Windows 10 1607
by Microsoft
CVEs (3,413)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-48813 | 0.00 | — | 0.00 | Oct 14, 2025 | Use of a key past its expiration date in Virtual Secure Mode allows an authorized attacker to perform spoofing locally. | |||
| CVE-2025-59502 | 0.00 | — | 0.01 | Oct 14, 2025 | Uncontrolled resource consumption in Windows Remote Procedure Call allows an unauthorized attacker to deny service over a network. | |||
| CVE-2025-59295 | 0.00 | — | 0.02 | Oct 14, 2025 | Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker to execute code over a network. | |||
| CVE-2025-59294 | 0.00 | — | 0.01 | Oct 14, 2025 | Exposure of sensitive information to an unauthorized actor in Windows Taskbar Live allows an unauthorized attacker to disclose information with a physical attack. | |||
| CVE-2025-59290 | 0.00 | — | 0.00 | Oct 14, 2025 | Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-59282 | 0.00 | — | 0.01 | Oct 14, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Inbox COM Objects allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-59280 | 0.00 | — | 0.00 | Oct 14, 2025 | Improper authentication in Windows SMB Client allows an unauthorized attacker to perform tampering over a network. | |||
| CVE-2025-59277 | 0.00 | — | 0.00 | Oct 14, 2025 | Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-59259 | 0.00 | — | 0.01 | Oct 14, 2025 | Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network. | |||
| CVE-2025-59255 | 0.00 | — | 0.00 | Oct 14, 2025 | Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-49708 | 0.00 | — | 0.01 | Oct 14, 2025 | Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges over a network. | |||
| CVE-2025-59242 | 0.00 | — | 0.00 | Oct 14, 2025 | Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-59211 | 0.00 | — | 0.01 | Oct 14, 2025 | Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally. | |||
| CVE-2025-59207 | 0.00 | — | 0.00 | Oct 14, 2025 | Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-59204 | 0.00 | — | 0.00 | Oct 14, 2025 | Use of uninitialized resource in Windows Management Services allows an authorized attacker to disclose information locally. | |||
| CVE-2025-59202 | 0.00 | — | 0.00 | Oct 14, 2025 | Use after free in Windows Remote Desktop Services allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-59201 | 0.00 | — | 0.00 | Oct 14, 2025 | Improper access control in Network Connection Status Indicator (NCSI) allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-59200 | 0.00 | — | 0.01 | Oct 14, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Data Sharing Service Client allows an unauthorized attacker to perform spoofing locally. | |||
| CVE-2025-59199 | 0.00 | — | 0.04 | Oct 14, 2025 | Improper access control in Software Protection Platform (SPP) allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-59196 | 0.00 | — | 0.00 | Oct 14, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally. |
- CVE-2025-48813Oct 14, 2025risk 0.00cvss —epss 0.00
Use of a key past its expiration date in Virtual Secure Mode allows an authorized attacker to perform spoofing locally.
- CVE-2025-59502Oct 14, 2025risk 0.00cvss —epss 0.01
Uncontrolled resource consumption in Windows Remote Procedure Call allows an unauthorized attacker to deny service over a network.
- CVE-2025-59295Oct 14, 2025risk 0.00cvss —epss 0.02
Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker to execute code over a network.
- CVE-2025-59294Oct 14, 2025risk 0.00cvss —epss 0.01
Exposure of sensitive information to an unauthorized actor in Windows Taskbar Live allows an unauthorized attacker to disclose information with a physical attack.
- CVE-2025-59290Oct 14, 2025risk 0.00cvss —epss 0.00
Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
- CVE-2025-59282Oct 14, 2025risk 0.00cvss —epss 0.01
Concurrent execution using shared resource with improper synchronization ('race condition') in Inbox COM Objects allows an unauthorized attacker to execute code locally.
- CVE-2025-59280Oct 14, 2025risk 0.00cvss —epss 0.00
Improper authentication in Windows SMB Client allows an unauthorized attacker to perform tampering over a network.
- CVE-2025-59277Oct 14, 2025risk 0.00cvss —epss 0.00
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
- CVE-2025-59259Oct 14, 2025risk 0.00cvss —epss 0.01
Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.
- CVE-2025-59255Oct 14, 2025risk 0.00cvss —epss 0.00
Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
- CVE-2025-49708Oct 14, 2025risk 0.00cvss —epss 0.01
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges over a network.
- CVE-2025-59242Oct 14, 2025risk 0.00cvss —epss 0.00
Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- CVE-2025-59211Oct 14, 2025risk 0.00cvss —epss 0.01
Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally.
- CVE-2025-59207Oct 14, 2025risk 0.00cvss —epss 0.00
Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.
- CVE-2025-59204Oct 14, 2025risk 0.00cvss —epss 0.00
Use of uninitialized resource in Windows Management Services allows an authorized attacker to disclose information locally.
- CVE-2025-59202Oct 14, 2025risk 0.00cvss —epss 0.00
Use after free in Windows Remote Desktop Services allows an authorized attacker to elevate privileges locally.
- CVE-2025-59201Oct 14, 2025risk 0.00cvss —epss 0.00
Improper access control in Network Connection Status Indicator (NCSI) allows an authorized attacker to elevate privileges locally.
- CVE-2025-59200Oct 14, 2025risk 0.00cvss —epss 0.01
Concurrent execution using shared resource with improper synchronization ('race condition') in Data Sharing Service Client allows an unauthorized attacker to perform spoofing locally.
- CVE-2025-59199Oct 14, 2025risk 0.00cvss —epss 0.04
Improper access control in Software Protection Platform (SPP) allows an authorized attacker to elevate privileges locally.
- CVE-2025-59196Oct 14, 2025risk 0.00cvss —epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
Page 128 of 171