Windows 10 1607
by Microsoft
CVEs (3,413)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-59195 | 0.00 | — | 0.00 | Oct 14, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to deny service locally. | |||
| CVE-2025-59185 | 0.00 | — | 0.01 | Oct 14, 2025 | External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2025-58735 | 0.00 | — | 0.00 | Oct 14, 2025 | Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-58732 | 0.00 | — | 0.00 | Oct 14, 2025 | Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-58728 | 0.00 | — | 0.00 | Oct 14, 2025 | Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-58722 | 0.00 | — | 0.02 | Oct 14, 2025 | Heap-based buffer overflow in Windows DWM allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-58719 | 0.00 | — | 0.00 | Oct 14, 2025 | Use after free in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-58717 | 0.00 | — | 0.01 | Oct 14, 2025 | Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | |||
| CVE-2025-58716 | 0.00 | — | 0.00 | Oct 14, 2025 | Improper input validation in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-58715 | 0.00 | — | 0.00 | Oct 14, 2025 | Integer overflow or wraparound in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-55701 | 0.00 | — | 0.00 | Oct 14, 2025 | Improper validation of specified type of input in Microsoft Windows allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-55700 | 0.00 | — | 0.01 | Oct 14, 2025 | Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | |||
| CVE-2025-55689 | 0.00 | — | 0.00 | Oct 14, 2025 | Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-55687 | 0.00 | — | 0.00 | Oct 14, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Resilient File System (ReFS) allows an unauthorized attacker to elevate privileges locally. | |||
| CVE-2025-55686 | 0.00 | — | 0.00 | Oct 14, 2025 | Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-55685 | 0.00 | — | 0.00 | Oct 14, 2025 | Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-55681 | 0.00 | — | 0.05 | Oct 14, 2025 | Out-of-bounds read in Windows DWM allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-55340 | 0.00 | — | 0.00 | Oct 14, 2025 | Improper authentication in Windows Remote Desktop Protocol allows an authorized attacker to bypass a security feature locally. | |||
| CVE-2025-55338 | 0.00 | — | 0.03 | Oct 14, 2025 | Missing Ability to Patch ROM Code in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | |||
| CVE-2025-55336 | 0.00 | — | 0.01 | Oct 14, 2025 | Exposure of sensitive information to an unauthorized actor in Windows Cloud Files Mini Filter Driver allows an authorized attacker to disclose information locally. |
- CVE-2025-59195Oct 14, 2025risk 0.00cvss —epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to deny service locally.
- CVE-2025-59185Oct 14, 2025risk 0.00cvss —epss 0.01
External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network.
- CVE-2025-58735Oct 14, 2025risk 0.00cvss —epss 0.00
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
- CVE-2025-58732Oct 14, 2025risk 0.00cvss —epss 0.00
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
- CVE-2025-58728Oct 14, 2025risk 0.00cvss —epss 0.00
Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
- CVE-2025-58722Oct 14, 2025risk 0.00cvss —epss 0.02
Heap-based buffer overflow in Windows DWM allows an authorized attacker to elevate privileges locally.
- CVE-2025-58719Oct 14, 2025risk 0.00cvss —epss 0.00
Use after free in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.
- CVE-2025-58717Oct 14, 2025risk 0.00cvss —epss 0.01
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
- CVE-2025-58716Oct 14, 2025risk 0.00cvss —epss 0.00
Improper input validation in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.
- CVE-2025-58715Oct 14, 2025risk 0.00cvss —epss 0.00
Integer overflow or wraparound in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.
- CVE-2025-55701Oct 14, 2025risk 0.00cvss —epss 0.00
Improper validation of specified type of input in Microsoft Windows allows an authorized attacker to elevate privileges locally.
- CVE-2025-55700Oct 14, 2025risk 0.00cvss —epss 0.01
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
- CVE-2025-55689Oct 14, 2025risk 0.00cvss —epss 0.00
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
- CVE-2025-55687Oct 14, 2025risk 0.00cvss —epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Resilient File System (ReFS) allows an unauthorized attacker to elevate privileges locally.
- CVE-2025-55686Oct 14, 2025risk 0.00cvss —epss 0.00
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
- CVE-2025-55685Oct 14, 2025risk 0.00cvss —epss 0.00
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
- CVE-2025-55681Oct 14, 2025risk 0.00cvss —epss 0.05
Out-of-bounds read in Windows DWM allows an authorized attacker to elevate privileges locally.
- CVE-2025-55340Oct 14, 2025risk 0.00cvss —epss 0.00
Improper authentication in Windows Remote Desktop Protocol allows an authorized attacker to bypass a security feature locally.
- CVE-2025-55338Oct 14, 2025risk 0.00cvss —epss 0.03
Missing Ability to Patch ROM Code in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
- CVE-2025-55336Oct 14, 2025risk 0.00cvss —epss 0.01
Exposure of sensitive information to an unauthorized actor in Windows Cloud Files Mini Filter Driver allows an authorized attacker to disclose information locally.
Page 129 of 171