CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2025-47985 – Windows Event Tracing Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-47985
08 Jul 2025 — Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47985 • CWE-822: Untrusted Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2025-47984 – Windows GDI Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-47984
08 Jul 2025 — Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47984 • CWE-693: Protection Mechanism Failure •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2025-47976 – Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-47976
08 Jul 2025 — Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47976 • CWE-416: Use After Free •
CVSS: 8.0EPSS: 0%CPEs: 17EXPL: 0CVE-2025-47972 – Windows Input Method Editor (IME) Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-47972
08 Jul 2025 — Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47972 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2025-47971 – Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-47971
08 Jul 2025 — Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47971 • CWE-126: Buffer Over-read •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2025-47159 – Windows Virtualization-Based Security (VBS) Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-47159
08 Jul 2025 — Protection mechanism failure in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47159 • CWE-693: Protection Mechanism Failure •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2025-48820 – Windows AppX Deployment Service Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-48820
08 Jul 2025 — Improper link resolution before file access ('link following') in Windows AppX Deployment Service allows an authorized attacker to elevate privileges locally. This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AppX Deployment Service. By creating a symbolic link, an attacker can ... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48820 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.8EPSS: 0%CPEs: 26EXPL: 0CVE-2025-49727 – Win32k Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-49727
08 Jul 2025 — Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32kfull driver. The issue results from the lack of proper validation of user-supplied data, which can result in a... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49727 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2025-49732 – Windows Graphics Component Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-49732
08 Jul 2025 — Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32kfull driver. The issue results from the lack of proper validation of user-supplied data, which can resu... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49732 • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 0CVE-2025-49740 – Windows SmartScreen Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2025-49740
08 Jul 2025 — Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network. This vulnerability allows remote attackers to bypass the SmartScreen security feature on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of executables in the user's Startup folder. When automatically launchin... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49740 • CWE-693: Protection Mechanism Failure •