{"cves":[{"cve_id":"CVE-2026-33827","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00062,"ranking_epss":0.19192,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33827"],"published_time":"2026-04-14T18:17:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-33829","summary":"Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00065,"ranking_epss":0.20201,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33829"],"published_time":"2026-04-14T18:17:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-33824","summary":"Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00074,"ranking_epss":0.22472,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33824"],"published_time":"2026-04-14T18:17:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-33104","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.10762,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33104"],"published_time":"2026-04-14T18:17:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-33099","summary":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12164,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33099"],"published_time":"2026-04-14T18:17:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-33100","summary":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12164,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33100"],"published_time":"2026-04-14T18:17:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-33098","summary":"Use after free in Windows Container Isolation FS Filter Driver allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00044,"ranking_epss":0.13339,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33098"],"published_time":"2026-04-14T18:17:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-32225","summary":"Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0008,"ranking_epss":0.23554,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32225"],"published_time":"2026-04-14T18:17:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-26132","summary":"Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00076,"ranking_epss":0.22814,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26132"],"published_time":"2026-03-10T18:18:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-26128","summary":"Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00052,"ranking_epss":0.16286,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26128"],"published_time":"2026-03-10T18:18:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-25189","summary":"Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00057,"ranking_epss":0.17691,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25189"],"published_time":"2026-03-10T18:18:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-25190","summary":"Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00064,"ranking_epss":0.19924,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25190"],"published_time":"2026-03-10T18:18:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-25186","summary":"Exposure of sensitive information to an unauthorized actor in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0005,"ranking_epss":0.15519,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25186"],"published_time":"2026-03-10T18:18:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-25187","summary":"Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00116,"ranking_epss":0.30217,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25187"],"published_time":"2026-03-10T18:18:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-25188","summary":"Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to elevate privileges over an adjacent network.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00107,"ranking_epss":0.28822,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25188"],"published_time":"2026-03-10T18:18:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-25180","summary":"Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00051,"ranking_epss":0.15627,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25180"],"published_time":"2026-03-10T18:18:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-25181","summary":"Out-of-bounds read in Windows GDI+ allows an unauthorized attacker to disclose information over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00094,"ranking_epss":0.26232,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25181"],"published_time":"2026-03-10T18:18:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-25185","summary":"Exposure of sensitive information to an unauthorized actor in Windows Shell Link Processing allows an unauthorized attacker to perform spoofing over a network.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00086,"ranking_epss":0.24714,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25185"],"published_time":"2026-03-10T18:18:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-25177","summary":"Improper restriction of names for files and other resources in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00098,"ranking_epss":0.26841,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25177"],"published_time":"2026-03-10T18:18:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-25178","summary":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.11948,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25178"],"published_time":"2026-03-10T18:18:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-25179","summary":"Improper validation of specified type of input in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.18863,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25179"],"published_time":"2026-03-10T18:18:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-25174","summary":"Out-of-bounds read in Windows Extensible File Allocation allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00057,"ranking_epss":0.17691,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25174"],"published_time":"2026-03-10T18:18:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-25175","summary":"Out-of-bounds read in Windows NTFS allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00057,"ranking_epss":0.17691,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25175"],"published_time":"2026-03-10T18:18:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-25176","summary":"Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00052,"ranking_epss":0.16286,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25176"],"published_time":"2026-03-10T18:18:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-25171","summary":"Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.11948,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25171"],"published_time":"2026-03-10T18:18:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-25173","summary":"Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.","cvss":8.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.0,"cvss_v4":null,"epss":0.00077,"ranking_epss":0.23088,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25173"],"published_time":"2026-03-10T18:18:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-25168","summary":"Null pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to deny service locally.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"cvss_v4":null,"epss":0.00048,"ranking_epss":0.14858,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25168"],"published_time":"2026-03-10T18:18:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-25169","summary":"Divide by zero in Microsoft Graphics Component allows an unauthorized attacker to deny service locally.