Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Windows_11_23h2
(Microsoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 1039 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-04-08 | CVE-2025-21197 | Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content. | Windows_10_1507, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025 | N/A | ||
| 2025-04-08 | CVE-2025-21205 | Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. | Windows_10_1507, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025 | N/A | ||
| 2025-04-08 | CVE-2025-21221 | Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. | Windows_10_1507, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025 | N/A | ||
| 2025-04-08 | CVE-2025-24058 | Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025 | N/A | ||
| 2025-04-08 | CVE-2025-26640 | Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. | Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2019, Windows_server_2022_23h2, Windows_server_2025 | N/A | ||
| 2025-04-08 | CVE-2025-26641 | Uncontrolled resource consumption in Windows Cryptographic Services allows an unauthorized attacker to deny service over a network. | Windows_10_1507, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025 | N/A | ||
| 2025-04-08 | CVE-2025-26644 | Automated recognition mechanism with inadequate detection or handling of adversarial input perturbations in Windows Hello allows an unauthorized attacker to perform spoofing locally. | Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2019, Windows_server_2025 | N/A | ||
| 2025-04-08 | CVE-2025-26648 | Sensitive data storage in improperly locked memory in Windows Kernel allows an authorized attacker to elevate privileges locally. | Windows_10_1507, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025 | N/A | ||
| 2025-04-08 | CVE-2025-26649 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally. | Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025 | N/A | ||
| 2025-04-08 | CVE-2025-26651 | Exposed dangerous method or function in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network. | Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025 | N/A |