Windows 10 1809
by Microsoft
CVEs (3,332)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-59512 | 0.00 | — | 0.03 | Nov 11, 2025 | Improper access control in Customer Experience Improvement Program (CEIP) allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-59511 | 0.00 | — | 0.00 | Nov 11, 2025 | External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-59510 | 0.00 | — | 0.00 | Nov 11, 2025 | Improper link resolution before file access ('link following') in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to deny service locally. | |||
| CVE-2025-59509 | 0.00 | — | 0.01 | Nov 11, 2025 | Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker to disclose information locally. | |||
| CVE-2025-59508 | 0.00 | — | 0.00 | Nov 11, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-59507 | 0.00 | — | 0.00 | Nov 11, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-59506 | 0.00 | — | 0.00 | Nov 11, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-59505 | 0.00 | — | 0.00 | Nov 11, 2025 | Double free in Windows Smart Card allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-59278 | 0.00 | — | 0.00 | Oct 14, 2025 | Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-59275 | 0.00 | — | 0.00 | Oct 14, 2025 | Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-59253 | 0.00 | — | 0.00 | Oct 14, 2025 | Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny service locally. | |||
| CVE-2025-59244 | 0.00 | — | 0.01 | Oct 14, 2025 | External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2025-59214 | 0.00 | — | 0.02 | Oct 14, 2025 | Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2025-59209 | 0.00 | — | 0.00 | Oct 14, 2025 | Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally. | |||
| CVE-2025-59208 | 0.00 | — | 0.00 | Oct 14, 2025 | Out-of-bounds read in Windows MapUrlToZone allows an unauthorized attacker to disclose information over a network. | |||
| CVE-2025-59205 | 0.00 | — | 0.00 | Oct 14, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-59203 | 0.00 | — | 0.00 | Oct 14, 2025 | Insertion of sensitive information into log file in Windows StateRepository API allows an authorized attacker to disclose information locally. | |||
| CVE-2025-59198 | 0.00 | — | 0.00 | Oct 14, 2025 | Improper input validation in Microsoft Windows Search Component allows an authorized attacker to deny service locally. | |||
| CVE-2025-59197 | 0.00 | — | 0.00 | Oct 14, 2025 | Insertion of sensitive information into log file in Windows ETL Channel allows an authorized attacker to disclose information locally. | |||
| CVE-2025-59193 | 0.00 | — | 0.00 | Oct 14, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally. |
- CVE-2025-59512Nov 11, 2025risk 0.00cvss —epss 0.03
Improper access control in Customer Experience Improvement Program (CEIP) allows an authorized attacker to elevate privileges locally.
- CVE-2025-59511Nov 11, 2025risk 0.00cvss —epss 0.00
External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally.
- CVE-2025-59510Nov 11, 2025risk 0.00cvss —epss 0.00
Improper link resolution before file access ('link following') in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to deny service locally.
- CVE-2025-59509Nov 11, 2025risk 0.00cvss —epss 0.01
Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker to disclose information locally.
- CVE-2025-59508Nov 11, 2025risk 0.00cvss —epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.
- CVE-2025-59507Nov 11, 2025risk 0.00cvss —epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.
- CVE-2025-59506Nov 11, 2025risk 0.00cvss —epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally.
- CVE-2025-59505Nov 11, 2025risk 0.00cvss —epss 0.00
Double free in Windows Smart Card allows an authorized attacker to elevate privileges locally.
- CVE-2025-59278Oct 14, 2025risk 0.00cvss —epss 0.00
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
- CVE-2025-59275Oct 14, 2025risk 0.00cvss —epss 0.00
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
- CVE-2025-59253Oct 14, 2025risk 0.00cvss —epss 0.00
Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny service locally.
- CVE-2025-59244Oct 14, 2025risk 0.00cvss —epss 0.01
External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network.
- CVE-2025-59214Oct 14, 2025risk 0.00cvss —epss 0.02
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
- CVE-2025-59209Oct 14, 2025risk 0.00cvss —epss 0.00
Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally.
- CVE-2025-59208Oct 14, 2025risk 0.00cvss —epss 0.00
Out-of-bounds read in Windows MapUrlToZone allows an unauthorized attacker to disclose information over a network.
- CVE-2025-59205Oct 14, 2025risk 0.00cvss —epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
- CVE-2025-59203Oct 14, 2025risk 0.00cvss —epss 0.00
Insertion of sensitive information into log file in Windows StateRepository API allows an authorized attacker to disclose information locally.
- CVE-2025-59198Oct 14, 2025risk 0.00cvss —epss 0.00
Improper input validation in Microsoft Windows Search Component allows an authorized attacker to deny service locally.
- CVE-2025-59197Oct 14, 2025risk 0.00cvss —epss 0.00
Insertion of sensitive information into log file in Windows ETL Channel allows an authorized attacker to disclose information locally.
- CVE-2025-59193Oct 14, 2025risk 0.00cvss —epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
Page 124 of 167