025-07-23 | 7.8 High |
Improper access control in Microsoft PC Manager allows an authorized attacker to elevate privileges locally. | ||||
CVE-2025-49686 | 1 Microsoft | 18 Windows, Windows 10, Windows 10 1507 and 15 more | 2025-07-23 | 7.8 High |
Null pointer dereference in Windows TCP/IP allows an authorized attacker to elevate privileges locally. | ||||
CVE-2025-47987 | 1 Microsoft | 18 Windows, Windows 10, Windows 10 1507 and 15 more | 2025-07-23 | 7.8 High |
Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally. | ||||
CVE-2025-47976 | 1 Microsoft | 18 Windows, Windows 10, Windows 10 1507 and 15 more | 2025-07-23 | 7.8 High |
Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally. | ||||
CVE-2023-37244 | 2 Microsoft, N-able | 2 Windows, Automation Manager | 2025-07-23 | 5.3 Medium |
The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an attacker to manipulate the process into performing arbitrary file deletions. We recommend upgrading to version 2.91.0.0 | ||||
CVE-2025-20206 | 2 Cisco, Microsoft | 2 Secure Client, Windows | 2025-07-22 | 7.1 High |
A vulnerability in the interprocess communication (IPC) channel of Cisco Secure Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the Secure Firewall Posture Engine, formerly HostScan, is installed on Cisco Secure Client. This vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to a specific Cisco Secure Client process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker must have valid user credentials on the Windows system. |