|
2025-07-08
|
CVE-2025-49684
|
Buffer over-read in Storage Port Driver allows an authorized attacker to disclose information locally.
|
Windows_10_1507, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025
|
5.5
|
|
|
|
2025-07-08
|
CVE-2025-49685
|
Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally.
|
Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2
|
7.0
|
|
|
|
2025-07-08
|
CVE-2025-49667
|
Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
|
Windows_10_1507, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025
|
7.8
|
|
|
|
2025-07-08
|
CVE-2025-49686
|
Null pointer dereference in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
|
Windows_10_1507, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025
|
7.8
|
|
|
|
2025-07-08
|
CVE-2025-49675
|
Use after free in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.
|
Windows_10_1507, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025
|
7.8
|
|
|
|
2025-07-08
|
CVE-2025-49678
|
Null pointer dereference in Windows NTFS allows an authorized attacker to elevate privileges locally.
|
Windows_10_1507, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025
|
7.0
|
|
|
|
2025-07-08
|
CVE-2025-49679
|
Numeric truncation error in Windows Shell allows an authorized attacker to elevate privileges locally.
|
Windows_10_1507, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025
|
7.8
|
|
|
|
2025-07-08
|
CVE-2025-49680
|
Improper link resolution before file access ('link following') in Windows Performance Recorder allows an authorized attacker to deny service locally.
|
Windows_10_1507, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2016, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025
|
7.3
|
|
|
|
2025-07-08
|
CVE-2025-49682
|
Use after free in Windows Media allows an authorized attacker to elevate privileges locally.
|
Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025
|
7.3
|
|
|
|
2025-07-08
|
CVE-2025-49687
|
Out-of-bounds read in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.
|
Windows_10_1507, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025
|
8.8
|
|
|