VYPR

Windows 11 23h2

by Microsoft

Source repositories

CVEs (2,235)

  • CVE-2025-59294Oct 14, 2025
    risk 0.00cvss epss 0.01

    Exposure of sensitive information to an unauthorized actor in Windows Taskbar Live allows an unauthorized attacker to disclose information with a physical attack.

  • CVE-2025-59290Oct 14, 2025
    risk 0.00cvss epss 0.00

    Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.

  • CVE-2025-59284Oct 14, 2025
    risk 0.00cvss epss 0.01

    Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing locally.

  • CVE-2025-59282Oct 14, 2025
    risk 0.00cvss epss 0.01

    Concurrent execution using shared resource with improper synchronization ('race condition') in Inbox COM Objects allows an unauthorized attacker to execute code locally.

  • CVE-2025-59280Oct 14, 2025
    risk 0.00cvss epss 0.00

    Improper authentication in Windows SMB Client allows an unauthorized attacker to perform tampering over a network.

  • CVE-2025-59277Oct 14, 2025
    risk 0.00cvss epss 0.00

    Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.

  • CVE-2025-59259Oct 14, 2025
    risk 0.00cvss epss 0.01

    Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.

  • CVE-2025-59255Oct 14, 2025
    risk 0.00cvss epss 0.00

    Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

  • CVE-2025-49708Oct 14, 2025
    risk 0.00cvss epss 0.01

    Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges over a network.

  • CVE-2025-59242Oct 14, 2025
    risk 0.00cvss epss 0.00

    Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

  • CVE-2025-59211Oct 14, 2025
    risk 0.00cvss epss 0.01

    Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally.

  • CVE-2025-59207Oct 14, 2025
    risk 0.00cvss epss 0.00

    Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.

  • CVE-2025-59204Oct 14, 2025
    risk 0.00cvss epss 0.00

    Use of uninitialized resource in Windows Management Services allows an authorized attacker to disclose information locally.

  • CVE-2025-59202Oct 14, 2025
    risk 0.00cvss epss 0.00

    Use after free in Windows Remote Desktop Services allows an authorized attacker to elevate privileges locally.

  • CVE-2025-59201Oct 14, 2025
    risk 0.00cvss epss 0.00

    Improper access control in Network Connection Status Indicator (NCSI) allows an authorized attacker to elevate privileges locally.

  • CVE-2025-59200Oct 14, 2025
    risk 0.00cvss epss 0.01

    Concurrent execution using shared resource with improper synchronization ('race condition') in Data Sharing Service Client allows an unauthorized attacker to perform spoofing locally.

  • CVE-2025-59199Oct 14, 2025
    risk 0.00cvss epss 0.04

    Improper access control in Software Protection Platform (SPP) allows an authorized attacker to elevate privileges locally.

  • CVE-2025-59196Oct 14, 2025
    risk 0.00cvss epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

  • CVE-2025-59195Oct 14, 2025
    risk 0.00cvss epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to deny service locally.

  • CVE-2025-59185Oct 14, 2025
    risk 0.00cvss epss 0.01

    External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network.

Page 68 of 112