CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2025-24044 – Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-24044
11 Mar 2025 — Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24044 • CWE-416: Use After Free •
CVSS: 8.1EPSS: 0%CPEs: 26EXPL: 0CVE-2025-24035 – Windows Remote Desktop Services Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-24035
11 Mar 2025 — Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24035 • CWE-591: Sensitive Data Storage in Improperly Locked Memory •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2025-26634 – Windows Core Messaging Elevation of Privileges Vulnerability
https://notcve.org/view.php?id=CVE-2025-26634
11 Mar 2025 — Heap-based buffer overflow in Windows Core Messaging allows an authorized attacker to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26634 • CWE-122: Heap-based Buffer Overflow •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26643 – Microsoft Edge (Chromium-based) Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2025-26643
07 Mar 2025 — No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. The UI performs the wrong action in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26643 • CWE-449: The UI Performs the Wrong Action •
CVSS: 6.5EPSS: 2%CPEs: 2EXPL: 1CVE-2024-57972
https://notcve.org/view.php?id=CVE-2024-57972
06 Mar 2025 — The pairing API request handler in Microsoft HoloLens 1 (Windows Holographic) through 10.0.17763.3046 and HoloLens 2 (Windows Holographic) through 10.0.22621.1244 allows remote attackers to cause a Denial of Service (resource consumption and device unusability) by sending many requests through the Device Portal framework. • https://github.com/tania-silva/CVE-2024-57972 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 10.0EPSS: 23%CPEs: 1EXPL: 0CVE-2025-24989 – Microsoft Power Pages Improper Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2025-24989
19 Feb 2025 — An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected cusomters have been notified. This update addressed the registration control bypass. Affected customers have been given instructions on reviewing their sites for potential exploitation and clean up methods. If you've not been notified this vulnerability do... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24989 • CWE-284: Improper Access Control •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21355 – Microsoft Bing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-21355
19 Feb 2025 — Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to execute code over a network • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21355 • CWE-306: Missing Authentication for Critical Function •
CVSS: 4.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21401 – Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2025-21401
14 Feb 2025 — Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21401 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.8EPSS: 3%CPEs: 3EXPL: 0CVE-2025-25199 – BCryptGenerateSymmetricKey memory leak
https://notcve.org/view.php?id=CVE-2025-25199
12 Feb 2025 — go-crypto-winnative Go crypto backend for Windows using Cryptography API: Next Generation (CNG). Prior to commit f49c8e1379ea4b147d5bff1b3be5b0ff45792e41, calls to `cng.TLS1PRF` don't release the key handle, producing a small memory leak every time. Commit f49c8e1379ea4b147d5bff1b3be5b0ff45792e41 contains a fix for the issue. The fix is included in versions 1.23.6-2 and 1.22.12-2 of the Microsoft build of go, as well as in the pseudoversion 0.0.0-20250211154640-f49c8e1379ea of the `github.com/microsoft/go-c... • https://github.com/microsoft/go-crypto-winnative/commit/f49c8e1379ea4b147d5bff1b3be5b0ff45792e41 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24042 – Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-24042
11 Feb 2025 — Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24042 • CWE-284: Improper Access Control •