Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows
Subscriptions
Total
8998 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-55224 | 1 Microsoft | 21 Hyper-v, Windows, Windows 10 and 18 more | 2025-11-20 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally. | ||||
| CVE-2025-54917 | 1 Microsoft | 28 Windows, Windows 10, Windows 10 1507 and 25 more | 2025-11-20 | 4.3 Medium |
| Protection mechanism failure in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. | ||||
| CVE-2025-54912 | 1 Microsoft | 28 Bitlocker, Windows, Windows 10 and 25 more | 2025-11-20 | 7.8 High |
| Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54911 | 1 Microsoft | 28 Bitlocker, Windows, Windows 10 and 25 more | 2025-11-20 | 7.3 High |
| Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54115 | 1 Microsoft | 21 Hyper-v, Windows, Windows 10 and 18 more | 2025-11-20 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54107 | 1 Microsoft | 28 Windows, Windows 10, Windows 10 1507 and 25 more | 2025-11-20 | 4.3 Medium |
| Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. | ||||
| CVE-2025-54103 | 1 Microsoft | 18 Windows, Windows 10, Windows 10 21h2 and 15 more | 2025-11-20 | 7.4 High |
| Use after free in Windows Management Services allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2025-54098 | 1 Microsoft | 27 Windows, Windows 10, Windows 10 1507 and 24 more | 2025-11-20 | 7.8 High |
| Improper access control in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54092 | 1 Microsoft | 21 Hyper-v, Windows, Windows 10 and 18 more | 2025-11-20 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54091 | 1 Microsoft | 26 Hyper-v, Windows, Windows 10 and 23 more | 2025-11-20 | 7.8 High |
| Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-53809 | 1 Microsoft | 6 Windows, Windows 11, Windows 11 24h2 and 3 more | 2025-11-20 | 6.5 Medium |
| Improper input validation in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to deny service over a network. | ||||
| CVE-2025-53805 | 1 Microsoft | 14 Internet Information Services, Windows, Windows 11 and 11 more | 2025-11-20 | 7.5 High |
| Out-of-bounds read in Windows Internet Information Services allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2025-55228 | 1 Microsoft | 18 Windows, Windows 10, Windows 10 21h2 and 15 more | 2025-11-20 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally. | ||||
| CVE-2025-54918 | 1 Microsoft | 28 Windows, Windows 10, Windows 10 1507 and 25 more | 2025-11-20 | 8.8 High |
| Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-54895 | 1 Microsoft | 27 Windows, Windows 10, Windows 10 1507 and 24 more | 2025-11-20 | 7.8 High |
| Integer overflow or wraparound in Windows SPNEGO Extended Negotiation allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54099 | 1 Microsoft | 28 Windows, Windows 10, Windows 10 1507 and 25 more | 2025-11-20 | 7 High |
| Stack-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54097 | 1 Microsoft | 13 Windows, Windows Server, Windows Server 2008 and 10 more | 2025-11-20 | 6.5 Medium |
| Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-49734 | 1 Microsoft | 23 Powershell, Windows, Windows 10 and 20 more | 2025-11-20 | 7 High |
| Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2023-47039 | 3 Microsoft, Perl, Redhat | 3 Windows, Perl, Enterprise Linux | 2025-11-20 | 7.8 High |
| A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permissions, such as `C:\ProgramData`. By doing so, arbitrary code can be executed when an administrator attempts to use this executable from these compromised locations. | ||||
| CVE-2025-13051 | 2 Asustor, Microsoft | 3 Abp, Aes, Windows | 2025-11-20 | N/A |
| When the service of ABP and AES is installed in a directory writable by non-administrative users, an attacker can replace or plant a DLL with the same name as one loaded by the service. Upon service restart, the malicious DLL is loaded and executed under the LocalSystem account, resulting in unauthorized code execution with elevated privileges. This issue affects ABP and AES: from ABP 2.0 through 2.0.7.9050, from AES 1.0 through 1.0.6.8290. | ||||