Total
148 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-55677 | 1 Microsoft | 3 Windows 11 24h2, Windows 11 25h2, Windows Server 2025 | 2025-10-24 | N/A | 7.8 HIGH |
| Untrusted pointer dereference in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-55681 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 8 more | 2025-10-24 | N/A | 7.0 HIGH |
| Out-of-bounds read in Windows DWM allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-24990 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2025-10-21 | N/A | 7.8 HIGH |
| Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update. Fax modem hardware dependent on this specific driver will no longer work on Windows. Microsoft recommends removing any existing dependencies on this hardware. | |||||
| CVE-2024-35250 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-10-21 | N/A | 7.8 HIGH |
| Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | |||||
| CVE-2024-21338 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-10-21 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2023-36033 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-10-21 | N/A | 7.8 HIGH |
| Windows DWM Core Library Elevation of Privilege Vulnerability | |||||
| CVE-2023-29360 | 1 Microsoft | 9 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 6 more | 2025-10-21 | N/A | 8.4 HIGH |
| Microsoft Streaming Service Elevation of Privilege Vulnerability | |||||
| CVE-2025-27060 | 1 Qualcomm | 50 Immersive Home 214 Platform, Immersive Home 214 Platform Firmware, Immersive Home 216 Platform and 47 more | 2025-10-21 | N/A | 8.8 HIGH |
| Memory corruption while performing SCM call with malformed inputs. | |||||
| CVE-2025-59207 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 8 more | 2025-10-17 | N/A | 7.8 HIGH |
| Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-55696 | 2025-10-14 | N/A | 7.8 HIGH | ||
| Time-of-check time-of-use (toctou) race condition in NtQueryInformation Token function (ntifs.h) allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-59187 | 2025-10-14 | N/A | 7.8 HIGH | ||
| Improper input validation in Windows Kernel allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-47338 | 2025-10-09 | N/A | 7.8 HIGH | ||
| Memory corruption while processing escape commands from userspace. | |||||
| CVE-2025-27048 | 2025-10-09 | N/A | 7.8 HIGH | ||
| Memory corruption while processing camera platform driver IOCTL calls. | |||||
| CVE-2025-53801 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2025-10-02 | N/A | 7.8 HIGH |
| Untrusted pointer dereference in Windows DWM allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-54114 | 1 Microsoft | 10 Windows 10 1607, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-10-02 | N/A | 7.0 HIGH |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to deny service locally. | |||||
| CVE-2025-1255 | 1 Rti | 1 Connext Professional | 2025-10-02 | N/A | 9.1 CRITICAL |
| Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.2.0 before 7.3.0.9. | |||||
| CVE-2025-4993 | 1 Rti | 1 Connext Professional | 2025-10-01 | N/A | 9.1 CRITICAL |
| Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.10, from 6.1.0 before 6.1.2.27, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*. | |||||
| CVE-2025-55230 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-09-30 | N/A | 7.8 HIGH |
| Untrusted pointer dereference in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-58749 | 1 Bytecodealliance | 1 Webassembly Micro Runtime | 2025-09-20 | N/A | 5.3 MEDIUM |
| WebAssembly Micro Runtime (WAMR) is a lightweight standalone WebAssembly (Wasm) runtime. In WAMR versions prior to 2.4.2, when running in LLVM-JIT mode, the runtime cannot exit normally when executing WebAssembly programs containing a memory.fill instruction where the first operand (memory address pointer) is greater than or equal to 2147483648 bytes (2GiB). This causes the runtime to hang in release builds or crash in debug builds due to accessing an invalid pointer. The issue does not occur in FAST-JIT mode or other runtime tools. This has been fixed in version 2.4.2. | |||||
| CVE-2025-54905 | 1 Microsoft | 6 365 Apps, Office, Office Long Term Servicing Channel and 3 more | 2025-09-12 | N/A | 7.1 HIGH |
| Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | |||||