Vendor CVEs
Microsoft
All CVEs
14,324 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-55226 | Med | 0.44 | 6.7 | 0.00 | Sep 9, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to execute code locally. | ||
| CVE-2025-54915 | Med | 0.44 | 6.7 | 0.00 | Sep 9, 2025 | Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-54109 | Med | 0.44 | 6.7 | 0.00 | Sep 9, 2025 | Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-54104 | Med | 0.44 | 6.7 | 0.00 | Sep 9, 2025 | Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-54094 | Med | 0.44 | 6.7 | 0.00 | Sep 9, 2025 | Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-53810 | Med | 0.44 | 6.7 | 0.00 | Sep 9, 2025 | Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-53808 | Med | 0.44 | 6.7 | 0.00 | Sep 9, 2025 | Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-53736 | Med | 0.44 | 6.8 | 0.00 | Aug 12, 2025 | Buffer over-read in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | ||
| CVE-2025-49751 | Med | 0.44 | 6.8 | 0.00 | Aug 12, 2025 | Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network. | ||
| CVE-2025-49743 | Med | 0.44 | 6.7 | 0.00 | Aug 12, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-48807 | Med | 0.44 | 6.7 | 0.00 | Aug 12, 2025 | Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally. | ||
| CVE-2025-48818 | Med | 0.44 | 6.8 | 0.00 | Jul 8, 2025 | Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | ||
| CVE-2025-48811 | Med | 0.44 | 6.7 | 0.00 | Jul 8, 2025 | Missing support for integrity check in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-48804 | Med | 0.44 | 6.8 | 0.01 | Jul 8, 2025 | Acceptance of extraneous untrusted data with trusted data in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | ||
| CVE-2025-48803 | Med | 0.44 | 6.7 | 0.00 | Jul 8, 2025 | Missing support for integrity check in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-48800 | Med | 0.44 | 6.8 | 0.01 | Jul 8, 2025 | Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | ||
| CVE-2025-48003 | Med | 0.44 | 6.8 | 0.01 | Jul 8, 2025 | Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | ||
| CVE-2025-48001 | Med | 0.44 | 6.8 | 0.00 | Jul 8, 2025 | Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | ||
| CVE-2025-47999 | Med | 0.44 | 6.8 | 0.00 | Jul 8, 2025 | Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network. | ||
| CVE-2025-27488 | Med | 0.44 | 6.7 | 0.00 | May 13, 2025 | Use of hard-coded credentials in Windows Hardware Lab Kit allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-26684 | Med | 0.44 | 6.7 | 0.00 | May 13, 2025 | External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-32726 | Med | 0.44 | 6.8 | 0.00 | Apr 12, 2025 | Improper access control in Visual Studio Code allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-26681 | Med | 0.44 | 6.7 | 0.01 | Apr 8, 2025 | Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-26637 | Med | 0.44 | 6.8 | 0.01 | Apr 8, 2025 | Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | ||
| CVE-2025-25002 | Med | 0.44 | 6.8 | 0.01 | Apr 8, 2025 | Insertion of sensitive information into log file in Azure Local Cluster allows an authorized attacker to disclose information over an adjacent network. | ||
| CVE-2025-21199 | Med | 0.44 | 6.7 | 0.00 | Mar 11, 2025 | Improper privilege management in Azure Agent Installer allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-21377 | Med | 0.44 | 6.5 | 0.23 | Feb 11, 2025 | NTLM Hash Disclosure Spoofing Vulnerability | ||
| CVE-2025-21349 | Med | 0.44 | 6.8 | 0.01 | Feb 11, 2025 | Windows Remote Desktop Configuration Service Tampering Vulnerability | ||
| CVE-2025-21357 | Med | 0.44 | 6.7 | 0.01 | Jan 14, 2025 | Microsoft Outlook Remote Code Execution Vulnerability | ||
| CVE-2025-21211 | Med | 0.44 | 6.8 | 0.01 | Jan 14, 2025 | Secure Boot Security Feature Bypass Vulnerability | ||
| CVE-2024-49110 | Med | 0.44 | 6.8 | 0.01 | Dec 12, 2024 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | ||
| CVE-2024-49092 | Med | 0.44 | 6.8 | 0.01 | Dec 12, 2024 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | ||
| CVE-2024-49083 | Med | 0.44 | 6.8 | 0.01 | Dec 12, 2024 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | ||
| CVE-2024-49082 | Med | 0.44 | 6.8 | 0.02 | Dec 12, 2024 | Windows File Explorer Information Disclosure Vulnerability | ||
| CVE-2024-49078 | Med | 0.44 | 6.8 | 0.01 | Dec 12, 2024 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | ||
| CVE-2024-49077 | Med | 0.44 | 6.8 | 0.01 | Dec 12, 2024 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | ||
| CVE-2024-49073 | Med | 0.44 | 6.8 | 0.01 | Dec 12, 2024 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | ||
| CVE-2024-49044 | Med | 0.44 | 6.7 | 0.01 | Nov 12, 2024 | Visual Studio Elevation of Privilege Vulnerability | ||
| CVE-2024-43646 | Med | 0.44 | 6.7 | 0.01 | Nov 12, 2024 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability | ||
| CVE-2024-43645 | Med | 0.44 | 6.7 | 0.01 | Nov 12, 2024 | Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability | ||
| CVE-2024-43643 | Med | 0.44 | 6.8 | 0.01 | Nov 12, 2024 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability | ||
| CVE-2024-43638 | Med | 0.44 | 6.8 | 0.01 | Nov 12, 2024 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability | ||
| CVE-2024-43637 | Med | 0.44 | 6.8 | 0.01 | Nov 12, 2024 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability | ||
| CVE-2024-43634 | Med | 0.44 | 6.8 | 0.01 | Nov 12, 2024 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability | ||
| CVE-2024-43631 | Med | 0.44 | 6.7 | 0.01 | Nov 12, 2024 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability | ||
| CVE-2024-43449 | Med | 0.44 | 6.8 | 0.01 | Nov 12, 2024 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability | ||
| CVE-2024-43543 | Med | 0.44 | 6.8 | 0.01 | Oct 8, 2024 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | ||
| CVE-2024-43536 | Med | 0.44 | 6.8 | 0.01 | Oct 8, 2024 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | ||
| CVE-2024-43526 | Med | 0.44 | 6.8 | 0.01 | Oct 8, 2024 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | ||
| CVE-2024-43525 | Med | 0.44 | 6.8 | 0.01 | Oct 8, 2024 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
- risk 0.44cvss 6.7epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to execute code locally.
