Microsoft CVEs - Gilliam Security

CVE-2025-21199 Azure Agent Installer for Backup and Site Recovery Elevation of Privilege Vulnerability
Published on: 2025-04-25 07:00:00
Link: View Details
Updated acknowledgment. This is an informational change only.

CVE-2025-24054 NTLM Hash Disclosure Spoofing Vulnerability
Published on: 2025-04-25 07:00:00
Link: View Details
Added an acknowledgement. This is an informational change only.

CVE-2025-25000 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Published on: 2025-04-18 07:00:00
Link: View Details
Corrected Build Number in the Security Updates table. This is an informational change only.

CVE-2025-27747 Microsoft Word Remote Code Execution Vulnerability
Published on: 2025-04-17 07:00:00
Link: View Details
Updated acknowledgment. This is an informational change only.

CVE-2025-27729 Windows Shell Remote Code Execution Vulnerability
Published on: 2025-04-17 07:00:00
Link: View Details
Updated acknowledgment. This is an informational change only.

Chromium: CVE-2025-3620 Use after free in USB
Published on: 2025-04-17 21:43:04
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.

Chromium: CVE-2025-3619 Heap buffer overflow in Codecs
Published on: 2025-04-17 21:42:59
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.

CVE-2024-21302 Windows Secure Kernel Mode Elevation of Privilege Vulnerability
Published on: 2025-04-15 07:00:00
Link: View Details
To comprehensively address CVE-2024-21302, Microsoft has released April 2025 security updates for all supported editions of Windows. Microsoft recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.

CVE-2025-27745 Microsoft Office Remote Code Execution Vulnerability
Published on: 2025-04-15 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.

CVE-2025-27746 Microsoft Office Remote Code Execution Vulnerability
Published on: 2025-04-15 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.

CVE-2025-27748 Microsoft Office Remote Code Execution Vulnerability
Published on: 2025-04-15 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.

CVE-2025-27747 Microsoft Word Remote Code Execution Vulnerability
Published on: 2025-04-15 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.

CVE-2025-27749 Microsoft Office Remote Code Execution Vulnerability
Published on: 2025-04-15 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.

CVE-2025-27751 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2025-04-15 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.

CVE-2025-27752 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2025-04-15 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.

CVE-2025-27750 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2025-04-15 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.

CVE-2025-29791 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2025-04-15 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.

CVE-2025-29820 Microsoft Word Remote Code Execution Vulnerability
Published on: 2025-04-15 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.

CVE-2025-29822 Microsoft OneNote Security Feature Bypass Vulnerability
Published on: 2025-04-15 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.

CVE-2025-29817 Microsoft Power Automate Desktop Information Disclosure Vulnerability
Published on: 2025-04-15 07:00:00
Link: View Details
Uncontrolled search path element in Power Automate allows an authorized attacker to disclose information over a network.

CVE-2025-26642 Microsoft Office Remote Code Execution Vulnerability
Published on: 2025-04-15 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.

CVE-2025-29816 Microsoft Word Security Feature Bypass Vulnerability
Published on: 2025-04-15 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.

CVE-2025-21174 Windows Standards-Based Storage Management Service Denial of Service Vulnerability
Published on: 2025-04-11 07:00:00
Link: View Details
Acknowledgement added. This is an informational change only.

CVE-2025-26663 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
Published on: 2025-04-09 07:00:00
Link: View Details
The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.

CVE-2025-26665 Windows upnphost.dll Elevation of Privilege Vulnerability
Published on: 2025-04-09 07:00:00
Link: View Details
The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.

CVE-2025-26669 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Published on: 2025-04-09 07:00:00
Link: View Details
The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.

CVE-2025-26668 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Published on: 2025-04-09 07:00:00
Link: View Details
The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.

CVE-2025-26686 Windows TCP/IP Remote Code Execution Vulnerability
Published on: 2025-04-09 07:00:00
Link: View Details
The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.

CVE-2025-26687 Win32k Elevation of Privilege Vulnerability
Published on: 2025-04-09 07:00:00
Link: View Details
The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.

CVE-2025-26688 Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability
Published on: 2025-04-09 07:00:00
Link: View Details
The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.

CVE-2025-27471 Microsoft Streaming Service Denial of Service Vulnerability
Published on: 2025-04-09 07:00:00
Link: View Details
The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.

CVE-2025-27473 HTTP.sys Denial of Service Vulnerability
Published on: 2025-04-09 07:00:00
Link: View Details
The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.

