Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Windows_server_2025
(Microsoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 582 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-07-08 | CVE-2025-49682 | Use after free in Windows Media allows an authorized attacker to elevate privileges locally. | Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025 | 7.3 | ||
| 2025-07-08 | CVE-2025-49687 | Out-of-bounds read in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally. | Windows_10_1507, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025 | 8.8 | ||
| 2025-07-08 | CVE-2025-49688 | Double free in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025 | 8.8 | ||
| 2025-07-08 | CVE-2025-49689 | Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally. | Windows_10_1507, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025 | 7.8 | ||
| 2025-07-08 | CVE-2025-49690 | Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an unauthorized attacker to elevate privileges locally. | Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025 | 7.4 | ||
| 2025-07-08 | CVE-2025-49691 | Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over an adjacent network. | Windows_10_1507, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2016, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025 | 8.0 | ||
| 2025-07-08 | CVE-2025-49693 | Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2022_23h2, Windows_server_2025 | 7.8 | ||
| 2025-07-08 | CVE-2025-49694 | Null pointer dereference in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | Windows_11_24h2, Windows_server_2022_23h2, Windows_server_2025 | 7.8 | ||
| 2025-07-08 | CVE-2025-26636 | Processor optimization removal or modification of security-critical code in Windows Kernel allows an authorized attacker to disclose information locally. | Windows_11_24h2, Windows_server_2025 | 5.5 | ||
| 2025-07-08 | CVE-2025-33054 | Insufficient UI warning of dangerous operations in Remote Desktop Client allows an unauthorized attacker to perform spoofing over a network. | Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2025 | 8.1 |