Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows
Subscriptions
Total
9104 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-26155 | 2 Microsoft, Ncp-e | 5 Windows, Ncp Secure Entry Client, Secure Client and 2 more | 2025-12-30 | 9.8 Critical |
| NCP Secure Enterprise Client 13.18 and NCP Secure Entry Windows Client 13.19 have an Untrusted Search Path vulnerability. | ||||
| CVE-2023-53944 | 2 Easyphp, Microsoft | 2 Webserver, Windows | 2025-12-26 | 6.5 Medium |
| EasyPHP Webserver 14.1 contains a path traversal vulnerability that allows remote users with low privileges to access files outside the document root by bypassing SecurityManager restrictions. Attackers can send GET requests with encoded directory traversal sequences like /..%5c..%5c to read system files such as /windows/win.ini. | ||||
| CVE-2025-8304 | 2 Checkpoint, Microsoft | 2 Identity Agent, Windows | 2025-12-23 | 6.5 Medium |
| An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being accessible in the Windows Registry keys for Check Point Identity Agent running on a Terminal Server. | ||||
| CVE-2025-59220 | 1 Microsoft | 19 Windows, Windows 10, Windows 10 21h2 and 16 more | 2025-12-23 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59216 | 1 Microsoft | 6 Windows, Windows 11, Windows 11 24h2 and 3 more | 2025-12-23 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55224 | 1 Microsoft | 21 Hyper-v, Windows, Windows 10 and 18 more | 2025-12-23 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally. | ||||
| CVE-2025-54917 | 1 Microsoft | 28 Windows, Windows 10, Windows 10 1507 and 25 more | 2025-12-23 | 4.3 Medium |
| Protection mechanism failure in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. | ||||
| CVE-2025-54912 | 1 Microsoft | 28 Bitlocker, Windows, Windows 10 and 25 more | 2025-12-23 | 7.8 High |
| Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54911 | 1 Microsoft | 28 Bitlocker, Windows, Windows 10 and 25 more | 2025-12-23 | 7.3 High |
| Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54115 | 1 Microsoft | 21 Hyper-v, Windows, Windows 10 and 18 more | 2025-12-23 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54107 | 1 Microsoft | 28 Windows, Windows 10, Windows 10 1507 and 25 more | 2025-12-23 | 4.3 Medium |
| Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. | ||||
| CVE-2025-54103 | 1 Microsoft | 18 Windows, Windows 10, Windows 10 21h2 and 15 more | 2025-12-23 | 7.4 High |
| Use after free in Windows Management Services allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2025-54098 | 1 Microsoft | 27 Windows, Windows 10, Windows 10 1507 and 24 more | 2025-12-23 | 7.8 High |
| Improper access control in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54092 | 1 Microsoft | 21 Hyper-v, Windows, Windows 10 and 18 more | 2025-12-23 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54091 | 1 Microsoft | 26 Hyper-v, Windows, Windows 10 and 23 more | 2025-12-23 | 7.8 High |
| Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-53809 | 1 Microsoft | 6 Windows, Windows 11, Windows 11 24h2 and 3 more | 2025-12-23 | 6.5 Medium |
| Improper input validation in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to deny service over a network. | ||||
| CVE-2025-53805 | 1 Microsoft | 14 Internet Information Services, Windows, Windows 11 and 11 more | 2025-12-23 | 7.5 High |
| Out-of-bounds read in Windows Internet Information Services allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2025-53804 | 1 Microsoft | 25 Windows, Windows 10, Windows 10 1507 and 22 more | 2025-12-23 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-53803 | 1 Microsoft | 25 Windows, Windows 10, Windows 10 1507 and 22 more | 2025-12-23 | 5.5 Medium |
| Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-59215 | 1 Microsoft | 7 Graphics Component, Windows, Windows 11 and 4 more | 2025-12-23 | 7 High |
| Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | ||||