CVE-2025-27472 Windows Mark of the Web Security Feature Bypass Vulnerability
Published on: 2025-04-09 07:00:00
Link: View Details
The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.

CVE-2025-27477 Windows Telephony Service Remote Code Execution Vulnerability
Published on: 2025-04-09 07:00:00
Link: View Details
The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.

CVE-2025-27478 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability
Published on: 2025-04-09 07:00:00
Link: View Details
The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.

CVE-2025-27741 NTFS Elevation of Privilege Vulnerability
Published on: 2025-04-09 07:00:00
Link: View Details
The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.

CVE-2025-27742 NTFS Information Disclosure Vulnerability
Published on: 2025-04-09 07:00:00
Link: View Details
The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.

CVE-2025-29824 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Published on: 2025-04-09 07:00:00
Link: View Details
The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.

CVE-2025-24073 Microsoft DWM Core Library Elevation of Privilege Vulnerability
Published on: 2025-04-09 07:00:00
Link: View Details
The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.

CVE-2025-21197 Windows NTFS Information Disclosure Vulnerability
Published on: 2025-04-09 07:00:00
Link: View Details
The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.

CVE-2025-21191 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability
Published on: 2025-04-09 07:00:00
Link: View Details
The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.

CVE-2025-21205 Windows Telephony Service Remote Code Execution Vulnerability
Published on: 2025-04-09 07:00:00
Link: View Details
The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.

CVE-2025-21204 Windows Process Activation Elevation of Privilege Vulnerability
Published on: 2025-04-09 07:00:00
Link: View Details
The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.

CVE-2025-21221 Windows Telephony Service Remote Code Execution Vulnerability
Published on: 2025-04-09 07:00:00
Link: View Details
The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.

CVE-2025-21222 Windows Telephony Service Remote Code Execution Vulnerability
Published on: 2025-04-09 07:00:00
Link: View Details
The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.

CVE-2025-26637 BitLocker Security Feature Bypass Vulnerability
Published on: 2025-04-09 07:00:00
Link: View Details
The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.

CVE-2025-26641 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
Published on: 2025-04-09 07:00:00
Link: View Details
The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.

CVE-2025-26648 Windows Kernel Elevation of Privilege Vulnerability
Published on: 2025-04-09 07:00:00
Link: View Details
The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.

CVE-2025-26670 Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability
Published on: 2025-04-09 07:00:00
Link: View Details
The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.

CVE-2025-26672 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Published on: 2025-04-09 07:00:00
Link: View Details
The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.

CVE-2025-26673 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
Published on: 2025-04-09 07:00:00
Link: View Details
The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.

CVE-2025-26679 RPC Endpoint Mapper Service Elevation of Privilege Vulnerability
Published on: 2025-04-09 07:00:00
Link: View Details
The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.

CVE-2025-27469 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
Published on: 2025-04-09 07:00:00
Link: View Details
The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.

CVE-2025-27484 Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability
Published on: 2025-04-09 07:00:00
Link: View Details
The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.

CVE-2025-27481 Windows Telephony Service Remote Code Execution Vulnerability
Published on: 2025-04-09 07:00:00
Link: View Details
The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.

CVE-2025-27483 NTFS Elevation of Privilege Vulnerability
Published on: 2025-04-09 07:00:00
Link: View Details
The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.

CVE-2025-27487 Remote Desktop Client Remote Code Execution Vulnerability
Published on: 2025-04-09 07:00:00
Link: View Details
The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.

CVE-2025-27489 Azure Local Elevation of Privilege Vulnerability
Published on: 2025-04-09 07:00:00
Link: View Details
The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.

CVE-2025-27491 Windows Hyper-V Remote Code Execution Vulnerability
Published on: 2025-04-09 07:00:00
Link: View Details
The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.

CVE-2025-27727 Windows Installer Elevation of Privilege Vulnerability
Published on: 2025-04-09 07:00:00
Link: View Details
The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.

CVE-2025-27733 NTFS Elevation of Privilege Vulnerability
Published on: 2025-04-09 07:00:00
Link: View Details
The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.

CVE-2025-27735 Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability
Published on: 2025-04-09 07:00:00
Link: View Details
The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.

CVE-2025-27737 Windows Security Zone Mapping Security Feature Bypass Vulnerability
Published on: 2025-04-09 07:00:00
Link: View Details
The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.

CVE-2025-27738 Windows Resilient File System (ReFS) Information Disclosure Vulnerability
Published on: 2025-04-09 07:00:00
Link: View Details
The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.

