Vendor CVEs
Microsoft
All CVEs
14,318 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-49738 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-49733 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-49732 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-49726 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Use after free in Windows Notification allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-49725 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Use after free in Windows Notification allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-49721 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Heap-based buffer overflow in Windows Fast FAT Driver allows an unauthorized attacker to elevate privileges locally. | ||
| CVE-2025-49714 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Trust boundary violation in Visual Studio Code - Python extension allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-49711 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-49705 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-49703 | Hig | 0.51 | 7.8 | 0.01 | Jul 8, 2025 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-49702 | Hig | 0.51 | 7.8 | 0.01 | Jul 8, 2025 | Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-49700 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-49698 | Hig | 0.51 | 7.8 | 0.01 | Jul 8, 2025 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-49694 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Null pointer dereference in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-49693 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-49689 | Hig | 0.51 | 7.8 | 0.01 | Jul 8, 2025 | Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally. | ||
| CVE-2025-49686 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Null pointer dereference in Windows TCP/IP allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-49679 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Numeric truncation error in Windows Shell allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-49675 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Use after free in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-49667 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-49665 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Workspace Broker allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-49661 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-49660 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Use after free in Windows Event Tracing allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-49659 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-48820 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Improper link resolution before file access ('link following') in Windows AppX Deployment Service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-48816 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Integer overflow or wraparound in HID class driver allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-48815 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Access of resource using incompatible type ('type confusion') in Windows SSDP Service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-48806 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Use after free in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally. | ||
| CVE-2025-48805 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Heap-based buffer overflow in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally. | ||
| CVE-2025-48799 | Hig | 0.51 | 7.8 | 0.01 | Jul 8, 2025 | Improper link resolution before file access ('link following') in Windows Update Service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-48000 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-47996 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Integer underflow (wrap or wraparound) in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-47994 | Hig | 0.51 | 7.8 | 0.03 | Jul 8, 2025 | Deserialization of untrusted data in Microsoft Office allows an unauthorized attacker to elevate privileges locally. | ||
| CVE-2025-47993 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Improper access control in Microsoft PC Manager allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-47991 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Use after free in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-47985 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-47982 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Improper input validation in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-47976 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-47973 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally. | ||
| CVE-2025-47971 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally. | ||
| CVE-2025-47159 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Protection mechanism failure in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-49741 | Hig | 0.51 | 7.4 | 0.03 | Jul 1, 2025 | No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2025-47968 | Hig | 0.51 | 7.8 | 0.00 | Jun 10, 2025 | Improper input validation in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-47962 | Hig | 0.51 | 7.8 | 0.01 | Jun 10, 2025 | Improper access control in Windows SDK allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-47955 | Hig | 0.51 | 7.8 | 0.01 | Jun 10, 2025 | Improper privilege management in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-47176 | Hig | 0.51 | 7.8 | 0.01 | Jun 10, 2025 | '.../...//' in Microsoft Office Outlook allows an authorized attacker to execute code locally. | ||
| CVE-2025-47174 | Hig | 0.51 | 7.8 | 0.00 | Jun 10, 2025 | Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-47173 | Hig | 0.51 | 7.8 | 0.01 | Jun 10, 2025 | Improper input validation in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-47170 | Hig | 0.51 | 7.8 | 0.01 | Jun 10, 2025 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-47169 | Hig | 0.51 | 7.8 | 0.01 | Jun 10, 2025 | Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
- risk 0.51cvss 7.8epss 0.00
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Windows Notification allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Windows Notification allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Windows Fast FAT Driver allows an unauthorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Trust boundary violation in Visual Studio Code - Python extension allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.01
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.01
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.01
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Null pointer dereference in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.01
Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Null pointer dereference in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Numeric truncation error in Windows Shell allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Workspace Broker allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Windows Event Tracing allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Improper link resolution before file access ('link following') in Windows AppX Deployment Service allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Integer overflow or wraparound in HID class driver allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Access of resource using incompatible type ('type confusion') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.01
Improper link resolution before file access ('link following') in Windows Update Service allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Integer underflow (wrap or wraparound) in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.03
Deserialization of untrusted data in Microsoft Office allows an unauthorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Improper access control in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Improper input validation in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Protection mechanism failure in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.4epss 0.03
No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.
- risk 0.51cvss 7.8epss 0.00
Improper input validation in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.01
Improper access control in Windows SDK allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.01
Improper privilege management in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.01
'.../...//' in Microsoft Office Outlook allows an authorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.01
Improper input validation in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.01
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.01
Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Page 62 of 287