Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows
Subscriptions
Total
9115 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-64298 | 3 Microsoft, Mirion, Mirion Medical | 3 Windows, Biodose\/nmis, Nmis Biodose | 2026-01-02 | 8.4 High |
| NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are exposed in the Windows share accessed by clients in networked installs. By default, this directory has insecure directory paths that allow access to the SQL Server database and configuration files, which can contain sensitive data. | ||||
| CVE-2025-55683 | 1 Microsoft | 8 Windows, Windows Server, Windows Server 2016 and 5 more | 2026-01-02 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-59289 | 1 Microsoft | 19 Windows, Windows 10, Windows 10 21h2 and 16 more | 2026-01-02 | 7 High |
| Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59278 | 1 Microsoft | 28 Windows, Windows 10, Windows 10 1507 and 25 more | 2026-01-02 | 7.8 High |
| Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59275 | 1 Microsoft | 28 Windows, Windows 10, Windows 10 1507 and 25 more | 2026-01-02 | 7.8 High |
| Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59261 | 1 Microsoft | 16 Graphics Component, Windows, Windows 11 and 13 more | 2026-01-02 | 7 High |
| Time-of-check time-of-use (toctou) race condition in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59253 | 1 Microsoft | 28 Windows, Windows 10, Windows 10 1507 and 25 more | 2026-01-02 | 5.5 Medium |
| Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny service locally. | ||||
| CVE-2025-59230 | 1 Microsoft | 31 Remote, Windows, Windows 10 and 28 more | 2026-01-02 | 7.8 High |
| Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59244 | 1 Microsoft | 28 Windows, Windows 10, Windows 10 1507 and 25 more | 2026-01-02 | 6.5 Medium |
| External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-59241 | 1 Microsoft | 6 Windows, Windows 11, Windows 11 24h2 and 3 more | 2026-01-02 | 7.8 High |
| Improper link resolution before file access ('link following') in Windows Health and Optimized Experiences Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59214 | 1 Microsoft | 30 Windows, Windows 10, Windows 10 1507 and 27 more | 2026-01-02 | 6.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-59210 | 1 Microsoft | 8 Windows, Windows 11, Windows 11 24h2 and 5 more | 2026-01-02 | 7.4 High |
| Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability | ||||
| CVE-2025-59209 | 1 Microsoft | 27 Windows, Windows 10, Windows 10 1507 and 24 more | 2026-01-02 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-59208 | 1 Microsoft | 30 Windows, Windows 10, Windows 10 1507 and 27 more | 2026-01-02 | 7.1 High |
| Out-of-bounds read in Windows MapUrlToZone allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-59205 | 1 Microsoft | 31 Graphics Component, Windows, Windows 10 and 28 more | 2026-01-02 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59203 | 1 Microsoft | 25 Windows, Windows 10, Windows 10 1507 and 22 more | 2026-01-02 | 5.5 Medium |
| Insertion of sensitive information into log file in Windows StateRepository API allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-59198 | 1 Microsoft | 31 Windows, Windows 10, Windows 10 1507 and 28 more | 2026-01-02 | 5 Medium |
| Improper input validation in Microsoft Windows Search Component allows an authorized attacker to deny service locally. | ||||
| CVE-2025-59197 | 1 Microsoft | 25 Windows, Windows 10, Windows 10 1507 and 22 more | 2026-01-02 | 5.5 Medium |
| Insertion of sensitive information into log file in Windows ETL Channel allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-59194 | 1 Microsoft | 15 Windows, Windows 11, Windows 11 22h2 and 12 more | 2026-01-02 | 7 High |
| Use of uninitialized resource in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59193 | 1 Microsoft | 23 Services, Windows, Windows 10 and 20 more | 2026-01-02 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally. | ||||