CVE-2025-29809 Windows Kerberos Security Feature Bypass Vulnerability
Published on: 2025-04-09 07:00:00
Link: View Details
The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.

CVE-2025-29810 Active Directory Domain Services Elevation of Privilege Vulnerability
Published on: 2025-04-09 07:00:00
Link: View Details
The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.

CVE-2025-26663 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network.

CVE-2025-26664 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

CVE-2025-26665 Windows upnphost.dll Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Sensitive data storage in improperly locked memory in Windows upnphost.dll allows an authorized attacker to elevate privileges locally.

CVE-2025-26666 Windows Media Remote Code Execution Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally.

CVE-2025-26669 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

CVE-2025-26667 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

CVE-2025-26668 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

CVE-2025-26681 Win32k Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

CVE-2025-26680 Windows Standards-Based Storage Management Service Denial of Service Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.

CVE-2025-26686 Windows TCP/IP Remote Code Execution Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Sensitive data storage in improperly locked memory in Windows TCP/IP allows an unauthorized attacker to execute code over a network.

CVE-2025-26687 Win32k Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network.

CVE-2025-26688 Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Stack-based buffer overflow in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally.

CVE-2025-27471 Microsoft Streaming Service Denial of Service Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Sensitive data storage in improperly locked memory in Microsoft Streaming Service allows an unauthorized attacker to deny service over a network.

CVE-2025-27470 Windows Standards-Based Storage Management Service Denial of Service Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.

CVE-2025-27473 HTTP.sys Denial of Service Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Uncontrolled resource consumption in Windows HTTP.sys allows an unauthorized attacker to deny service over a network.

CVE-2025-27472 Windows Mark of the Web Security Feature Bypass Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network.

CVE-2025-27474 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

CVE-2025-27476 Windows Digital Media Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.

CVE-2025-27475 Windows Update Stack Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Sensitive data storage in improperly locked memory in Windows Update Stack allows an authorized attacker to elevate privileges locally.

CVE-2025-27477 Windows Telephony Service Remote Code Execution Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.

CVE-2025-27478 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally.

CVE-2025-27479 Kerberos Key Distribution Proxy Service Denial of Service Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Insufficient resource pool in Windows Kerberos allows an unauthorized attacker to deny service over a network.

CVE-2025-27740 Active Directory Certificate Services Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Weak authentication in Windows Active Directory Certificate Services allows an authorized attacker to elevate privileges over a network.

CVE-2025-27741 NTFS Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.

CVE-2025-27744 Microsoft Office Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Improper access control in Microsoft Office allows an authorized attacker to elevate privileges locally.

CVE-2025-27742 NTFS Information Disclosure Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Out-of-bounds read in Windows NTFS allows an unauthorized attacker to disclose information locally.

CVE-2025-27745 Microsoft Office Remote Code Execution Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2025-27746 Microsoft Office Remote Code Execution Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2025-27748 Microsoft Office Remote Code Execution Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2025-27747 Microsoft Word Remote Code Execution Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2025-27749 Microsoft Office Remote Code Execution Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2025-27743 Microsoft System Center Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Untrusted search path in System Center allows an authorized attacker to elevate privileges locally.

CVE-2025-27751 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-27752 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-27750 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-29791 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2025-29793 Microsoft SharePoint Remote Code Execution Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVE-2025-29792 Microsoft Office Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

CVE-2025-29794 Microsoft SharePoint Remote Code Execution Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVE-2025-29821 Microsoft Dynamics Business Central Information Disclosure Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Improper input validation in Dynamics Business Central allows an authorized attacker to disclose information locally.

CVE-2025-29820 Microsoft Word Remote Code Execution Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2025-29822 Microsoft OneNote Security Feature Bypass Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Incomplete list of disallowed inputs in Microsoft Office OneNote allows an unauthorized attacker to bypass a security feature locally.

CVE-2025-29823 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-29824 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

CVE-2025-24074 Microsoft DWM Core Library Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

CVE-2025-24073 Microsoft DWM Core Library Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

CVE-2025-21174 Windows Standards-Based Storage Management Service Denial of Service Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.

CVE-2025-21197 Windows NTFS Information Disclosure Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content.

CVE-2025-21191 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Time-of-check time-of-use (toctou) race condition in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally.

CVE-2025-21205 Windows Telephony Service Remote Code Execution Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.

CVE-2025-21203 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

CVE-2025-21204 Windows Process Activation Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Improper link resolution before file access ('link following') in Windows Update Stack allows an authorized attacker to elevate privileges locally.

CVE-2025-21221 Windows Telephony Service Remote Code Execution Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.

CVE-2025-21222 Windows Telephony Service Remote Code Execution Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.

