Vendor CVEs
Microsoft
All CVEs
14,324 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-59508 | Hig | 0.46 | 7.0 | 0.00 | Nov 11, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-59507 | Hig | 0.46 | 7.0 | 0.00 | Nov 11, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-59506 | Hig | 0.46 | 7.0 | 0.00 | Nov 11, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-59497 | Hig | 0.46 | 7.0 | 0.00 | Oct 14, 2025 | Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Linux allows an authorized attacker to deny service locally. | ||
| CVE-2025-59289 | Hig | 0.46 | 7.0 | 0.00 | Oct 14, 2025 | Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-59285 | Hig | 0.46 | 7.0 | 0.01 | Oct 14, 2025 | Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-59282 | Hig | 0.46 | 7.0 | 0.01 | Oct 14, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Inbox COM Objects allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-59261 | Hig | 0.46 | 7.0 | 0.00 | Oct 14, 2025 | Time-of-check time-of-use (toctou) race condition in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-59235 | Hig | 0.46 | 7.1 | 0.01 | Oct 14, 2025 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | ||
| CVE-2025-59232 | Hig | 0.46 | 7.1 | 0.00 | Oct 14, 2025 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | ||
| CVE-2025-59221 | Hig | 0.46 | 7.0 | 0.00 | Oct 14, 2025 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-59208 | Hig | 0.46 | 7.1 | 0.00 | Oct 14, 2025 | Out-of-bounds read in Windows MapUrlToZone allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2025-59205 | Hig | 0.46 | 7.0 | 0.00 | Oct 14, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-59202 | Hig | 0.46 | 7.0 | 0.00 | Oct 14, 2025 | Use after free in Windows Remote Desktop Services allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-59196 | Hig | 0.46 | 7.0 | 0.00 | Oct 14, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-59195 | Hig | 0.46 | 7.0 | 0.00 | Oct 14, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to deny service locally. | ||
| CVE-2025-59194 | Hig | 0.46 | 7.0 | 0.03 | Oct 14, 2025 | Use of uninitialized resource in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-59193 | Hig | 0.46 | 7.0 | 0.00 | Oct 14, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-58738 | Hig | 0.46 | 7.0 | 0.00 | Oct 14, 2025 | Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-58737 | Hig | 0.46 | 7.0 | 0.00 | Oct 14, 2025 | Use after free in Windows Remote Desktop allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-58736 | Hig | 0.46 | 7.0 | 0.00 | Oct 14, 2025 | Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-58735 | Hig | 0.46 | 7.0 | 0.00 | Oct 14, 2025 | Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-58734 | Hig | 0.46 | 7.0 | 0.00 | Oct 14, 2025 | Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-58733 | Hig | 0.46 | 7.0 | 0.00 | Oct 14, 2025 | Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-58732 | Hig | 0.46 | 7.0 | 0.00 | Oct 14, 2025 | Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-58731 | Hig | 0.46 | 7.0 | 0.00 | Oct 14, 2025 | Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-58730 | Hig | 0.46 | 7.0 | 0.00 | Oct 14, 2025 | Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-58727 | Hig | 0.46 | 7.0 | 0.00 | Oct 14, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-58725 | Hig | 0.46 | 7.0 | 0.00 | Oct 14, 2025 | Heap-based buffer overflow in Windows COM allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-55691 | Hig | 0.46 | 7.0 | 0.00 | Oct 14, 2025 | Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-55690 | Hig | 0.46 | 7.0 | 0.00 | Oct 14, 2025 | Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-55689 | Hig | 0.46 | 7.0 | 0.00 | Oct 14, 2025 | Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-55688 | Hig | 0.46 | 7.0 | 0.00 | Oct 14, 2025 | Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-55686 | Hig | 0.46 | 7.0 | 0.00 | Oct 14, 2025 | Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-55685 | Hig | 0.46 | 7.0 | 0.00 | Oct 14, 2025 | Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-55684 | Hig | 0.46 | 7.0 | 0.00 | Oct 14, 2025 | Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-55681 | Hig | 0.46 | 7.0 | 0.05 | Oct 14, 2025 | Out-of-bounds read in Windows DWM allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-55678 | Hig | 0.46 | 7.0 | 0.00 | Oct 14, 2025 | Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-55340 | Hig | 0.46 | 7.0 | 0.00 | Oct 14, 2025 | Improper authentication in Windows Remote Desktop Protocol allows an authorized attacker to bypass a security feature locally. | ||
| CVE-2025-55331 | Hig | 0.46 | 7.0 | 0.00 | Oct 14, 2025 | Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-53717 | Hig | 0.46 | 7.0 | 0.00 | Oct 14, 2025 | Reliance on untrusted inputs in a security decision in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-50174 | Hig | 0.46 | 7.0 | 0.00 | Oct 14, 2025 | Use after free in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-47989 | Hig | 0.46 | 7.0 | 0.01 | Oct 14, 2025 | Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-59220 | Hig | 0.46 | 7.0 | 0.00 | Sep 18, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-59216 | Hig | 0.46 | 7.0 | 0.00 | Sep 18, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-59215 | Hig | 0.46 | 7.0 | 0.00 | Sep 18, 2025 | Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-55223 | Hig | 0.46 | 7.0 | 0.00 | Sep 9, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-54905 | Hig | 0.46 | 7.1 | 0.01 | Sep 9, 2025 | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | ||
| CVE-2025-54115 | Hig | 0.46 | 7.0 | 0.00 | Sep 9, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-54114 | Hig | 0.46 | 7.0 | 0.00 | Sep 9, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. |
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Linux allows an authorized attacker to deny service locally.
- risk 0.46cvss 7.0epss 0.00
Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.01
Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.01
Concurrent execution using shared resource with improper synchronization ('race condition') in Inbox COM Objects allows an unauthorized attacker to execute code locally.
- risk 0.46cvss 7.0epss 0.00
Time-of-check time-of-use (toctou) race condition in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.1epss 0.01
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
- risk 0.46cvss 7.1epss 0.00
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- risk 0.46cvss 7.1epss 0.00
Out-of-bounds read in Windows MapUrlToZone allows an unauthorized attacker to disclose information over a network.
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Remote Desktop Services allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to deny service locally.
- risk 0.46cvss 7.0epss 0.03
Use of uninitialized resource in Windows Kernel allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Remote Desktop allows an unauthorized attacker to execute code locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Heap-based buffer overflow in Windows COM allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.05
Out-of-bounds read in Windows DWM allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Improper authentication in Windows Remote Desktop Protocol allows an authorized attacker to bypass a security feature locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Reliance on untrusted inputs in a security decision in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.01
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.1epss 0.01
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.
Page 132 of 287