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.18989,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25169"],"published_time":"2026-03-10T18:18:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-25165","summary":"Null pointer dereference in Windows Performance Counters allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00057,"ranking_epss":0.17691,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25165"],"published_time":"2026-03-10T18:18:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-25166","summary":"Deserialization of untrusted data in Windows System Image Manager allows an authorized attacker to execute code locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00499,"ranking_epss":0.65951,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25166"],"published_time":"2026-03-10T18:18:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-24297","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kerberos allows an unauthorized attacker to bypass a security feature over a network.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00047,"ranking_epss":0.14529,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24297"],"published_time":"2026-03-10T18:18:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-24296","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Device Association Service allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.10535,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24296"],"published_time":"2026-03-10T18:18:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-24292","summary":"Use after free in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00057,"ranking_epss":0.17691,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24292"],"published_time":"2026-03-10T18:18:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-24293","summary":"Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00057,"ranking_epss":0.17691,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24293"],"published_time":"2026-03-10T18:18:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-24294","summary":"Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0008,"ranking_epss":0.23691,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24294","https://www.vicarius.io/vsociety/posts/cve-2026-24294-detection-script-improper-authentication-vulnerability-in-windows-smb-server","https://www.vicarius.io/vsociety/posts/cve-2026-24294-mitigation-script-improper-authentication-vulnerability-in-windows-smb-server"],"published_time":"2026-03-10T18:18:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-24295","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Device Association Service allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.10535,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24295"],"published_time":"2026-03-10T18:18:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-24289","summary":"Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00057,"ranking_epss":0.17754,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24289"],"published_time":"2026-03-10T18:18:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-24290","summary":"Improper access control in Windows Projected File System allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00052,"ranking_epss":0.16286,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24290"],"published_time":"2026-03-10T18:18:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-24291","summary":"Incorrect permission assignment for critical resource in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24652,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24291","https://github.com/mdsecactivebreach/RegPwn","https://www.mdsec.co.uk/2026/03/rip-regpwn/"],"published_time":"2026-03-10T18:18:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-24285","summary":"Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00058,"ranking_epss":0.17972,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24285"],"published_time":"2026-03-10T18:18:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-24287","summary":"External control of file name or path in Windows Kernel allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00084,"ranking_epss":0.24457,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24287"],"published_time":"2026-03-10T18:18:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-24288","summary":"Heap-based buffer overflow in Windows Mobile Broadband allows an unauthorized attacker to execute code with a physical attack.","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00083,"ranking_epss":0.24249,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24288"],"published_time":"2026-03-10T18:18:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-24282","summary":"Out-of-bounds read in Push Message Routing Service allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00048,"ranking_epss":0.1486,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24282"],"published_time":"2026-03-10T18:18:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-23673","summary":"Out-of-bounds read in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00057,"ranking_epss":0.17691,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23673"],"published_time":"2026-03-10T18:18:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-23674","summary":"Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00138,"ranking_epss":0.33973,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23674"],"published_time":"2026-03-10T18:18:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-23668","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00046,"ranking_epss":0.14143,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23668"],"published_time":"2026-03-10T18:18:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-23669","summary":"Use after free in RPC Runtime allows an authorized attacker to execute code over a network.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00089,"ranking_epss":0.25269,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23669"],"published_time":"2026-03-10T18:18:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-23671","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.10535,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23671"],"published_time":"2026-03-10T18:18:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-23672","summary":"Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00057,"ranking_epss":0.17691,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23672"],"published_time":"2026-03-10T18:18:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-23667","summary":"Use after free in Broadcast DVR allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.11948,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23667"],"published_time":"2026-03-10T18:18:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-21533","summary":"Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.22712,"ranking_epss":0.95881,"kev":true,"propose_action":"Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.","ransomware_campaign":"Unknown","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533","https://www.vicarius.io/vsociety/posts/cve-2026-21533-detection-script-privilege-escalation-vulnerability-in-windows-remote-desktop","https://www.vicarius.io/vsociety/posts/cve-2026-21533-mitigation-script-privilege-escalation-vulnerability-in-windows-remote-desktop","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21533"],"published_time":"2026-02-10T18:16:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-21519","summary":"Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.04533,"ranking_epss":0.89182,"kev":true,"propose_action":"Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.","ransomware_campaign":"Unknown","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21519"],"published_time":"2026-02-10T18:16:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-21525","summary":"Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"cvss_v4":null,"epss":0.11781,"ranking_epss":0.93729,"kev":true,"propose_action":"Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.","ransomware_campaign":"Unknown","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525","https://www.vicarius.io/vsociety/posts/cve-2026-21525-detection-script-dos-vulnerability-in-windows-remote-access-connection-manager","https://www.vicarius.io/vsociety/posts/cve-2026-21525-mitigation-script-dos-vulnerability-in-windows-remote-access-connection-manager","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21525"],"published_time":"2026-02-10T18:16:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-21508","summary":"Improper authentication in Windows Storage allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.0005,"ranking_epss":0.15265,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21508"],"published_time":"2026-02-10T18:16:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-21510","summary":"Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.03525,"ranking_epss":0.87665,"kev":true,"propose_action":"Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network. ","ransomware_campaign":"Unknown","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21510"],"published_time":"2026-02-10T18:16:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-21513","summary":"Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.28291,"ranking_epss":0.96519,"kev":true,"propose_action":"Microsoft MSHTML Framework contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.","ransomware_campaign":"Unknown","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21513","https://www.vicarius.io/vsociety/posts/cve-2026-21513-detection-script-security-feature-bypass-vulnerability-in-mshtml-framework","https://www.vicarius.io/vsociety/posts/cve-2026-21513-mitigation-script-security-feature-bypass-vulnerability-in-mshtml-framework","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21513"],"published_time":"2026-02-10T18:16:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-21253","summary":"Use after free in Mailslot File System allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.18934,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21253","https://www.vicarius.io/vsociety/posts/cve-2026-21253-detection-script-elevation-of-privilege-vulnerability-in-mailslot-file-system","https://www.vicarius.io/vsociety/posts/cve-2026-21253-mitigation-script-elevation-of-privilege-vulnerability-in-mailslot-file-system"],"published_time":"2026-02-10T18:16:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-21255","summary":"Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08723,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21255"],"published_time":"2026-02-10T18:16:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-21246","summary":"Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00026,"ranking_epss":0.07121,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21246"],"published_time":"2026-02-10T18:16:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-21247","summary":"Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"cvss_v4":null,"epss":0.00054,"ranking_epss":0.16734,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21247"],"published_time":"2026-02-10T18:16:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-21248","summary":"Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07605,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21248"],"published_time":"2026-02-10T18:16:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-21249","summary":"External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00056,"ranking_epss":0.17576,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21249"],"published_time":"2026-02-10T18:16:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-21242","summary":"Use after free in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.10515,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21242"],"published_time":"2026-02-10T18:16:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-21244","summary":"Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07605,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21244"],"published_time":"2026-02-10T18:16:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-21235","summary":"Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"cvss_v4":null,"epss":0.00042,"ranking_epss":0.12734,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21235"],"published_time":"2026-02-10T18:16:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-21236","summary":"Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00034,"ranking_epss":0.09621,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21236"],"published_time":"2026-02-10T18:16:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-21237","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00032,"ranking_epss":0.09277,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21237"],"published_time":"2026-02-10T18:16:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-21238","summary":"Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08617,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21238"],"published_time":"2026-02-10T18:16:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-21239","summary":"Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00034,"ranking_epss":0.09621,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21239"],"published_time":"2026-02-10T18:16:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-21240","summary":"Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00028,"ranking_epss":0.07788,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21240"],"published_time":"2026-02-10T18:16:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-21222","summary":"Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12211,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21222"],"published_time":"2026-02-10T18:16:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-21231","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00032,"ranking_epss":0.0916,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21231"],"published_time":"2026-02-10T18:16:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-21234","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00032,"ranking_epss":0.09277,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21234"],"published_time":"2026-02-10T18:16:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20846","summary":"Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.19043,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20846"],"published_time":"2026-02-10T18:16:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-21265","summary":"Windows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. These original certificates are approaching expiration, and devices containing affected certificate versions must update them to maintain Secure Boot functionality and avoid compromising security by losing security fixes related to Windows boot manager or Secure Boot.\nThe operating system’s certificate update protection mechanism relies on firmware components that might contain defects, which can cause certificate trust updates to fail or behave unpredictably. This leads to potential disruption of the Secure Boot trust chain and requires careful validation and deployment to restore intended security guarantees.\n\n\n\nCertificate Authority (CA)\nLocation\nPurpose\nExpiration Date\n\n\n\n\nMicrosoft Corporation KEK CA 2011\nKEK\nSigns updates to the DB and DBX\n06/24/2026\n\n\nMicrosoft Corporation UEFI CA 2011\nDB\nSigns 3rd party boot loaders, Option ROMs, etc.\n06/27/2026\n\n\nMicrosoft Windows Production PCA 2011\nDB\nSigns the Windows Boot Manager\n10/19/2026\n\n\n\nFor more information see this CVE and Windows Secure Boot certificate expiration and CA updates.","cvss":6.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.4,"cvss_v4":null,"epss":0.00505,"ranking_epss":0.66231,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21265"],"published_time":"2026-01-13T18:16:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20962","summary":"Use of uninitialized resource in Dynamic Root of Trust for Measurement (DRTM) allows an authorized attacker to disclose information locally.","cvss":4.