Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows
Subscriptions
Total
8764 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-55754 | 2 Apache, Microsoft | 2 Tomcat, Windows | 2025-10-28 | 9.6 Critical |
| Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue. | ||||
| CVE-2025-9164 | 2 Docker, Microsoft | 2 Desktop, Windows | 2025-10-28 | N/A |
| Docker Desktop Installer.exe is vulnerable to DLL hijacking due to insecure DLL search order. The installer searches for required DLLs in the user's Downloads folder before checking system directories, allowing local privilege escalation through malicious DLL placement.This issue affects Docker Desktop: through 4.48.0. | ||||
| CVE-2025-47979 | 1 Microsoft | 5 Windows, Windows Server, Windows Server 2022 and 2 more | 2025-10-27 | 5.5 Medium |
| Insertion of sensitive information into log file in Windows Failover Cluster allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-59257 | 1 Microsoft | 8 Windows, Windows 11, Windows 11 24h2 and 5 more | 2025-10-27 | 6.5 Medium |
| Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network. | ||||
| CVE-2025-59258 | 1 Microsoft | 9 Active Directory Federation Services, Windows, Windows Server and 6 more | 2025-10-27 | 6.2 Medium |
| Insertion of sensitive information into log file in Active Directory Federation Services allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2025-59280 | 1 Microsoft | 19 Windows, Windows 10, Windows 10 1507 and 16 more | 2025-10-27 | 3.1 Low |
| Improper authentication in Windows SMB Client allows an unauthorized attacker to perform tampering over a network. | ||||
| CVE-2025-59254 | 1 Microsoft | 18 Windows, Windows 10, Windows 10 1507 and 15 more | 2025-10-27 | 7.8 High |
| Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55337 | 1 Microsoft | 7 Bitlocker, Windows, Windows 11 and 4 more | 2025-10-27 | 6.1 Medium |
| Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | ||||
| CVE-2025-53139 | 1 Microsoft | 11 Windows, Windows 10, Windows 10 21h2 and 8 more | 2025-10-27 | 7.7 High |
| Cleartext transmission of sensitive information in Windows Hello allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2025-59502 | 1 Microsoft | 15 Remote, Windows, Windows 10 and 12 more | 2025-10-27 | 7.5 High |
| Uncontrolled resource consumption in Windows Remote Procedure Call allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2025-55332 | 1 Microsoft | 17 Bitlocker, Server, Windows and 14 more | 2025-10-27 | 6.1 Medium |
| Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | ||||
| CVE-2025-53717 | 1 Microsoft | 6 Windows, Windows 11, Windows 11 22h2 and 3 more | 2025-10-27 | 7 High |
| Reliance on untrusted inputs in a security decision in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-53150 | 1 Microsoft | 15 Windows, Windows 10, Windows 10 1809 and 12 more | 2025-10-27 | 7.8 High |
| Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-53768 | 1 Microsoft | 13 Windows, Windows 10, Windows 10 1507 and 10 more | 2025-10-27 | 7.8 High |
| Use after free in Xbox allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55679 | 1 Microsoft | 15 Windows, Windows 10, Windows 10 1809 and 12 more | 2025-10-27 | 5.1 Medium |
| Improper input validation in Windows Kernel allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2025-55326 | 1 Microsoft | 14 Windows, Windows 10, Windows 10 1809 and 11 more | 2025-10-27 | 7.5 High |
| Use after free in Connected Devices Platform Service (Cdpsvc) allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-55331 | 1 Microsoft | 13 Windows, Windows 10, Windows 10 21h2 and 10 more | 2025-10-27 | 7 High |
| Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59284 | 1 Microsoft | 8 Windows, Windows 11, Windows 11 22h2 and 5 more | 2025-10-27 | 3.3 Low |
| Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing locally. | ||||
| CVE-2025-55328 | 1 Microsoft | 21 Hyper-v, Server, Windows and 18 more | 2025-10-27 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-50175 | 1 Microsoft | 16 Windows, Windows 10, Windows 10 1809 and 13 more | 2025-10-27 | 7.8 High |
| Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. | ||||