CVSS: 5.6EPSS: 0%CPEs: 26EXPL: 0CVE-2025-29956 – Windows SMB Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-29956
13 May 2025 — Buffer over-read in Windows SMB allows an authorized attacker to disclose information over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29956 • CWE-126: Buffer Over-read •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2025-29955 – Windows Hyper-V Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2025-29955
13 May 2025 — Improper input validation in Windows Hyper-V allows an unauthorized attacker to deny service locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29955 • CWE-20: Improper Input Validation •
CVSS: 7.6EPSS: 0%CPEs: 17EXPL: 0CVE-2025-29842 – UrlMon Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2025-29842
13 May 2025 — Acceptance of extraneous untrusted data with trusted data in UrlMon allows an unauthorized attacker to bypass a security feature over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29842 • CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data •
CVSS: 7.0EPSS: 0%CPEs: 10EXPL: 0CVE-2025-29841 – Universal Print Management Service Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-29841
13 May 2025 — Concurrent execution using shared resource with improper synchronization ('race condition') in Universal Print Management Service allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29841 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 4.0EPSS: 0%CPEs: 26EXPL: 0CVE-2025-29839 – Windows Multiple UNC Provider Driver Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-29839
13 May 2025 — Out-of-bounds read in Windows File Server allows an unauthorized attacker to disclose information locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29839 • CWE-125: Out-of-bounds Read •
CVSS: 7.4EPSS: 0%CPEs: 3EXPL: 0CVE-2025-29838 – Windows ExecutionContext Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-29838
13 May 2025 — Null pointer dereference in Windows Drivers allows an unauthorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29838 • CWE-476: NULL Pointer Dereference •
CVSS: 6.1EPSS: 0%CPEs: 26EXPL: 0CVE-2025-29837 – Windows Installer Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-29837
13 May 2025 — Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to disclose information locally. This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Windows Installer service. By creating a symbolic link, an attacker can abuse the ... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29837 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2025-29836 – Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-29836
13 May 2025 — Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29836 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0CVE-2025-29835 – Windows Remote Access Connection Manager Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-29835
13 May 2025 — Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29835 • CWE-125: Out-of-bounds Read CWE-476: NULL Pointer Dereference •
CVSS: 7.7EPSS: 0%CPEs: 21EXPL: 0CVE-2025-29833 – Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-29833
13 May 2025 — Time-of-check time-of-use (toctou) race condition in Windows Virtual Machine Bus allows an authorized attacker to execute code over a network. Time-of-check time-of-use (toctou) race condition in Windows Virtual Machine Bus allows an unauthorized attacker to execute code locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29833 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •