VYPR

Windows Server 2025

by Microsoft

CVEs (1,296)

  • CVE-2026-26172HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

  • CVE-2026-26170HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Improper input validation in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.

  • CVE-2026-26168HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

  • CVE-2026-26163HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Double free in Windows Kernel allows an authorized attacker to elevate privileges locally.

  • CVE-2026-26162HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Access of resource using incompatible type ('type confusion') in Windows OLE allows an authorized attacker to elevate privileges locally.

  • CVE-2026-26161HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Untrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally.

  • CVE-2026-26160HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally.

  • CVE-2026-26159HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally.

  • CVE-2026-26156HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap-based buffer overflow in Windows Hyper-V allows an unauthorized attacker to execute code locally.

  • CVE-2026-26153HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Out-of-bounds read in Windows Encrypting File System (EFS) allows an authorized attacker to elevate privileges locally.

  • CVE-2026-20930HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

  • CVE-2026-26128HigMar 10, 2026
    risk 0.51cvss 7.8epss 0.00

    Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally.

  • CVE-2026-25187HigMar 10, 2026
    risk 0.51cvss 7.8epss 0.03

    Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.

  • CVE-2026-20864HigJan 13, 2026
    risk 0.51cvss 7.8epss 0.01

    Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.

  • CVE-2026-20817HigJan 13, 2026
    risk 0.51cvss 7.8epss 0.05

    Improper handling of insufficient permissions or privileges in Windows Error Reporting allows an authorized attacker to elevate privileges locally.

  • CVE-2025-30388HigMay 13, 2025
    risk 0.51cvss 7.8epss 0.03

    Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.

  • CVE-2025-21338HigJan 14, 2025
    risk 0.51cvss 7.8epss 0.00

    GDI+ Remote Code Execution Vulnerability

  • CVE-2013-3900MedKEVDec 11, 2013
    risk 0.51cvss 5.5epss 0.45

    Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update the Security Updates table and to inform customers that the EnableCertPaddingCheck is available in all currently supported versions of Windows 10 and Windows…

  • CVE-2026-48563HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.01

    Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

  • CVE-2026-47654HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.01

    Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Page 8 of 65