CVSS: 7.0EPSS: 0%CPEs: 10EXPL: 0CVE-2025-59289 – Windows Bluetooth Service Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-59289
14 Oct 2025 — Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59289 • CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0CVE-2025-59278 – Windows Authentication Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-59278
14 Oct 2025 — Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59278 • CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0CVE-2025-59275 – Windows Authentication Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-59275
14 Oct 2025 — Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59275 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 5.5EPSS: 0%CPEs: 19EXPL: 0CVE-2025-59253 – Windows Search Service Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2025-59253
14 Oct 2025 — Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny service locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59253 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 9%CPEs: 22EXPL: 0CVE-2025-59230 – Microsoft Windows Improper Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2025-59230
14 Oct 2025 — Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally. Microsoft Windows contains an improper access control vulnerability in Windows Remote Access Connection Manager which could allow an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59230 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2025-59244 – NTLM Hash Disclosure Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2025-59244
14 Oct 2025 — External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59244 • CWE-73: External Control of File Name or Path •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2025-59214 – Microsoft Windows File Explorer Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2025-59214
14 Oct 2025 — Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59214 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 19EXPL: 0CVE-2025-59209 – Windows Push Notification Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-59209
14 Oct 2025 — Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59209 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.5EPSS: 0%CPEs: 22EXPL: 0CVE-2025-59208 – Windows MapUrlToZone Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-59208
14 Oct 2025 — Out-of-bounds read in Windows MapUrlToZone allows an unauthorized attacker to disclose information over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59208 • CWE-125: Out-of-bounds Read •
CVSS: 7.0EPSS: 0%CPEs: 22EXPL: 0CVE-2025-59205 – Windows Graphics Component Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-59205
14 Oct 2025 — Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59205 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •