Security Vulnerabilities
- CVEs Published In October 2025
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.
Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.
Use after free in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally.
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.
Cleartext transmission of sensitive information in Windows Hello allows an unauthorized attacker to bypass a security feature locally.
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.
Reliance on untrusted inputs in a security decision in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
Use after free in Xbox allows an authorized attacker to elevate privileges locally.
Insertion of sensitive information into log file in Windows Failover Cluster allows an authorized attacker to disclose information locally.
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.