Detections
Analytics

Newest CVEs

IDDescriptionSeverity
CVE-2025-26679Use after free in RPC Endpoint Mapper Service allows an authorized attacker to elevate privileges locally.
high
CVE-2025-26678Improper access control in Windows Defender Application Control (WDAC) allows an unauthorized attacker to bypass a security feature locally.
high
CVE-2025-26676Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
medium
CVE-2025-26675Out-of-bounds read in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.
high
CVE-2025-26674Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally.
high
CVE-2025-26673Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.
high
CVE-2025-26672Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
medium
CVE-2025-26671Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
high
CVE-2025-26670Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network.
high
CVE-2025-26669Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
high
CVE-2025-26668Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
high
CVE-2025-26667Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
medium
CVE-2025-26666Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally.
high
CVE-2025-26665Sensitive data storage in improperly locked memory in Windows upnphost.dll allows an authorized attacker to elevate privileges locally.
high
CVE-2025-26664Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
medium
CVE-2025-26663Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network.
high
CVE-2025-26652Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
high
CVE-2025-26651Exposed dangerous method or function in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.
medium
CVE-2025-26649Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally.
high
CVE-2025-26648Sensitive data storage in improperly locked memory in Windows Kernel allows an authorized attacker to elevate privileges locally.
high
CVE-2025-26647Improper input validation in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network.
high
CVE-2025-26644Automated recognition mechanism with inadequate detection or handling of adversarial input perturbations in Windows Hello allows an unauthorized attacker to perform spoofing locally.
medium
CVE-2025-26642Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.
high
CVE-2025-26641Uncontrolled resource consumption in Windows Cryptographic Services allows an unauthorized attacker to deny service over a network.
high
CVE-2025-26640Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.
high
CVE-2025-26639Integer overflow or wraparound in Windows USB Print Driver allows an authorized attacker to elevate privileges locally.
high
CVE-2025-26637Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
medium
CVE-2025-26635Weak authentication in Windows Hello allows an authorized attacker to bypass a security feature over a network.
medium
CVE-2025-26628Insufficiently protected credentials in Azure Local Cluster allows an authorized attacker to disclose information locally.
high
CVE-2025-25002Insertion of sensitive information into log file in Azure Local Cluster allows an authorized attacker to disclose information over an adjacent network.
medium
CVE-2025-24074Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
high
CVE-2025-24073Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
high
CVE-2025-24062Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
high
CVE-2025-24060Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
high
CVE-2025-24058Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
high
CVE-2025-21222Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
high
CVE-2025-21221Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
high
CVE-2025-21205Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
high
CVE-2025-21204Improper link resolution before file access ('link following') in Windows Update Stack allows an authorized attacker to elevate privileges locally.
high
CVE-2025-21203Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
medium
CVE-2025-21197Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content.
medium
CVE-2025-21191Time-of-check time-of-use (toctou) race condition in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally.
high
CVE-2025-21174Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
high
CVE-2025-32279Missing Authorization vulnerability in Shahjada Live Forms. This issue affects Live Forms: from n/a through 4.8.5.
medium
CVE-2025-32211Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Broadstreet Broadstreet allows Stored XSS. This issue affects Broadstreet: from n/a through 1.51.2.
medium
CVE-2025-32164Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in maennchen1.de m1.DownloadList. This issue affects m1.DownloadList: from n/a through 0.21.
medium
CVE-2025-32117Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Widgetize Pages Light allows Reflected XSS. This issue affects Widgetize Pages Light: from n/a through 3.0.
high
CVE-2025-30671Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.
medium
CVE-2025-30670Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.
medium
CVE-2025-27443Insecure default variable initialization in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a loss of integrity via local access.
low