CVE Monitor
CVE-2025-59280
LOW
14 Oct 2025
Improper authentication in Windows SMB Client allows an unauthorized attacker to perform tampering over a network.
CVE-2025-59277
HIGH
14 Oct 2025
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
CVE-2025-59259
MEDIUM
14 Oct 2025
Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.
CVE-2025-59258
MEDIUM
14 Oct 2025
Insertion of sensitive information into log file in Active Directory Federation Services allows an unauthorized attacker to disclose information locally.
CVE-2025-59257
MEDIUM
14 Oct 2025
Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.
CVE-2025-59255
HIGH
14 Oct 2025
Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2025-59254
HIGH
14 Oct 2025
Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2025-59250
HIGH
14 Oct 2025
Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-59249
HIGH
14 Oct 2025
Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.
CVE-2025-59243
HIGH
14 Oct 2025
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-49708
CRITICAL
14 Oct 2025
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges over a network.
CVE-2025-59242
HIGH
14 Oct 2025
Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2025-59237
HIGH
14 Oct 2025
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-59236
HIGH
14 Oct 2025
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-59235
HIGH
14 Oct 2025
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2025-59234
HIGH
14 Oct 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-59233
HIGH
14 Oct 2025
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-59231
HIGH
14 Oct 2025
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-59228
HIGH
14 Oct 2025
Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-59211
MEDIUM
14 Oct 2025
Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally.
CVE-2025-59207
HIGH
14 Oct 2025
Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2025-59206
HIGH
14 Oct 2025
Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability
CVE-2025-59204
MEDIUM
14 Oct 2025
Use of uninitialized resource in Windows Management Services allows an authorized attacker to disclose information locally.
CVE-2025-59202
HIGH
14 Oct 2025
Use after free in Windows Remote Desktop Services allows an authorized attacker to elevate privileges locally.
CVE-2025-59201
HIGH
14 Oct 2025
Improper access control in Network Connection Status Indicator (NCSI) allows an authorized attacker to elevate privileges locally.
Page 179 of 687