CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2025-49732 – Windows Graphics Component Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-49732
08 Jul 2025 — Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32kfull driver. The issue results from the lack of proper validation of user-supplied data, which can resu... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49732 • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 0CVE-2025-49740 – Windows SmartScreen Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2025-49740
08 Jul 2025 — Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network. This vulnerability allows remote attackers to bypass the SmartScreen security feature on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of executables in the user's Startup folder. When automatically launchin... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49740 • CWE-693: Protection Mechanism Failure •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2025-49742 – Windows Graphics Component Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-49742
08 Jul 2025 — Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally. This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32kfull driver. The issue results from the lack of proper validation of user-supplied data, which can result... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49742 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 9.0EPSS: 0%CPEs: 26EXPL: 4CVE-2025-33073 – Windows SMB Client Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-33073
10 Jun 2025 — Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network. • https://packetstorm.news/files/id/200901 • CWE-284: Improper Access Control •
CVSS: 8.1EPSS: 0%CPEs: 23EXPL: 0CVE-2025-33070 – Windows Netlogon Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-33070
10 Jun 2025 — Use of uninitialized resource in Windows Netlogon allows an unauthorized attacker to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33070 • CWE-908: Use of Uninitialized Resource •
CVSS: 6.8EPSS: 0%CPEs: 26EXPL: 0CVE-2025-33057 – Windows Local Security Authority (LSA) Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2025-33057
10 Jun 2025 — Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33057 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2025-33056 – Windows Local Security Authority (LSA) Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2025-33056
10 Jun 2025 — Improper access control in Microsoft Local Security Authority Server (lsasrv) allows an unauthorized attacker to deny service over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33056 • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 0CVE-2025-33055 – Windows Storage Management Provider Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-33055
10 Jun 2025 — Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33055 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 16%CPEs: 26EXPL: 4CVE-2025-33053 – Microsoft Windows External Control of File Name or Path Vulnerability
https://notcve.org/view.php?id=CVE-2025-33053
10 Jun 2025 — External control of file name or path in WebDAV allows an unauthorized attacker to execute code over a network. External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network. Microsoft Windows contains an external control of file name or path vulnerability that could allow an attacker to execute code from a remote WebDAV location specified by the WorkingDirectory attribute of Internet Shortcut files. • https://packetstorm.news/files/id/200915 • CWE-73: External Control of File Name or Path •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2025-33052 – Windows DWM Core Library Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-33052
10 Jun 2025 — Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose information locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33052 • CWE-908: Use of Uninitialized Resource •