Page 4 of 670 results (0.005 seconds)

CVSS: 7.8EPSS: %CPEs: 26EXPL: 0

10 Jun 2025 — Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32713 • CWE-122: Heap-based Buffer Overflow •

CVSS: 7.8EPSS: %CPEs: 26EXPL: 0

10 Jun 2025 — Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32712 • CWE-416: Use After Free •

CVSS: 7.8EPSS: %CPEs: 26EXPL: 0

10 Jun 2025 — Improper access control in Windows Installer allows an authorized attacker to elevate privileges locally. This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Windows Installer service. The service uses a resource from an unsecured location. An attacker can leverage this vulnerabil... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32714 • CWE-284: Improper Access Control •

CVSS: 7.8EPSS: %CPEs: 26EXPL: 0

10 Jun 2025 — Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally. This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Windows Installer service. By creating a symbolic link, an attacker can abuse the se... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33075 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0

13 May 2025 — Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24063 • CWE-122: Heap-based Buffer Overflow •

CVSS: 7.6EPSS: 30%CPEs: 26EXPL: 3

13 May 2025 — Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network. Microsoft Windows Scripting Engine contains a type confusion vulnerability that allows an unauthorized attacker to execute code over a network via a specially crafted URL. • https://packetstorm.news/files/id/200680 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 7.8EPSS: 0%CPEs: 30EXPL: 0

13 May 2025 — Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30388 • CWE-122: Heap-based Buffer Overflow •

CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0

13 May 2025 — Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30385 • CWE-416: Use After Free •

CVSS: 6.1EPSS: 0%CPEs: 26EXPL: 0

13 May 2025 — Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose information over an adjacent network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29974 • CWE-125: Out-of-bounds Read CWE-191: Integer Underflow (Wrap or Wraparound) •

CVSS: 10.0EPSS: 0%CPEs: 13EXPL: 0

13 May 2025 — Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29963 • CWE-122: Heap-based Buffer Overflow •