Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2025-55680 Time-of-check time-of-use (toctou) race condition in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-55681 Out-of-bounds read in Windows DWM allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2025-55682 Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | 6.1 | MEDIUM | — | 0 |
| CVE-2025-26471 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2025-55683 Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | — | 0 |
| CVE-2025-55684 Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2025-55685 Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2025-55686 Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2025-55687 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Resilient File System (ReFS) allows an unauthorized attacker to elevate privileges locally. | 7.4 | HIGH | — | 0 |
| CVE-2025-55701 Improper validation of specified type of input in Microsoft Windows allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-55689 Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2025-55690 Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2025-55691 Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2025-55692 Improper input validation in Windows Error Reporting allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-55693 Use after free in Windows Kernel allows an unauthorized attacker to elevate privileges locally. | 7.4 | HIGH | — | 0 |
| CVE-2025-55694 Improper access control in Windows Error Reporting allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-55695 Out-of-bounds read in Windows WLAN Auto Config Service allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | — | 0 |
| CVE-2025-55696 Time-of-check time-of-use (toctou) race condition in NtQueryInformation Token function (ntifs.h) allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-55697 Heap-based buffer overflow in Azure Local allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-55698 Null pointer dereference in Windows DirectX allows an authorized attacker to deny service over a network. | 7.7 | HIGH | — | 0 |
| CVE-2025-55699 Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | — | 0 |
| CVE-2025-55700 Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-58715 Integer overflow or wraparound in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally. | 8.8 | HIGH | — | 0 |
| CVE-2025-58716 Improper input validation in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally. | 8.8 | HIGH | — | 0 |
| CVE-2025-58717 Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-58718 Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | 8.8 | HIGH | — | 0 |
| CVE-2025-58719 Use after free in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally. | 4.7 | MEDIUM | — | 0 |
| CVE-2023-7305 SmartBI V8, V9, and V10 contain an unrestricted file upload vulnerability via the RMIServlet request handling logic. Under certain configurations or usage patterns, attackers can send specially crafte... | N/A | NONE | — | 0 |
| CVE-2025-58720 Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-58722 Heap-based buffer overflow in Windows DWM allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-58725 Heap-based buffer overflow in Windows COM allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2025-58726 Improper access control in Windows SMB Server allows an authorized attacker to elevate privileges over a network. | 7.5 | HIGH | — | 0 |
| CVE-2025-58727 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2026-24872 improper pointer arithmetic vulnerability in ProjectSkyfire SkyFire_548.This issue affects SkyFire_548: before 5.4.8-stable5. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-58728 Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-58729 Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-58739 Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-59184 Exposure of sensitive information to an unauthorized actor in Windows High Availability Services allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | — | 0 |
| CVE-2025-59185 External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-24819 Improperly Controlled Sequential Memory Allocation vulnerability in foxinmy weixin4j (weixin4j-base/src/main/java/com/foxinmy/weixin4j/util modules). This vulnerability is associated with program file... | N/A | NONE | — | 0 |
| CVE-2025-59186 Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | — | 0 |
| CVE-2025-59187 Improper input validation in Windows Kernel allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-59188 Exposure of sensitive information to an unauthorized actor in Windows Failover Cluster allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | — | 0 |
| CVE-2025-59189 Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally. | 7.4 | HIGH | — | 0 |
| CVE-2025-59233 Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-59193 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2025-59194 Use of uninitialized resource in Windows Kernel allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2025-59195 Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to deny service locally. | 7.0 | HIGH | — | 0 |
| CVE-2025-59196 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2025-59197 Insertion of sensitive information into log file in Windows ETL Channel allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.