VYPR

Vendor CVEs

Microsoft

All CVEs

14,318 total · sorted by risk
  • CVE-2025-59242HigOct 14, 2025
    risk 0.51cvss 7.8epss 0.00

    Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

  • CVE-2025-59241HigOct 14, 2025
    risk 0.51cvss 7.8epss 0.00

    Improper link resolution before file access ('link following') in Windows Health and Optimized Experiences Service allows an authorized attacker to elevate privileges locally.

  • CVE-2025-59238HigOct 14, 2025
    risk 0.51cvss 7.8epss 0.00

    Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

  • CVE-2025-59234HigOct 14, 2025
    risk 0.51cvss 7.8epss 0.01

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

  • CVE-2025-59233HigOct 14, 2025
    risk 0.51cvss 7.8epss 0.00

    Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  • CVE-2025-59231HigOct 14, 2025
    risk 0.51cvss 7.8epss 0.00

    Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  • CVE-2025-59227HigOct 14, 2025
    risk 0.51cvss 7.8epss 0.00

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

  • CVE-2025-59226HigOct 14, 2025
    risk 0.51cvss 7.8epss 0.00

    Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally.

  • CVE-2025-59225HigOct 14, 2025
    risk 0.51cvss 7.8epss 0.00

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  • CVE-2025-59224HigOct 14, 2025
    risk 0.51cvss 7.8epss 0.00

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  • CVE-2025-59223HigOct 14, 2025
    risk 0.51cvss 7.8epss 0.00

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  • CVE-2025-59222HigOct 14, 2025
    risk 0.51cvss 7.8epss 0.00

    Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

  • CVE-2025-59207HigOct 14, 2025
    risk 0.51cvss 7.8epss 0.00

    Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.

  • CVE-2025-59201HigOct 14, 2025
    risk 0.51cvss 7.8epss 0.00

    Improper access control in Network Connection Status Indicator (NCSI) allows an authorized attacker to elevate privileges locally.

  • CVE-2025-59199HigOct 14, 2025
    risk 0.51cvss 7.8epss 0.04

    Improper access control in Software Protection Platform (SPP) allows an authorized attacker to elevate privileges locally.

  • CVE-2025-59192HigOct 14, 2025
    risk 0.51cvss 7.8epss 0.00

    Buffer over-read in Storport.sys Driver allows an authorized attacker to elevate privileges locally.

  • CVE-2025-59191HigOct 14, 2025
    risk 0.51cvss 7.8epss 0.00

    Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.

  • CVE-2025-59187HigOct 14, 2025
    risk 0.51cvss 7.8epss 0.00

    Improper input validation in Windows Kernel allows an authorized attacker to elevate privileges locally.

  • CVE-2025-58728HigOct 14, 2025
    risk 0.51cvss 7.8epss 0.00

    Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.

  • CVE-2025-58724HigOct 14, 2025
    risk 0.51cvss 7.8epss 0.01

    Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.

  • CVE-2025-58722HigOct 14, 2025
    risk 0.51cvss 7.8epss 0.02

    Heap-based buffer overflow in Windows DWM allows an authorized attacker to elevate privileges locally.

  • CVE-2025-58720HigOct 14, 2025
    risk 0.51cvss 7.8epss 0.00

    Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.

  • CVE-2025-58714HigOct 14, 2025
    risk 0.51cvss 7.8epss 0.00

    Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

  • CVE-2025-55701HigOct 14, 2025
    risk 0.51cvss 7.8epss 0.00

    Improper validation of specified type of input in Microsoft Windows allows an authorized attacker to elevate privileges locally.

  • CVE-2025-55697HigOct 14, 2025
    risk 0.51cvss 7.8epss 0.00

    Heap-based buffer overflow in Azure Local allows an authorized attacker to elevate privileges locally.

  • CVE-2025-55696HigOct 14, 2025
    risk 0.51cvss 7.8epss 0.00

    Time-of-check time-of-use (toctou) race condition in NtQueryInformation Token function (ntifs.h) allows an authorized attacker to elevate privileges locally.

  • CVE-2025-55694HigOct 14, 2025
    risk 0.51cvss 7.8epss 0.03

    Improper access control in Windows Error Reporting allows an authorized attacker to elevate privileges locally.

  • CVE-2025-55692HigOct 14, 2025
    risk 0.51cvss 7.8epss 0.03

    Improper input validation in Windows Error Reporting allows an authorized attacker to elevate privileges locally.

  • CVE-2025-55680HigOct 14, 2025
    risk 0.51cvss 7.8epss 0.00

    Time-of-check time-of-use (toctou) race condition in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

  • CVE-2025-55677HigOct 14, 2025
    risk 0.51cvss 7.8epss 0.00

    Untrusted pointer dereference in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally.

  • CVE-2025-55339HigOct 14, 2025
    risk 0.51cvss 7.8epss 0.00

    Out-of-bounds read in Windows NDIS allows an authorized attacker to elevate privileges locally.

  • CVE-2025-55328HigOct 14, 2025
    risk 0.51cvss 7.8epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.

  • CVE-2025-53768HigOct 14, 2025
    risk 0.51cvss 7.8epss 0.00

    Use after free in Xbox allows an authorized attacker to elevate privileges locally.

  • CVE-2025-53150HigOct 14, 2025
    risk 0.51cvss 7.8epss 0.00

    Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.

  • CVE-2025-50175HigOct 14, 2025
    risk 0.51cvss 7.8epss 0.00

    Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.

  • CVE-2025-50152HigOct 14, 2025
    risk 0.51cvss 7.8epss 0.00

    Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally.

  • CVE-2025-24052HigOct 14, 2025
    risk 0.51cvss 7.8epss 0.02

    Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update. Fax…

  • CVE-2025-55317HigSep 9, 2025
    risk 0.51cvss 7.8epss 0.00

    Improper link resolution before file access ('link following') in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.

  • CVE-2025-55316HigSep 9, 2025
    risk 0.51cvss 7.8epss 0.00

    External control of file name or path in Azure Arc allows an authorized attacker to elevate privileges locally.

  • CVE-2025-55245HigSep 9, 2025
    risk 0.51cvss 7.8epss 0.00

    Improper link resolution before file access ('link following') in Xbox allows an authorized attacker to elevate privileges locally.

  • CVE-2025-55228HigSep 9, 2025
    risk 0.51cvss 7.8epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.

  • CVE-2025-55224HigSep 9, 2025
    risk 0.51cvss 7.8epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.

  • CVE-2025-54916HigSep 9, 2025
    risk 0.51cvss 7.8epss 0.02

    Stack-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.

  • CVE-2025-54913HigSep 9, 2025
    risk 0.51cvss 7.8epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows UI XAML Maps MapControlSettings allows an authorized attacker to elevate privileges locally.

  • CVE-2025-54912HigSep 9, 2025
    risk 0.51cvss 7.8epss 0.00

    Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally.

  • CVE-2025-54908HigSep 9, 2025
    risk 0.51cvss 7.8epss 0.01

    Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

  • CVE-2025-54907HigSep 9, 2025
    risk 0.51cvss 7.8epss 0.00

    Heap-based buffer overflow in Microsoft Office Visio allows an unauthorized attacker to execute code locally.

  • CVE-2025-54906HigSep 9, 2025
    risk 0.51cvss 7.8epss 0.01

    Free of memory not on the heap in Microsoft Office allows an unauthorized attacker to execute code locally.

  • CVE-2025-54904HigSep 9, 2025
    risk 0.51cvss 7.8epss 0.01

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  • CVE-2025-54903HigSep 9, 2025
    risk 0.51cvss 7.8epss 0.01

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Page 60 of 287