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.4,"cvss_v4":null,"epss":0.00161,"ranking_epss":0.36976,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20962"],"published_time":"2026-01-13T18:16:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20939","summary":"Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.105,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20939"],"published_time":"2026-01-13T18:16:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20940","summary":"Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00035,"ranking_epss":0.1004,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20940"],"published_time":"2026-01-13T18:16:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20931","summary":"External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network.","cvss":8.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.0,"cvss_v4":null,"epss":0.00789,"ranking_epss":0.73906,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20931"],"published_time":"2026-01-13T18:16:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20932","summary":"Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00042,"ranking_epss":0.12574,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20932"],"published_time":"2026-01-13T18:16:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20934","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00052,"ranking_epss":0.1631,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20934"],"published_time":"2026-01-13T18:16:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20936","summary":"Out-of-bounds read in Windows NDIS allows an authorized attacker to disclose information with a physical attack.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.1166,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20936"],"published_time":"2026-01-13T18:16:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20937","summary":"Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.105,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20937"],"published_time":"2026-01-13T18:16:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20924","summary":"Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.06691,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20924"],"published_time":"2026-01-13T18:16:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20925","summary":"External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00104,"ranking_epss":0.2838,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20925"],"published_time":"2026-01-13T18:16:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20926","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00052,"ranking_epss":0.1631,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20926"],"published_time":"2026-01-13T18:16:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20927","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to deny service over a network.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00035,"ranking_epss":0.10236,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20927"],"published_time":"2026-01-13T18:16:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20929","summary":"Improper access control in Windows HTTP.sys allows an authorized attacker to elevate privileges over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00045,"ranking_epss":0.13524,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20929"],"published_time":"2026-01-13T18:16:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20919","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00052,"ranking_epss":0.1631,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20919"],"published_time":"2026-01-13T18:16:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20921","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00052,"ranking_epss":0.1631,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20921"],"published_time":"2026-01-13T18:16:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20922","summary":"Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07387,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20922"],"published_time":"2026-01-13T18:16:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20923","summary":"Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00032,"ranking_epss":0.09022,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20923"],"published_time":"2026-01-13T18:16:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20873","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.06691,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20873"],"published_time":"2026-01-13T18:16:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20874","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.06691,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20874"],"published_time":"2026-01-13T18:16:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20875","summary":"Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0008,"ranking_epss":0.23628,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20875"],"published_time":"2026-01-13T18:16:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20877","summary":"Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.06691,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20877"],"published_time":"2026-01-13T18:16:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20918","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.06691,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20918"],"published_time":"2026-01-13T18:16:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20867","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.06691,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20867"],"published_time":"2026-01-13T18:16:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20868","summary":"Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00131,"ranking_epss":0.32594,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20868","https://www.vicarius.io/vsociety/posts/cve-2026-20868-detection-script-heap-based-buffer-overflow-vulnerability-affecting-windows-rras","https://www.vicarius.io/vsociety/posts/cve-2026-20868-mitigation-script-heap-based-buffer-overflow-vulnerability-affecting-windows-rras"],"published_time":"2026-01-13T18:16:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20869","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Local Session Manager (LSM) allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.06691,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20869"],"published_time":"2026-01-13T18:16:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20871","summary":"Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00041,"ranking_epss":0.12265,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20871"],"published_time":"2026-01-13T18:16:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20872","summary":"External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00086,"ranking_epss":0.24734,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20872","https://www.vicarius.io/vsociety/posts/cve-2026-20872-detection-script-spoofing-vulnerability-in-windows-ntlm","https://www.vicarius.io/vsociety/posts/cve-2026-20872-mitigation-script-spoofing-vulnerability-in-windows-ntlm"],"published_time":"2026-01-13T18:16:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20861","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.06691,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20861"],"published_time":"2026-01-13T18:16:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20862","summary":"Exposure of sensitive information to an unauthorized actor in Windows Management Services allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00055,"ranking_epss":0.17181,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20862"],"published_time":"2026-01-13T18:16:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20864","summary":"Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00035,"ranking_epss":0.1004,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20864"],"published_time":"2026-01-13T18:16:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20865","summary":"Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00032,"ranking_epss":0.09022,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20865"],"published_time":"2026-01-13T18:16:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20866","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.06691,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20866"],"published_time":"2026-01-13T18:16:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20856","summary":"Improper input validation in Windows Server Update Service allows an unauthorized attacker to execute code over a network.