Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows
Subscriptions
Total
9198 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-59508 | 1 Microsoft | 22 Windows, Windows 10, Windows 10 1607 and 19 more | 2026-02-26 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-13633 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-26 | 8.8 High |
| Use after free in Digital Credentials in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-66476 | 2 Microsoft, Vim | 2 Windows, Vim | 2026-02-26 | 7.8 High |
| Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious executables placed in the current working directory for the current edited file. On Windows, when using cmd.exe as a shell, Vim resolves external commands by searching the current working directory before system paths. When Vim invokes tools such as findstr for :grep, external commands or filters via :!, or compiler/:make commands, it may inadvertently run a malicious executable present in the same directory as the file being edited. The issue affects Vim for Windows prior to version 9.1.1947. | ||||
| CVE-2025-59511 | 1 Microsoft | 20 Windows, Windows 10, Windows 10 1809 and 17 more | 2026-02-26 | 7.8 High |
| External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59512 | 1 Microsoft | 24 Windows, Windows 10, Windows 10 1607 and 21 more | 2026-02-26 | 7.8 High |
| Improper access control in Customer Experience Improvement Program (CEIP) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-60703 | 1 Microsoft | 28 Remote, Remote Desktop, Windows and 25 more | 2026-02-26 | 7.8 High |
| Untrusted pointer dereference in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-20386 | 2 Microsoft, Splunk | 3 Windows, Splunk, Splunk Enterprise | 2026-02-26 | 8 High |
| In Splunk Enterprise for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Splunk Enterprise for Windows Installation directory. This lets non-administrator users on the machine access the directory and all its contents. | ||||
| CVE-2025-60704 | 1 Microsoft | 27 Windows, Windows 10, Windows 10 1607 and 24 more | 2026-02-26 | 7.5 High |
| Missing cryptographic step in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-20387 | 2 Microsoft, Splunk | 4 Windows, Splunk, Splunk Enterprise and 1 more | 2026-02-26 | 8 High |
| In Splunk Universal Forwarder for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory. This lets non-administrator users on the machine access the directory and all its contents. | ||||
| CVE-2025-60705 | 1 Microsoft | 27 Windows, Windows 10, Windows 10 1607 and 24 more | 2026-02-26 | 7.8 High |
| Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-60707 | 1 Microsoft | 20 Windows, Windows 10, Windows 10 1809 and 17 more | 2026-02-26 | 7.8 High |
| Use after free in Multimedia Class Scheduler Service (MMCSS) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-60709 | 1 Microsoft | 27 Windows, Windows 10, Windows 10 1607 and 24 more | 2026-02-26 | 7.8 High |
| Out-of-bounds read in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-60710 | 1 Microsoft | 6 Windows, Windows 11, Windows 11 24h2 and 3 more | 2026-02-26 | 7.8 High |
| Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-60719 | 1 Microsoft | 27 Windows, Windows 10, Windows 10 1607 and 24 more | 2026-02-26 | 7 High |
| Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-62217 | 1 Microsoft | 26 Windows, Windows 10, Windows 10 1607 and 23 more | 2026-02-26 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-58132 | 2 Microsoft, Zoom | 6 Windows, Meeting Software Development Kit, Rooms and 3 more | 2026-02-26 | 4.1 Medium |
| Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via network access. | ||||
| CVE-2025-62218 | 1 Microsoft | 15 Windows, Windows 10, Windows 10 1607 and 12 more | 2026-02-26 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-62219 | 1 Microsoft | 15 Windows, Windows 10, Windows 10 1607 and 12 more | 2026-02-26 | 7 High |
| Double free in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-62220 | 1 Microsoft | 3 Windows, Windows Subsystem For Linux, Windows Subsystem For Linux Gui | 2026-02-26 | 8.8 High |
| Heap-based buffer overflow in Windows Subsystem for Linux GUI allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-62452 | 1 Microsoft | 26 Windows, Windows 10, Windows 10 1607 and 23 more | 2026-02-26 | 8 High |
| Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. | ||||