CVE-2025-24058 Windows DWM Core Library Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

CVE-2025-25002 Azure Local Cluster Information Disclosure Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Insertion of sensitive information into log file in Azure Local Cluster allows an authorized attacker to disclose information over an adjacent network.

CVE-2025-26628 Azure Local Cluster Information Disclosure Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Insufficiently protected credentials in Azure Local Cluster allows an authorized attacker to disclose information locally.

CVE-2025-26639 Windows USB Print Driver Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Integer overflow or wraparound in Windows USB Print Driver allows an authorized attacker to elevate privileges locally.

CVE-2025-26635 Windows Hello Security Feature Bypass Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Weak authentication in Windows Hello allows an authorized attacker to bypass a security feature over a network.

CVE-2025-26637 BitLocker Security Feature Bypass Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

CVE-2025-26642 Microsoft Office Remote Code Execution Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2025-26640 Windows Digital Media Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.

CVE-2025-26641 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Uncontrolled resource consumption in Windows Cryptographic Services allows an unauthorized attacker to deny service over a network.

CVE-2025-26644 Windows Hello Spoofing Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Automated recognition mechanism with inadequate detection or handling of adversarial input perturbations in Windows Hello allows an unauthorized attacker to perform spoofing locally.

CVE-2025-26648 Windows Kernel Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Sensitive data storage in improperly locked memory in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2025-26649 Windows Secure Channel Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally.

CVE-2025-26647 Windows Kerberos Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Improper input validation in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network.

CVE-2025-26651 Windows Local Session Manager (LSM) Denial of Service Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Exposed dangerous method or function in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.

CVE-2025-26652 Windows Standards-Based Storage Management Service Denial of Service Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.

CVE-2025-26670 Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network.

CVE-2025-26671 Windows Remote Desktop Services Remote Code Execution Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.

CVE-2025-26674 Windows Media Remote Code Execution Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally.

CVE-2025-26672 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

CVE-2025-26673 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.

CVE-2025-26675 Windows Subsystem for Linux Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Out-of-bounds read in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.

CVE-2025-26676 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

CVE-2025-26678 Windows Defender Application Control Security Feature Bypass Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Improper access control in Windows Defender Application Control (WDAC) allows an unauthorized attacker to bypass a security feature locally.

CVE-2025-26679 RPC Endpoint Mapper Service Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Use after free in RPC Endpoint Mapper Service allows an authorized attacker to elevate privileges locally.

CVE-2025-27467 Windows Digital Media Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.

CVE-2025-27469 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.

CVE-2025-27485 Windows Standards-Based Storage Management Service Denial of Service Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.

CVE-2025-27484 Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over a network.

CVE-2025-27480 Windows Remote Desktop Services Remote Code Execution Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.

CVE-2025-27481 Windows Telephony Service Remote Code Execution Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Stack-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.

CVE-2025-27482 Windows Remote Desktop Services Remote Code Execution Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.

CVE-2025-27483 NTFS Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.

CVE-2025-27487 Remote Desktop Client Remote Code Execution Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network.

CVE-2025-27489 Azure Local Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Improper input validation in Azure Local allows an authorized attacker to elevate privileges locally.

CVE-2025-27486 Windows Standards-Based Storage Management Service Denial of Service Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.

CVE-2025-27492 Windows Secure Channel Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally.

CVE-2025-27491 Windows Hyper-V Remote Code Execution Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Use after free in Windows Hyper-V allows an authorized attacker to execute code over a network.

CVE-2025-27490 Windows Bluetooth Service Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.

CVE-2025-27727 Windows Installer Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally.

CVE-2025-27729 Windows Shell Remote Code Execution Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Use after free in Windows Shell allows an unauthorized attacker to execute code locally.

CVE-2025-27728 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Out-of-bounds read in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.

CVE-2025-27731 Microsoft OpenSSH for Windows Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Improper input validation in OpenSSH for Windows allows an authorized attacker to elevate privileges locally.

CVE-2025-27730 Windows Digital Media Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.

CVE-2025-27732 Windows Graphics Component Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Sensitive data storage in improperly locked memory in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

CVE-2025-27733 NTFS Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.

CVE-2025-27735 Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Insufficient verification of data authenticity in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.

CVE-2025-27736 Windows Power Dependency Coordinator Information Disclosure Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Windows Power Dependency Coordinator allows an authorized attacker to disclose information locally.

CVE-2025-27737 Windows Security Zone Mapping Security Feature Bypass Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Improper input validation in Windows Security Zone Mapping allows an unauthorized attacker to bypass a security feature locally.

CVE-2025-27738 Windows Resilient File System (ReFS) Information Disclosure Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network.

