| CVE-2025-62199 |
Microsoft Office |
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. |
Remote Code Execution |
| CVE-2025-60716 |
DirectX Graphics Kernel |
Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally. |
Elevation of Privilege |
| CVE-2025-60724 |
GDI+ |
Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network. |
Remote Code Execution |
| CVE-2025-62214 |
Visual Studio |
Improper neutralization of special elements used in a command (‘command injection’) in Visual Studio allows an authorized attacker to execute code locally. |
Remote Code Execution |
| CVE-2025-30398 |
Nuance PowerScribe 360 |
Missing authorization in Nuance PowerScribe allows an unauthorized attacker to disclose information over a network. |
Information Disclosure |
| CVE-2025-59504 |
Azure Monitor Agent |
Heap-based buffer overflow in Azure Monitor Agent allows an unauthorized attacker to execute code locally. |
Remote Code Execution |
| CVE-2025-59505 |
Windows Smart Card Reader |
Double free in Windows Smart Card allows an authorized attacker to elevate privileges locally. |
Elevation of Privilege |
| CVE-2025-59506 |
DirectX Graphics Kernel |
Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows DirectX allows an authorized attacker to elevate privileges locally. |
Elevation of Privilege |
| CVE-2025-59507 |
Windows Speech Runtime |
Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Speech allows an authorized attacker to elevate privileges locally. |
Elevation of Privilege |
| CVE-2025-59508 |
Windows Speech Recognition |
Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Speech allows an authorized attacker to elevate privileges locally. |
Elevation of Privilege |
| CVE-2025-59509 |
Windows Speech Recognition |
Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker to disclose information locally. |
Information Disclosure |
| CVE-2025-59510 |
Windows Routing and Remote Access Service (RRAS) |
Improper link resolution before file access (‘link following’) in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to deny service locally. |
Denial of Service |
| CVE-2025-59511 |
Windows WLAN Service |
External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally. |
Elevation of Privilege |
| CVE-2025-59512 |
Customer Experience Improvement Program (CEIP) |
Improper access control in Customer Experience Improvement Program (CEIP) allows an authorized attacker to elevate privileges locally. |
Elevation of Privilege |
| CVE-2025-59513 |
Windows Bluetooth RFCOM Protocol Driver |
Out-of-bounds read in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to disclose information locally. |
Information Disclosure |
| CVE-2025-60703 |
Windows Remote Desktop Services |
Untrusted pointer dereference in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. |
Elevation of Privilege |
| CVE-2025-60704 |
Windows Kerberos |
Missing cryptographic step in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network. |
Elevation of Privilege |
| CVE-2025-60705 |
Windows Client-Side Caching |
Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally. |
Elevation of Privilege |
| CVE-2025-60706 |
Windows Hyper-V |
Out-of-bounds read in Windows Hyper-V allows an authorized attacker to disclose information locally. |
Information Disclosure |
| CVE-2025-60707 |
Multimedia Class Scheduler Service (MMCSS) Driver |
Use after free in Multimedia Class Scheduler Service (MMCSS) allows an authorized attacker to elevate privileges locally. |
Elevation of Privilege |
| CVE-2025-60708 |
Storvsp.sys Driver |
Untrusted pointer dereference in Storvsp.sys Driver allows an authorized attacker to deny service locally. |
Denial of Service |
| CVE-2025-60709 |
Windows Common Log File System Driver |
Out-of-bounds read in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. |
Elevation of Privilege |
| CVE-2025-60710 |
Host Process for Windows Tasks |
Improper link resolution before file access (‘link following’) in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally. |
Elevation of Privilege |
| CVE-2025-60726 |
Microsoft Excel |
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. |
Information Disclosure |
| CVE-2025-60727 |
Microsoft Excel |
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
Remote Code Execution |
| CVE-2025-60728 |
Microsoft Excel |
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network. |
Information Disclosure |
| CVE-2025-62206 |
Microsoft Dynamics 365 (On-Premises) |
Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network. |
Information Disclosure |
| CVE-2025-62210 |
Dynamics 365 Field Service (online) |
Improper neutralization of input during web page generation (‘cross-site scripting’) in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network. |
Spoofing |
| CVE-2025-62216 |
Microsoft Office |
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. |
Remote Code Execution |
| CVE-2025-60719 |
Windows Ancillary Function Driver for WinSock |
Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |
Elevation of Privilege |
| CVE-2025-60722 |
Microsoft OneDrive for Android |
Improper limitation of a pathname to a restricted directory (‘path traversal’) in OneDrive for Android allows an authorized attacker to elevate privileges over a network. |
Elevation of Privilege |
| CVE-2025-62217 |