- risk 0.44cvss 6.7epss 0.00
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.
- risk 0.44cvss 6.7epss 0.00
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.
- risk 0.44cvss 6.7epss 0.00
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.
- risk 0.44cvss 6.7epss 0.00
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.
- risk 0.44cvss 6.7epss 0.00
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.
- risk 0.44cvss 6.7epss 0.00
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.
- risk 0.44cvss 6.8epss 0.00
Buffer over-read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
- risk 0.44cvss 6.8epss 0.00
Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.
- risk 0.44cvss 6.7epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
- risk 0.44cvss 6.7epss 0.00
Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally.
- risk 0.44cvss 6.8epss 0.00
Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
- risk 0.44cvss 6.7epss 0.00
Missing support for integrity check in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
- risk 0.44cvss 6.8epss 0.01
Acceptance of extraneous untrusted data with trusted data in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
- risk 0.44cvss 6.7epss 0.00
Missing support for integrity check in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
- risk 0.44cvss 6.8epss 0.01
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
- risk 0.44cvss 6.8epss 0.01
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
- risk 0.44cvss 6.8epss 0.00
Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
- risk 0.44cvss 6.8epss 0.00
Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.
- risk 0.44cvss 6.7epss 0.00
Use of hard-coded credentials in Windows Hardware Lab Kit allows an authorized attacker to elevate privileges locally.
- risk 0.44cvss 6.7epss 0.00
External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.
- risk 0.44cvss 6.8epss 0.00
Improper access control in Visual Studio Code allows an authorized attacker to elevate privileges locally.
- risk 0.44cvss 6.7epss 0.01
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
- risk 0.44cvss 6.8epss 0.01
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
- risk 0.44cvss 6.8epss 0.01
Insertion of sensitive information into log file in Azure Local Cluster allows an authorized attacker to disclose information over an adjacent network.
- risk 0.44cvss 6.7epss 0.00
Improper privilege management in Azure Agent Installer allows an authorized attacker to elevate privileges locally.
- risk 0.44cvss 6.5epss 0.23
NTLM Hash Disclosure Spoofing Vulnerability
- risk 0.44cvss 6.8epss 0.01
Windows Remote Desktop Configuration Service Tampering Vulnerability
- risk 0.44cvss 6.7epss 0.01
Microsoft Outlook Remote Code Execution Vulnerability
- risk 0.44cvss 6.8epss 0.01
Secure Boot Security Feature Bypass Vulnerability
- risk 0.44cvss 6.8epss 0.01
Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
- risk 0.44cvss 6.8epss 0.01
Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
- risk 0.44cvss 6.8epss 0.01
Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
- risk 0.44cvss 6.8epss 0.02
Windows File Explorer Information Disclosure Vulnerability
- risk 0.44cvss 6.8epss 0.01
Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
- risk 0.44cvss 6.8epss 0.01
Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
- risk 0.44cvss 6.8epss 0.01
Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
- risk 0.44cvss 6.7epss 0.01
Visual Studio Elevation of Privilege Vulnerability
- risk 0.44cvss 6.7epss 0.01
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
- risk 0.44cvss 6.7epss 0.01
Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability
- risk 0.44cvss 6.8epss 0.01
Windows USB Video Class System Driver Elevation of Privilege Vulnerability
- risk 0.44cvss 6.8epss 0.01
Windows USB Video Class System Driver Elevation of Privilege Vulnerability
- risk 0.44cvss 6.8epss 0.01
Windows USB Video Class System Driver Elevation of Privilege Vulnerability
- risk 0.44cvss 6.8epss 0.01
Windows USB Video Class System Driver Elevation of Privilege Vulnerability
- risk 0.44cvss 6.7epss 0.01
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
- risk 0.44cvss 6.8epss 0.01
Windows USB Video Class System Driver Elevation of Privilege Vulnerability
- risk 0.44cvss 6.8epss 0.01
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
- risk 0.44cvss 6.8epss 0.01
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
- risk 0.44cvss 6.8epss 0.01
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
- risk 0.44cvss 6.8epss 0.01
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
Page 142 of 287