CVE-2025-27739 Windows Kernel Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2025-29803 Visual Studio Tools for Applications and SQL Server Management Studio Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally.

CVE-2025-29800 Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Improper privilege management in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.

CVE-2025-29802 Visual Studio Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.

CVE-2025-29801 Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Incorrect default permissions in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.

CVE-2025-29804 Visual Studio Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.

CVE-2025-29809 Windows Kerberos Security Feature Bypass Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally.

CVE-2025-29808 Windows Cryptographic Services Information Disclosure Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.

CVE-2025-29805 Outlook for Android Information Disclosure Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Outlook for Android allows an unauthorized attacker to disclose information over a network.

CVE-2025-29810 Active Directory Domain Services Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network.

CVE-2025-29812 DirectX Graphics Kernel Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Untrusted pointer dereference in Windows Kernel Memory allows an authorized attacker to elevate privileges locally.

CVE-2025-29816 Microsoft Word Security Feature Bypass Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Improper input validation in Microsoft Office Word allows an unauthorized attacker to bypass a security feature over a network.

CVE-2025-29819 Windows Admin Center in Azure Portal Information Disclosure Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose information locally.

CVE-2025-29811 Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Improper input validation in Windows Mobile Broadband allows an authorized attacker to elevate privileges locally.

CVE-2025-20570 Visual Studio Code Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Improper access control in Visual Studio Code allows an authorized attacker to elevate privileges locally.

CVE-2025-24060 Microsoft DWM Core Library Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

CVE-2025-24062 Microsoft DWM Core Library Elevation of Privilege Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

CVE-2025-26682 ASP.NET Core and Visual Studio Denial of Service Vulnerability
Published on: 2025-04-08 07:00:00
Link: View Details
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.

ADV990001 Latest Servicing Stack Updates
Published on: 2025-04-08 07:00:00
Link: View Details
Advisory updated to announce new versions of Servicing Stack Updates are available. Please see the FAQ for details.

CVE-2025-25000 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Published on: 2025-04-03 07:00:00
Link: View Details
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2025-25001 Microsoft Edge for iOS Spoofing Vulnerability
Published on: 2025-04-03 07:00:00
Link: View Details
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Chromium: CVE-2025-3074 Inappropriate implementation in Downloads
Published on: 2025-04-03 17:47:35
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

Chromium: CVE-2025-3072 Inappropriate implementation in Custom Tabs
Published on: 2025-04-03 17:47:31
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

Chromium: CVE-2025-3071 Inappropriate implementation in Navigations
Published on: 2025-04-03 17:47:28
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

Chromium: CVE-2025-3070 Insufficient validation of untrusted input in Extensions
Published on: 2025-04-03 17:47:26
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

Chromium: CVE-2025-3069 Inappropriate implementation in Extensions
Published on: 2025-04-03 17:47:24
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

Chromium: CVE-2025-3068 Inappropriate implementation in Intents
Published on: 2025-04-03 17:47:22
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

Chromium: CVE-2025-3067 Inappropriate implementation in Custom Tabs
Published on: 2025-04-03 17:47:20
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

CVE-2025-29815 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Published on: 2025-04-03 07:00:00
Link: View Details
Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network.

Chromium: CVE-2025-3073 Inappropriate implementation in Autofill
Published on: 2025-04-03 17:47:33
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

Chromium: CVE-2025-3066 Use after free in Navigations
Published on: 2025-04-03 17:47:15
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

CVE-2025-29796 Microsoft Edge for iOS Spoofing Vulnerability
Published on: 2025-04-03 07:00:00
Link: View Details
User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network.

CVE-2025-24071 Microsoft Windows File Explorer Spoofing Vulnerability
Published on: 2025-04-03 07:00:00
Link: View Details
Added an FAQ and updated the CVSS score. This is an informational change only.

CVE-2025-29806 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Published on: 2025-04-02 07:00:00
Link: View Details
Updated CWE value. This is an informational change only.

CVE-2025-21336 Windows Cryptographic Information Disclosure Vulnerability
Published on: 2025-04-02 07:00:00
Link: View Details
Updated CWE value. This is an informational change only.

CVE-2025-26683 Azure Playwright Elevation of Privilege Vulnerability
Published on: 2025-03-31 07:00:00
Link: View Details
Improper authorization in Azure Playwright allows an unauthorized attacker to elevate privileges over a network.

Chromium: CVE-2025-2783 Incorrect handle provided in unspecified circumstances in Mojo on Windows
Published on: 2025-03-26 21:55:19
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.