Windows Ancillary Function Driver for WinSock |
Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |
Elevation of Privilege |
| CVE-2025-62218 |
Microsoft Wireless Provisioning System |
Concurrent execution using shared resource with improper synchronization (‘race condition’) in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally. |
Elevation of Privilege |
| CVE-2025-62219 |
Microsoft Wireless Provisioning System |
Double free in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally. |
Elevation of Privilege |
| CVE-2025-62220 |
Windows Subsystem for Linux GUI |
Heap-based buffer overflow in Windows Subsystem for Linux GUI allows an unauthorized attacker to execute code over a network. |
Remote Code Execution |
| CVE-2025-62452 |
Windows Routing and Remote Access Service (RRAS) |
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. |
Remote Code Execution |
| CVE-2025-59240 |
Microsoft Excel |
Exposure of sensitive information to an unauthorized actor in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. |
Information Disclosure |
| CVE-2025-47179 |
Configuration Manager |
Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally. |
Elevation of Privilege |
| CVE-2025-59514 |
Microsoft Streaming Service Proxy |
Improper privilege management in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally. |
Elevation of Privilege |
| CVE-2025-59515 |
Windows Broadcast DVR User Service |
Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally. |
Elevation of Privilege |
| CVE-2025-60713 |
Windows Routing and Remote Access Service (RRAS) |
Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally. |
Elevation of Privilege |
| CVE-2025-60714 |
Windows OLE |
Heap-based buffer overflow in Windows OLE allows an unauthorized attacker to execute code locally. |
Remote Code Execution |
| CVE-2025-60715 |
Windows Routing and Remote Access Service (RRAS) |
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. |
Remote Code Execution |
| CVE-2025-60717 |
Windows Broadcast DVR User Service |
Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally. |
Elevation of Privilege |
| CVE-2025-60718 |
Windows Administrator Protection |
Untrusted search path in Windows Administrator Protection allows an authorized attacker to elevate privileges locally. |
Elevation of Privilege |
| CVE-2025-60720 |
Windows Transport Driver Interface (TDI) Translation Driver |
Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally. |
Elevation of Privilege |
| CVE-2025-60723 |
DirectX Graphics Kernel |
Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows DirectX allows an authorized attacker to deny service over a network. |
Denial of Service |
| CVE-2025-62200 |
Microsoft Excel |
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
Remote Code Execution |
| CVE-2025-62201 |
Microsoft Excel |
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
Remote Code Execution |
| CVE-2025-62202 |
Microsoft Excel |
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. |
Information Disclosure |
| CVE-2025-62203 |
Microsoft Excel |
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
Remote Code Execution |
| CVE-2025-62204 |
Microsoft SharePoint |
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
Remote Code Execution |
| CVE-2025-62205 |
Microsoft Office |
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
Remote Code Execution |
| CVE-2025-62208 |
Windows License Manager |
Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally. |
Information Disclosure |
| CVE-2025-62209 |
Windows License Manager |
Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally. |
Information Disclosure |
| CVE-2025-59499 |
Microsoft SQL Server |
Improper neutralization of special elements used in an sql command (‘sql injection’) in SQL Server allows an authorized attacker to elevate privileges over a network. |
Elevation of Privilege |
| CVE-2025-62211 |
Dynamics 365 Field Service (online) |
Improper neutralization of input during web page generation (‘cross-site scripting’) in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network. |
Spoofing |
| CVE-2025-62215 |
Windows Kernel |
Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Kernel allows an authorized attacker to elevate privileges locally. (Zero-day, exploited) |
Elevation of Privilege |
| CVE-2025-62213 |
Windows Ancillary Function Driver for WinSock |
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |
Elevation of Privilege |
| CVE-2025-62222 |
Agentic AI and Visual Studio Code |
Improper neutralization of special elements used in a command (‘command injection’) in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network. |
Remote Code Execution |
| CVE-2025-62449 |
Microsoft Visual Studio Code CoPilot Chat Extension |
Improper limitation of a pathname to a restricted directory (‘path traversal’) in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally. |
Security Feature Bypass |
| CVE-2025-60721 |
Windows Administrator Protection |
Privilege context switching error in Windows Administrator Protection allows an authorized attacker to elevate privileges locally. |
Elevation of Privilege |
| CVE-2025-62453 |
GitHub Copilot and Visual Studio Code |
Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature locally. |
Security Feature Bypass |