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00126,"ranking_epss":0.31947,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20856"],"published_time":"2026-01-13T18:16:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20857","summary":"Untrusted pointer dereference in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07387,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20857"],"published_time":"2026-01-13T18:16:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20858","summary":"Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.06691,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20858"],"published_time":"2026-01-13T18:16:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20860","summary":"Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24613,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20860"],"published_time":"2026-01-13T18:16:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20847","summary":"Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to perform spoofing over a network.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00134,"ranking_epss":0.32977,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20847"],"published_time":"2026-01-13T18:16:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20848","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00052,"ranking_epss":0.1631,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20848"],"published_time":"2026-01-13T18:16:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20849","summary":"Reliance on untrusted inputs in a security decision in Windows Kerberos allows an authorized attacker to elevate privileges over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00088,"ranking_epss":0.25169,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20849"],"published_time":"2026-01-13T18:16:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20852","summary":"Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally.","cvss":7.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.7,"cvss_v4":null,"epss":0.00043,"ranking_epss":0.13061,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20852"],"published_time":"2026-01-13T18:16:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20853","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows WalletService allows an unauthorized attacker to elevate privileges locally.","cvss":7.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.4,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06548,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20853"],"published_time":"2026-01-13T18:16:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20839","summary":"Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00037,"ranking_epss":0.10909,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20839"],"published_time":"2026-01-13T18:16:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20840","summary":"Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07387,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20840"],"published_time":"2026-01-13T18:16:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20842","summary":"Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00032,"ranking_epss":0.09022,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20842"],"published_time":"2026-01-13T18:16:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20843","summary":"Improper access control in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08935,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20843"],"published_time":"2026-01-13T18:16:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20844","summary":"Use after free in Windows Clipboard Server allows an unauthorized attacker to elevate privileges locally.","cvss":7.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.4,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06548,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20844"],"published_time":"2026-01-13T18:16:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20832","summary":"Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07387,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20832"],"published_time":"2026-01-13T18:16:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20834","summary":"Absolute path traversal in Windows Shell allows an unauthorized attacker to perform spoofing with a physical attack.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.0008,"ranking_epss":0.23539,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20834"],"published_time":"2026-01-13T18:16:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20836","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.06691,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20836"],"published_time":"2026-01-13T18:16:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20837","summary":"Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12153,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20837"],"published_time":"2026-01-13T18:16:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20826","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Tablet Windows User Interface (TWINUI) Subsystem allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.0666,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20826"],"published_time":"2026-01-13T18:16:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20827","summary":"Exposure of sensitive information to an unauthorized actor in Tablet Windows User Interface (TWINUI) Subsystem allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00055,"ranking_epss":0.17181,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20827"],"published_time":"2026-01-13T18:16:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20828","summary":"Out-of-bounds read in Windows Internet Connection Sharing (ICS) allows an unauthorized attacker to disclose information with a physical attack.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00045,"ranking_epss":0.13584,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20828"],"published_time":"2026-01-13T18:16:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20829","summary":"Out-of-bounds read in Windows TPM allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12097,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20829"],"published_time":"2026-01-13T18:16:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20831","summary":"Time-of-check time-of-use (toctou) race condition in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.0666,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20831"],"published_time":"2026-01-13T18:16:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20820","summary":"Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.06919,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20820"],"published_time":"2026-01-13T18:16:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20821","summary":"Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an unauthorized attacker to disclose information locally.