Total
149 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-54331 | 2025-11-04 | N/A | 5.3 MEDIUM | ||
| An issue was discovered in NPU in Samsung Mobile Processor Exynos through July 2025. There is an Untrusted Pointer Dereference of src_hdr in the copy_ncp_header function. | |||||
| CVE-2024-36461 | 1 Zabbix | 1 Zabbix | 2025-11-03 | N/A | 9.1 CRITICAL |
| Within Zabbix, users have the ability to directly modify memory pointers in the JavaScript engine. | |||||
| CVE-2023-42772 | 2025-11-03 | N/A | 8.2 HIGH | ||
| Untrusted pointer dereference in UEFI firmware for some Intel(R) reference processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-55696 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 8 more | 2025-10-30 | N/A | 7.8 HIGH |
| Time-of-check time-of-use (toctou) race condition in NtQueryInformation Token function (ntifs.h) allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2024-21338 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-10-28 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2024-35250 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-10-28 | N/A | 7.8 HIGH |
| Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | |||||
| CVE-2023-36033 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-10-28 | N/A | 7.8 HIGH |
| Windows DWM Core Library Elevation of Privilege Vulnerability | |||||
| CVE-2023-29360 | 1 Microsoft | 9 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 6 more | 2025-10-28 | N/A | 8.4 HIGH |
| Microsoft Streaming Service Elevation of Privilege Vulnerability | |||||
| CVE-2025-24990 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2025-10-27 | N/A | 7.8 HIGH |
| Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update. Fax modem hardware dependent on this specific driver will no longer work on Windows. Microsoft recommends removing any existing dependencies on this hardware. | |||||
| CVE-2025-55677 | 1 Microsoft | 3 Windows 11 24h2, Windows 11 25h2, Windows Server 2025 | 2025-10-24 | N/A | 7.8 HIGH |
| Untrusted pointer dereference in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-55681 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 8 more | 2025-10-24 | N/A | 7.0 HIGH |
| Out-of-bounds read in Windows DWM allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-27060 | 1 Qualcomm | 50 Immersive Home 214 Platform, Immersive Home 214 Platform Firmware, Immersive Home 216 Platform and 47 more | 2025-10-21 | N/A | 8.8 HIGH |
| Memory corruption while performing SCM call with malformed inputs. | |||||
| CVE-2025-59207 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 8 more | 2025-10-17 | N/A | 7.8 HIGH |
| Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-59187 | 2025-10-14 | N/A | 7.8 HIGH | ||
| Improper input validation in Windows Kernel allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-47338 | 2025-10-09 | N/A | 7.8 HIGH | ||
| Memory corruption while processing escape commands from userspace. | |||||
| CVE-2025-27048 | 2025-10-09 | N/A | 7.8 HIGH | ||
| Memory corruption while processing camera platform driver IOCTL calls. | |||||
| CVE-2025-53801 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2025-10-02 | N/A | 7.8 HIGH |
| Untrusted pointer dereference in Windows DWM allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-54114 | 1 Microsoft | 10 Windows 10 1607, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-10-02 | N/A | 7.0 HIGH |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to deny service locally. | |||||
| CVE-2025-1255 | 1 Rti | 1 Connext Professional | 2025-10-02 | N/A | 9.1 CRITICAL |
| Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.2.0 before 7.3.0.9. | |||||
| CVE-2025-4993 | 1 Rti | 1 Connext Professional | 2025-10-01 | N/A | 9.1 CRITICAL |
| Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.10, from 6.1.0 before 6.1.2.27, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*. | |||||