CVSS: 6.5EPSS: 13%CPEs: 23EXPL: 3CVE-2025-24054 – Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2025-24054
11 Mar 2025 — External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network. It took 7 years, but Microsoft finally realized a vulnerability was severe enough to be addressed and it was not until other researchers also reported it, that the original researcher finally got credited after pointing it out. Microsoft Windows NTLM contains an external control of file name or path vulnerability that allows an unauthorized attacker to perform spoofing over a network. • https://github.com/xigney/CVE-2025-24054_PoC • CWE-73: External Control of File Name or Path •
CVSS: 10.0EPSS: 0%CPEs: 26EXPL: 0CVE-2025-24051 – Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-24051
11 Mar 2025 — Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24051 • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.1EPSS: 0%CPEs: 12EXPL: 0CVE-2025-24045 – Windows Remote Desktop Services Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-24045
11 Mar 2025 — Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24045 • CWE-591: Sensitive Data Storage in Improperly Locked Memory •
CVSS: 5.0EPSS: 0%CPEs: 26EXPL: 0CVE-2025-21247 – MapUrlToZone Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2025-21247
11 Mar 2025 — Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21247 • CWE-41: Improper Resolution of Path Equivalence •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0CVE-2025-24996 – NTLM Hash Disclosure Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2025-24996
11 Mar 2025 — External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24996 • CWE-73: External Control of File Name or Path •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2025-21180 – Windows exFAT File System Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-21180
11 Mar 2025 — Heap-based buffer overflow in Windows exFAT File System allows an unauthorized attacker to execute code locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21180 • CWE-122: Heap-based Buffer Overflow •
CVSS: 6.8EPSS: 0%CPEs: 26EXPL: 0CVE-2025-24988 – Windows USB Video Class System Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-24988
11 Mar 2025 — Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24988 • CWE-125: Out-of-bounds Read •
CVSS: 6.8EPSS: 0%CPEs: 26EXPL: 0CVE-2025-24987 – Windows USB Video Class System Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-24987
11 Mar 2025 — Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24987 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2025-24044 – Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-24044
11 Mar 2025 — Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24044 • CWE-416: Use After Free •
CVSS: 8.1EPSS: 0%CPEs: 26EXPL: 0CVE-2025-24035 – Windows Remote Desktop Services Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-24035
11 Mar 2025 — Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24035 • CWE-591: Sensitive Data Storage in Improperly Locked Memory •