CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-9491 – Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-9491
26 Aug 2025 — Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of .LNK files. Crafted data in an .LNK file can cause hazardous content in the file to be invisible to a user who inspects the file v... • https://www.zerodayinitiative.com/advisories/ZDI-25-148 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 7.6EPSS: 0%CPEs: 9EXPL: 0CVE-2025-55231 – Windows Storage-based Management Service Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-55231
21 Aug 2025 — Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Storage allows an unauthorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55231 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.3EPSS: 0%CPEs: 17EXPL: 0CVE-2025-55229 – Windows Certificate Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2025-55229
21 Aug 2025 — Improper verification of cryptographic signature in Windows Certificates allows an unauthorized attacker to perform spoofing over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55229 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2025-55230 – Windows MBT Transport Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-55230
21 Aug 2025 — Untrusted pointer dereference in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55230 • CWE-822: Untrusted Pointer Dereference •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53795 – Microsoft PC Manager Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-53795
21 Aug 2025 — Improper authorization in Microsoft PC Manager allows an unauthorized attacker to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53795 • CWE-285: Improper Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53763 – Azure Databricks Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-53763
21 Aug 2025 — Improper access control in Azure Databricks allows an unauthorized attacker to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53763 • CWE-284: Improper Access Control •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49736 – Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2025-49736
12 Aug 2025 — The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49736 • CWE-449: The UI Performs the Wrong Action •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-49712 – Microsoft SharePoint Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-49712
12 Aug 2025 — Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49712 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49707 – Azure Virtual Machines Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2025-49707
12 Aug 2025 — Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49707 • CWE-284: Improper Access Control •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49755 – Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2025-49755
12 Aug 2025 — User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49755 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •