| CVE-2025-62199 |
Microsoft Workplace |
Use after free in Microsoft Workplace permits an unauthorized attacker to execute code domestically. |
Distant Code Execution |
| CVE-2025-60716 |
DirectX Graphics Kernel |
Use after free in Home windows DirectX permits a certified attacker to raise privileges domestically. |
Elevation of Privilege |
| CVE-2025-60724 |
GDI+ |
Heap-based buffer overflow in Microsoft Graphics Part permits an unauthorized attacker to execute code over a community. |
Distant Code Execution |
| CVE-2025-62214 |
Visible Studio |
Improper neutralization of particular components utilized in a command (‘command injection’) in Visible Studio permits a certified attacker to execute code domestically. |
Distant Code Execution |
| CVE-2025-30398 |
Nuance PowerScribe 360 |
Lacking authorization in Nuance PowerScribe permits an unauthorized attacker to reveal info over a community. |
Info Disclosure |
| CVE-2025-59504 |
Azure Monitor Agent |
Heap-based buffer overflow in Azure Monitor Agent permits an unauthorized attacker to execute code domestically. |
Distant Code Execution |
| CVE-2025-59505 |
Home windows Sensible Card Reader |
Double free in Home windows Sensible Card permits a certified attacker to raise privileges domestically. |
Elevation of Privilege |
| CVE-2025-59506 |
DirectX Graphics Kernel |
Concurrent execution utilizing shared useful resource with improper synchronization (‘race situation’) in Home windows DirectX permits a certified attacker to raise privileges domestically. |
Elevation of Privilege |
| CVE-2025-59507 |
Home windows Speech Runtime |
Concurrent execution utilizing shared useful resource with improper synchronization (‘race situation’) in Home windows Speech permits a certified attacker to raise privileges domestically. |
Elevation of Privilege |
| CVE-2025-59508 |
Home windows Speech Recognition |
Concurrent execution utilizing shared useful resource with improper synchronization (‘race situation’) in Home windows Speech permits a certified attacker to raise privileges domestically. |
Elevation of Privilege |
| CVE-2025-59509 |
Home windows Speech Recognition |
Insertion of delicate info into despatched knowledge in Home windows Speech permits a certified attacker to reveal info domestically. |
Info Disclosure |
| CVE-2025-59510 |
Home windows Routing and Distant Entry Service (RRAS) |
Improper hyperlink decision earlier than file entry (‘hyperlink following’) in Home windows Routing and Distant Entry Service (RRAS) permits a certified attacker to disclaim service domestically. |
Denial of Service |
| CVE-2025-59511 |
Home windows WLAN Service |
Exterior management of file title or path in Home windows WLAN Service permits a certified attacker to raise privileges domestically. |
Elevation of Privilege |
| CVE-2025-59512 |
Buyer Expertise Enchancment Program (CEIP) |
Improper entry management in Buyer Expertise Enchancment Program (CEIP) permits a certified attacker to raise privileges domestically. |
Elevation of Privilege |
| CVE-2025-59513 |
Home windows Bluetooth RFCOM Protocol Driver |
Out-of-bounds learn in Home windows Bluetooth RFCOM Protocol Driver permits a certified attacker to reveal info domestically. |
Info Disclosure |
| CVE-2025-60703 |
Home windows Distant Desktop Companies |
Untrusted pointer dereference in Home windows Distant Desktop permits a certified attacker to raise privileges domestically. |
Elevation of Privilege |
| CVE-2025-60704 |
Home windows Kerberos |
Lacking cryptographic step in Home windows Kerberos permits an unauthorized attacker to raise privileges over a community. |
Elevation of Privilege |
| CVE-2025-60705 |
Home windows Consumer-Aspect Caching |
Improper entry management in Home windows Consumer-Aspect Caching (CSC) Service permits a certified attacker to raise privileges domestically. |
Elevation of Privilege |
| CVE-2025-60706 |
Home windows Hyper-V |
Out-of-bounds learn in Home windows Hyper-V permits a certified attacker to reveal info domestically. |
Info Disclosure |
| CVE-2025-60707 |
Multimedia Class Scheduler Service (MMCSS) Driver |
Use after free in Multimedia Class Scheduler Service (MMCSS) permits a certified attacker to raise privileges domestically. |
Elevation of Privilege |
| CVE-2025-60708 |
Storvsp.sys Driver |
Untrusted pointer dereference in Storvsp.sys Driver permits a certified attacker to disclaim service domestically. |
Denial of Service |
| CVE-2025-60709 |
Home windows Widespread Log File System Driver |
Out-of-bounds learn in Home windows Widespread Log File System Driver permits a certified attacker to raise privileges domestically. |
Elevation of Privilege |
| CVE-2025-60710 |
Host Course of for Home windows Duties |
Improper hyperlink decision earlier than file entry (‘hyperlink following’) in Host Course of for Home windows Duties permits a certified attacker to raise privileges domestically. |
Elevation of Privilege |
| CVE-2025-60726 |
Microsoft Excel |
Out-of-bounds learn in Microsoft Workplace Excel permits an unauthorized attacker to reveal info domestically. |
Info Disclosure |
| CVE-2025-60727 |
Microsoft Excel |
Out-of-bounds learn in Microsoft Workplace Excel permits an unauthorized attacker to execute code domestically. |
Distant Code Execution |
| CVE-2025-60728 |
Microsoft Excel |
Untrusted pointer dereference in Microsoft Workplace Excel permits an unauthorized attacker to reveal info over a community. |
Info Disclosure |
| CVE-2025-62206 |
Microsoft Dynamics 365 (On-Premises) |
Publicity of delicate info to an unauthorized actor in Microsoft Dynamics 365 (on-premises) permits an unauthorized attacker to reveal info over a community. |
Info Disclosure |
| CVE-2025-62210 |
Dynamics 365 Discipline Service (on-line) |
Improper neutralization of enter throughout net web page technology (‘cross-site scripting’) in Dynamics 365 Discipline Service (on-line) permits a certified attacker to carry out spoofing over a community. |
Spoofing |
| CVE-2025-62216 |
Microsoft Workplace |
Use after free in Microsoft Workplace permits an unauthorized attacker to execute code domestically. |
Distant Code Execution |
| CVE-2025-60719 |
Home windows Ancillary Perform Driver for WinSock |
Untrusted pointer dereference in Home windows Ancillary Perform Driver for WinSock permits a certified attacker to raise privileges domestically. |
Elevation of Privilege |
| CVE-2025-60722 |
Microsoft OneDrive for Android |
Improper limitation of a pathname to a restricted listing (‘path traversal’) in OneDrive for Android permits a certified attacker to raise privileges over a community. |
Elevation of Privilege |
| CVE-2025-62217 |
Home windows Ancillary Perform Driver for WinSock |
Concurrent execution utilizing shared useful resource with improper synchronization (‘race situation’) in Home windows Ancillary Perform Driver for WinSock permits a certified attacker to raise privileges domestically. |
Elevation of Privilege |
| CVE-2025-62218 |
Microsoft Wi-fi Provisioning System |
Concurrent execution utilizing shared useful resource with improper synchronization (‘race situation’) in Microsoft Wi-fi Provisioning System permits a certified attacker to raise privileges domestically. |
Elevation of Privilege |
| CVE-2025-62219 |
Microsoft Wi-fi Provisioning System |
Double free in Microsoft Wi-fi Provisioning System permits a certified attacker to raise privileges domestically. |
Elevation of Privilege |
| CVE-2025-62220 |
Home windows Subsystem for Linux GUI |
Heap-based buffer overflow in Home windows Subsystem for Linux GUI permits an unauthorized attacker to execute code over a community. |
Distant Code Execution |
| CVE-2025-62452 |
Home windows Routing and Distant Entry Service (RRAS) |
Heap-based buffer overflow in Home windows Routing and Distant Entry Service (RRAS) permits a certified attacker to execute code over a community. |
Distant Code Execution |
| CVE-2025-59240 |
Microsoft Excel |
Publicity of delicate info to an unauthorized actor in Microsoft Workplace Excel permits an unauthorized attacker to reveal info domestically. |
Info Disclosure |
| CVE-2025-47179 |
Configuration Supervisor |
Improper entry management in Microsoft Configuration Supervisor permits a certified attacker to raise privileges domestically. |
Elevation of Privilege |
| CVE-2025-59514 |
Microsoft Streaming Service Proxy |
Improper privilege administration in Microsoft Streaming Service permits a certified attacker to raise privileges domestically. |
Elevation of Privilege |
| CVE-2025-59515 |
Home windows Broadcast DVR Person Service |
Use after free in Home windows Broadcast DVR Person Service permits a certified attacker to raise privileges domestically. |
Elevation of Privilege |
| CVE-2025-60713 |
Home windows Routing and Distant Entry Service (RRAS) |
Untrusted pointer dereference in Home windows Routing and Distant Entry Service (RRAS) permits a certified attacker to raise privileges domestically. |
Elevation of Privilege |
| CVE-2025-60714 |
Home windows OLE |
Heap-based buffer overflow in Home windows OLE permits an unauthorized attacker to execute code domestically. |
Distant Code Execution |
| CVE-2025-60715 |
Home windows Routing and Distant Entry Service (RRAS) |
Heap-based buffer overflow in Home windows Routing and Distant Entry Service (RRAS) permits a certified attacker to execute code over a community. |
Distant Code Execution |
| CVE-2025-60717 |
Home windows Broadcast DVR Person Service |
Use after free in Home windows Broadcast DVR Person Service permits a certified attacker to raise privileges domestically. |
Elevation of Privilege |
| CVE-2025-60718 |
Home windows Administrator Safety |
Untrusted search path in Home windows Administrator Safety permits a certified attacker to raise privileges domestically. |
Elevation of Privilege |
| CVE-2025-60720 |
Home windows Transport Driver Interface (TDI) Translation Driver |
Buffer over-read in Home windows TDX.sys permits a certified attacker to raise privileges domestically. |
Elevation of Privilege |
| CVE-2025-60723 |
DirectX Graphics Kernel |
Concurrent execution utilizing shared useful resource with improper synchronization (‘race situation’) in Home windows DirectX permits a certified attacker to disclaim service over a community. |
Denial of Service |
| CVE-2025-62200 |
Microsoft Excel |
Untrusted pointer dereference in Microsoft Workplace Excel permits an unauthorized attacker to execute code domestically. |
Distant Code Execution |
| CVE-2025-62201 |
Microsoft Excel |
Heap-based buffer overflow in Microsoft Workplace Excel permits an unauthorized attacker to execute code domestically. |
Distant Code Execution |
| CVE-2025-62202 |
Microsoft Excel |
Out-of-bounds learn in Microsoft Workplace Excel permits an unauthorized attacker to reveal info domestically. |
Info Disclosure |
| CVE-2025-62203 |
Microsoft Excel |
Use after free in Microsoft Workplace Excel permits an unauthorized attacker to execute code domestically. |
Distant Code Execution |
| CVE-2025-62204 |
Microsoft SharePoint |
Deserialization of untrusted knowledge in Microsoft Workplace SharePoint permits a certified attacker to execute code over a community. |
Distant Code Execution |
| CVE-2025-62205 |
Microsoft Workplace |
Use after free in Microsoft Workplace Phrase permits an unauthorized attacker to execute code domestically. |
Distant Code Execution |
| CVE-2025-62208 |
Home windows License Supervisor |
Insertion of delicate info into log file in Home windows License Supervisor permits a certified attacker to reveal info domestically. |
Info Disclosure |
| CVE-2025-62209 |
Home windows License Supervisor |
Insertion of delicate info into log file in Home windows License Supervisor permits a certified attacker to reveal info domestically. |
Info Disclosure |
| CVE-2025-59499 |
Microsoft SQL Server |
Improper neutralization of particular components utilized in an sql command (‘sql injection’) in SQL Server permits a certified attacker to raise privileges over a community. |
Elevation of Privilege |
| CVE-2025-62211 |
Dynamics 365 Discipline Service (on-line) |
Improper neutralization of enter throughout net web page technology (‘cross-site scripting’) in Dynamics 365 Discipline Service (on-line) permits a certified attacker to carry out spoofing over a community. |
Spoofing |
| CVE-2025-62215 |
Home windows Kernel |
Concurrent execution utilizing shared useful resource with improper synchronization (‘race situation’) in Home windows Kernel permits a certified attacker to raise privileges domestically. (Zero-day, exploited) |
Elevation of Privilege |
| CVE-2025-62213 |
Home windows Ancillary Perform Driver for WinSock |
Use after free in Home windows Ancillary Perform Driver for WinSock permits a certified attacker to raise privileges domestically. |
Elevation of Privilege |
| CVE-2025-62222 |
Agentic AI and Visible Studio Code |
Improper neutralization of particular components utilized in a command (‘command injection’) in Visible Studio Code CoPilot Chat Extension permits an unauthorized attacker to execute code over a community. |
Distant Code Execution |
| CVE-2025-62449 |
Microsoft Visible Studio Code CoPilot Chat Extension |
Improper limitation of a pathname to a restricted listing (‘path traversal’) in Visible Studio Code CoPilot Chat Extension permits a certified attacker to bypass a safety characteristic domestically. |
Safety Function Bypass |
| CVE-2025-60721 |
Home windows Administrator Safety |
Privilege context switching error in Home windows Administrator Safety permits a certified attacker to raise privileges domestically. |
Elevation of Privilege |
| CVE-2025-62453 |
GitHub Copilot and Visible Studio Code |
Improper validation of generative ai output in GitHub Copilot and Visible Studio Code permits a certified attacker to bypass a safety characteristic domestically. |
Safety Function Bypass |
