15316 results (0.007 seconds)

CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0

08 Apr 2025 — Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24062 • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0

08 Apr 2025 — Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24060 • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0

08 Apr 2025 — Improper input validation in Windows Mobile Broadband allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29811 • CWE-20: Improper Input Validation CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •

CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0

08 Apr 2025 — External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose information locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29819 • CWE-73: External Control of File Name or Path •

CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0

08 Apr 2025 — Untrusted pointer dereference in Windows Kernel Memory allows an authorized attacker to elevate privileges locally. This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the dxkrnl.sys driver. The issue results from the lack of proper validation of a user-supplied value prior to derefer... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29812 • CWE-822: Untrusted Pointer Dereference •

CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0

08 Apr 2025 — Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29810 • CWE-284: Improper Access Control •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

08 Apr 2025 — Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29808 • CWE-1240: Use of a Cryptographic Primitive with a Risky Implementation •

CVSS: 7.1EPSS: 0%CPEs: 17EXPL: 0

08 Apr 2025 — Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29809 • CWE-922: Insecure Storage of Sensitive Information •

CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0

08 Apr 2025 — Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27739 • CWE-822: Untrusted Pointer Dereference •

CVSS: 6.8EPSS: 0%CPEs: 21EXPL: 0

08 Apr 2025 — Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27738 • CWE-284: Improper Access Control •