Full List

Search

Recent Vulnerabilities

• CVE-2025-26647 • published on April 8, 2025 Improper input validation in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network.
• CVE-2025-26649 • published on April 8, 2025 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally.
• CVE-2025-26648 • published on April 8, 2025 Sensitive data storage in improperly locked memory in Windows Kernel allows an authorized attacker to elevate privileges locally.
• CVE-2025-26644 • published on April 8, 2025 Automated recognition mechanism with inadequate detection or handling of adversarial input perturbations in Windows Hello allows an unauthorized attacker to perform spoofing locally.
• CVE-2025-26641 • published on April 8, 2025 Uncontrolled resource consumption in Windows Cryptographic Services allows an unauthorized attacker to deny service over a network.
• CVE-2025-26640 • published on April 8, 2025 Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.
• CVE-2025-26642 • published on April 8, 2025 Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.
• CVE-2025-26637 • published on April 8, 2025 Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
• CVE-2025-26635 • published on April 8, 2025 Weak authentication in Windows Hello allows an authorized attacker to bypass a security feature over a network.
• CVE-2025-26639 • published on April 8, 2025 Integer overflow or wraparound in Windows USB Print Driver allows an authorized attacker to elevate privileges locally.
• CVE-2025-26628 • published on April 8, 2025 Insufficiently protected credentials in Azure Local Cluster allows an authorized attacker to disclose information locally.
• CVE-2025-25002 • published on April 8, 2025 Insertion of sensitive information into log file in Azure Local Cluster allows an authorized attacker to disclose information over an adjacent network.
• CVE-2025-24058 • published on April 8, 2025 Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
• CVE-2025-21222 • published on April 8, 2025 Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
• CVE-2025-21221 • published on April 8, 2025 Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
• CVE-2025-21204 • published on April 8, 2025 Improper link resolution before file access ('link following') in Windows Update Stack allows an authorized attacker to elevate privileges locally.
• CVE-2025-21203 • published on April 8, 2025 Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
• CVE-2025-21205 • published on April 8, 2025 Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
• CVE-2025-21191 • published on April 8, 2025 Time-of-check time-of-use (toctou) race condition in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally.
• CVE-2025-21197 • published on April 8, 2025 Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content.