CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-29812 – DirectX Graphics Kernel Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-29812
08 Apr 2025 — Untrusted pointer dereference in Windows Kernel Memory allows an authorized attacker to elevate privileges locally. This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the dxkrnl.sys driver. The issue results from the lack of proper validation of a user-supplied value prior to derefer... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29812 • CWE-822: Untrusted Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 1CVE-2025-29810 – Active Directory Domain Services Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-29810
08 Apr 2025 — Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network. • https://github.com/aleongx/CVE-2025-29810-check • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-29808 – Windows Cryptographic Services Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-29808
08 Apr 2025 — Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29808 • CWE-1240: Use of a Cryptographic Primitive with a Risky Implementation •
CVSS: 7.1EPSS: 0%CPEs: 17EXPL: 0CVE-2025-29809 – Windows Kerberos Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2025-29809
08 Apr 2025 — Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29809 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2025-27739 – Windows Kernel Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-27739
08 Apr 2025 — Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27739 • CWE-822: Untrusted Pointer Dereference •
CVSS: 6.8EPSS: 0%CPEs: 21EXPL: 0CVE-2025-27738 – Windows Resilient File System (ReFS) Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-27738
08 Apr 2025 — Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27738 • CWE-284: Improper Access Control •
CVSS: 8.6EPSS: 0%CPEs: 26EXPL: 0CVE-2025-27737 – Windows Security Zone Mapping Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2025-27737
08 Apr 2025 — Improper input validation in Windows Security Zone Mapping allows an unauthorized attacker to bypass a security feature locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27737 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2025-27736 – Windows Power Dependency Coordinator Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-27736
08 Apr 2025 — Exposure of sensitive information to an unauthorized actor in Windows Power Dependency Coordinator allows an authorized attacker to disclose information locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27736 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.0EPSS: 0%CPEs: 17EXPL: 0CVE-2025-27735 – Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2025-27735
08 Apr 2025 — Insufficient verification of data authenticity in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27735 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.0EPSS: 0%CPEs: 26EXPL: 0CVE-2025-27732 – Windows Graphics Component Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-27732
08 Apr 2025 — Sensitive data storage in improperly locked memory in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27732 • CWE-591: Sensitive Data Storage in Improperly Locked Memory •