Total
1181 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-58726 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2025-11-07 | N/A | 7.5 HIGH |
| Improper access control in Windows SMB Server allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2025-58739 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2025-11-06 | N/A | 6.5 MEDIUM |
| Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2025-58728 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-11-06 | N/A | 7.8 HIGH |
| Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-58727 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 5 more | 2025-11-06 | N/A | 7.0 HIGH |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-9491 | 1 Microsoft | 1 Windows 11 23h2 | 2025-11-05 | N/A | 7.8 HIGH |
| Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of .LNK files. Crafted data in an .LNK file can cause hazardous content in the file to be invisible to a user who inspects the file via the Windows-provided user interface. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25373. | |||||
| CVE-2025-59185 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-11-05 | N/A | 6.5 MEDIUM |
| External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2025-59187 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2025-11-05 | N/A | 7.8 HIGH |
| Improper input validation in Windows Kernel allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-47827 | 2 Igel, Microsoft | 16 Igel Os, Windows 10 1507, Windows 10 1607 and 13 more | 2025-11-05 | N/A | 4.6 MEDIUM |
| In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image. | |||||
| CVE-2024-20696 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-11-03 | N/A | 7.3 HIGH |
| Windows libarchive Remote Code Execution Vulnerability | |||||
| CVE-2025-21333 | 1 Microsoft | 7 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 4 more | 2025-11-03 | N/A | 7.8 HIGH |
| Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability | |||||
| CVE-2025-59193 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 8 more | 2025-10-31 | N/A | 7.0 HIGH |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-55699 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-10-31 | N/A | 5.5 MEDIUM |
| Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally. | |||||
| CVE-2025-55700 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2025-10-31 | N/A | 6.5 MEDIUM |
| Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2025-55701 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2025-10-31 | N/A | 7.8 HIGH |
| Improper validation of specified type of input in Microsoft Windows allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-58714 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2025-10-31 | N/A | 7.8 HIGH |
| Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-58715 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-10-31 | N/A | 8.8 HIGH |
| Integer overflow or wraparound in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-58716 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-10-31 | N/A | 8.8 HIGH |
| Improper input validation in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-58717 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2025-10-31 | N/A | 6.5 MEDIUM |
| Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2025-58718 | 1 Microsoft | 18 Remote Desktop Client, Windows 10 1507, Windows 10 1607 and 15 more | 2025-10-31 | N/A | 8.8 HIGH |
| Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-55689 | 1 Microsoft | 9 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 6 more | 2025-10-30 | N/A | 7.0 HIGH |
| Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. | |||||