CVSS: 5.0EPSS: 0%CPEs: 26EXPL: 0CVE-2025-21247 – MapUrlToZone Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2025-21247
11 Mar 2025 — Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21247 • CWE-41: Improper Resolution of Path Equivalence •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0CVE-2025-24996 – NTLM Hash Disclosure Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2025-24996
11 Mar 2025 — External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24996 • CWE-73: External Control of File Name or Path •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2025-24995 – Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-24995
11 Mar 2025 — Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24995 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2025-21180 – Windows exFAT File System Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-21180
11 Mar 2025 — Heap-based buffer overflow in Windows exFAT File System allows an unauthorized attacker to execute code locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21180 • CWE-122: Heap-based Buffer Overflow •
CVSS: 6.8EPSS: 0%CPEs: 26EXPL: 0CVE-2025-24988 – Windows USB Video Class System Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-24988
11 Mar 2025 — Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24988 • CWE-125: Out-of-bounds Read •
CVSS: 6.8EPSS: 0%CPEs: 26EXPL: 0CVE-2025-24987 – Windows USB Video Class System Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-24987
11 Mar 2025 — Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24987 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2025-24044 – Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-24044
11 Mar 2025 — Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24044 • CWE-416: Use After Free •
CVSS: 8.1EPSS: 0%CPEs: 26EXPL: 0CVE-2025-24035 – Windows Remote Desktop Services Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-24035
11 Mar 2025 — Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24035 • CWE-591: Sensitive Data Storage in Improperly Locked Memory •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2025-26634 – Windows Core Messaging Elevation of Privileges Vulnerability
https://notcve.org/view.php?id=CVE-2025-26634
11 Mar 2025 — Heap-based buffer overflow in Windows Core Messaging allows an authorized attacker to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26634 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2025-21373 – Windows Installer Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-21373
11 Feb 2025 — Windows Installer Elevation of Privilege Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Windows Installer service. By creating a symbolic link, an attacker can abuse the service to delete arbitrary files. An attacker can leverage this vulnerability to escalate p... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21373 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •