CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21355 – Microsoft Bing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-21355
19 Feb 2025 — Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to execute code over a network • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21355 • CWE-306: Missing Authentication for Critical Function •
CVSS: 4.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21401 – Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2025-21401
14 Feb 2025 — Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21401 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.8EPSS: 3%CPEs: 3EXPL: 0CVE-2025-25199 – BCryptGenerateSymmetricKey memory leak
https://notcve.org/view.php?id=CVE-2025-25199
12 Feb 2025 — go-crypto-winnative Go crypto backend for Windows using Cryptography API: Next Generation (CNG). Prior to commit f49c8e1379ea4b147d5bff1b3be5b0ff45792e41, calls to `cng.TLS1PRF` don't release the key handle, producing a small memory leak every time. Commit f49c8e1379ea4b147d5bff1b3be5b0ff45792e41 contains a fix for the issue. The fix is included in versions 1.23.6-2 and 1.22.12-2 of the Microsoft build of go, as well as in the pseudoversion 0.0.0-20250211154640-f49c8e1379ea of the `github.com/microsoft/go-c... • https://github.com/microsoft/go-crypto-winnative/commit/f49c8e1379ea4b147d5bff1b3be5b0ff45792e41 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24042 – Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-24042
11 Feb 2025 — Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24042 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2025-21373 – Windows Installer Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-21373
11 Feb 2025 — Windows Installer Elevation of Privilege Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Windows Installer service. By creating a symbolic link, an attacker can abuse the service to delete arbitrary files. An attacker can leverage this vulnerability to escalate p... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21373 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.0EPSS: 0%CPEs: 17EXPL: 0CVE-2025-21414 – Windows Core Messaging Elevation of Privileges Vulnerability
https://notcve.org/view.php?id=CVE-2025-21414
11 Feb 2025 — Windows Core Messaging Elevation of Privileges Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21414 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21322 – Microsoft PC Manager Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-21322
11 Feb 2025 — Microsoft PC Manager Elevation of Privilege Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21322 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2025-21254 – Internet Connection Sharing (ICS) Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2025-21254
11 Feb 2025 — Internet Connection Sharing (ICS) Denial of Service Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21254 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2025-21216 – Internet Connection Sharing (ICS) Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2025-21216
11 Feb 2025 — Internet Connection Sharing (ICS) Denial of Service Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21216 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2025-21212 – Internet Connection Sharing (ICS) Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2025-21212
11 Feb 2025 — Internet Connection Sharing (ICS) Denial of Service Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21212 • CWE-125: Out-of-bounds Read •