CVE-2025-60703
- EPSS 0.41%
- Veröffentlicht 11.11.2025 18:15:37
- Zuletzt bearbeitet 17.11.2025 17:47:19
Untrusted pointer dereference in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
CVE-2025-59505
- EPSS 0.39%
- Veröffentlicht 11.11.2025 18:15:36
- Zuletzt bearbeitet 17.11.2025 18:01:19
Double free in Windows Smart Card allows an authorized attacker to elevate privileges locally.
- EPSS 0.24%
- Veröffentlicht 11.11.2025 18:15:36
- Zuletzt bearbeitet 17.11.2025 18:01:15
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally.
- EPSS 0.24%
- Veröffentlicht 11.11.2025 18:15:36
- Zuletzt bearbeitet 17.11.2025 18:01:08
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.
- EPSS 0.24%
- Veröffentlicht 11.11.2025 18:15:36
- Zuletzt bearbeitet 17.11.2025 18:01:05
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.
CVE-2025-59509
- EPSS 0.54%
- Veröffentlicht 11.11.2025 18:15:36
- Zuletzt bearbeitet 17.11.2025 18:00:53
Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker to disclose information locally.
CVE-2025-59510
- EPSS 0.49%
- Veröffentlicht 11.11.2025 18:15:36
- Zuletzt bearbeitet 17.11.2025 17:47:41
Improper link resolution before file access ('link following') in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to deny service locally.
- EPSS 0.22%
- Veröffentlicht 14.10.2025 17:01:48
- Zuletzt bearbeitet 22.10.2025 16:45:33
Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
CVE-2025-59287
- EPSS 99.96%
- Veröffentlicht 14.10.2025 17:01:47
- Zuletzt bearbeitet 12.11.2025 14:33:19
Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
CVE-2025-59278
- EPSS 0.26%
- Veröffentlicht 14.10.2025 17:01:46
- Zuletzt bearbeitet 27.10.2025 19:44:49
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.