Page 8 of 772 results (0.003 seconds)

CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0

08 Jul 2025 — Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32kfull driver. The issue results from the lack of proper validation of user-supplied data, which can resu... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49732 • CWE-122: Heap-based Buffer Overflow •

CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 0

08 Jul 2025 — Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network. This vulnerability allows remote attackers to bypass the SmartScreen security feature on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of executables in the user's Startup folder. When automatically launchin... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49740 • CWE-693: Protection Mechanism Failure •

CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0

08 Jul 2025 — Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally. This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32kfull driver. The issue results from the lack of proper validation of user-supplied data, which can result... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49742 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •

CVSS: 9.0EPSS: 0%CPEs: 26EXPL: 4

10 Jun 2025 — Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network. • https://packetstorm.news/files/id/200901 • CWE-284: Improper Access Control •

CVSS: 8.1EPSS: 0%CPEs: 23EXPL: 0

10 Jun 2025 — Use of uninitialized resource in Windows Netlogon allows an unauthorized attacker to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33070 • CWE-908: Use of Uninitialized Resource •

CVSS: 6.8EPSS: 0%CPEs: 26EXPL: 0

10 Jun 2025 — Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33057 • CWE-476: NULL Pointer Dereference •

CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0

10 Jun 2025 — Improper access control in Microsoft Local Security Authority Server (lsasrv) allows an unauthorized attacker to deny service over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33056 • CWE-284: Improper Access Control •

CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 0

10 Jun 2025 — Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33055 • CWE-125: Out-of-bounds Read •

CVSS: 10.0EPSS: 16%CPEs: 26EXPL: 4

10 Jun 2025 — External control of file name or path in WebDAV allows an unauthorized attacker to execute code over a network. External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network. Microsoft Windows contains an external control of file name or path vulnerability that could allow an attacker to execute code from a remote WebDAV location specified by the WorkingDirectory attribute of Internet Shortcut files. • https://packetstorm.news/files/id/200915 • CWE-73: External Control of File Name or Path •

CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0

10 Jun 2025 — Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose information locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33052 • CWE-908: Use of Uninitialized Resource •