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"cvss_v4":null,"epss":0.00041,"ranking_epss":0.12309,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20821"],"published_time":"2026-01-13T18:16:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20822","summary":"Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00032,"ranking_epss":0.09022,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20822"],"published_time":"2026-01-13T18:16:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20823","summary":"Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00042,"ranking_epss":0.12574,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20823"],"published_time":"2026-01-13T18:16:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20824","summary":"Protection mechanism failure in Windows Remote Assistance allows an unauthorized attacker to bypass a security feature locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.11905,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20824"],"published_time":"2026-01-13T18:16:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20825","summary":"Improper access control in Windows Hyper-V allows an authorized attacker to disclose information locally.","cvss":4.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.4,"cvss_v4":null,"epss":0.00041,"ranking_epss":0.12383,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20825"],"published_time":"2026-01-13T18:16:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20814","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.06691,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20814"],"published_time":"2026-01-13T18:16:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20816","summary":"Time-of-check time-of-use (toctou) race condition in Windows Installer allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06591,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20816"],"published_time":"2026-01-13T18:16:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20817","summary":"Improper handling of insufficient permissions or privileges in Windows Error Reporting allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08612,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20817"],"published_time":"2026-01-13T18:16:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20805","summary":"Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.03271,"ranking_epss":0.87183,"kev":true,"propose_action":"Microsoft Windows Desktop Windows Manager contains an information disclosure vulnerability that allows an authorized attacker to disclose information locally.","ransomware_campaign":"Unknown","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20805","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20805"],"published_time":"2026-01-13T18:16:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20809","summary":"Time-of-check time-of-use (toctou) race condition in Windows Kernel Memory allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.0743,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20809"],"published_time":"2026-01-13T18:16:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20810","summary":"Free of memory not on the heap in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00035,"ranking_epss":0.1004,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20810"],"published_time":"2026-01-13T18:16:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20812","summary":"Improper input validation in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to perform tampering over a network.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00068,"ranking_epss":0.2109,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20812"],"published_time":"2026-01-13T18:16:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20804","summary":"Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally.","cvss":7.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.7,"cvss_v4":null,"epss":0.00043,"ranking_epss":0.13061,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20804"],"published_time":"2026-01-13T18:16:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-64679","summary":"Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0005,"ranking_epss":0.15404,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64679"],"published_time":"2025-12-09T18:16:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-64680","summary":"Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00106,"ranking_epss":0.28624,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64680"],"published_time":"2025-12-09T18:16:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-64670","summary":"Exposure of sensitive information to an unauthorized actor in Microsoft Graphics Component allows an authorized attacker to disclose information over a network.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00275,"ranking_epss":0.51041,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64670"],"published_time":"2025-12-09T18:16:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-64673","summary":"Improper access control in Storvsp.sys Driver allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00097,"ranking_epss":0.26748,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64673"],"published_time":"2025-12-09T18:16:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-64678","summary":"Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00092,"ranking_epss":0.25711,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64678"],"published_time":"2025-12-09T18:16:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-64658","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0008,"ranking_epss":0.23705,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64658"],"published_time":"2025-12-09T18:16:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-64661","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00075,"ranking_epss":0.22605,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64661"],"published_time":"2025-12-09T18:16:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-62571","summary":"Improper input validation in Windows Installer allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00161,"ranking_epss":0.36992,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62571"],"published_time":"2025-12-09T18:16:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-62573","summary":"Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00075,"ranking_epss":0.22605,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62573"],"published_time":"2025-12-09T18:16:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-62565","summary":"Use after free in Windows Shell allows an authorized attacker to elevate privileges locally.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"cvss_v4":null,"epss":0.00138,"ranking_epss":0.33942,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62565"],"published_time":"2025-12-09T18:16:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-62567","summary":"Integer underflow (wrap or wraparound) in Windows Hyper-V allows an authorized attacker to deny service over a network.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00152,"ranking_epss":0.3589,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62567"],"published_time":"2025-12-09T18:16:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-62470","summary":"Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00106,"ranking_epss":0.28624,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62470"],"published_time":"2025-12-09T18:15:59","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-62472","summary":"Use of uninitialized resource in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00261,"ranking_epss":0.49505,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62472"],"published_time":"2025-12-09T18:15:59","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-62473","summary":"Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00124,"ranking_epss":0.316,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62473"],"published_time":"2025-12-09T18:15:59","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-62474","summary":"Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00097,"ranking_epss":0.26748,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62474"],"published_time":"2025-12-09T18:15:59","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-62549","summary":"Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00223,"ranking_epss":0.45009,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62549","https://www.vicarius.io/vsociety/posts/cve-2025-62549-detection-script-rce-vulnerability-in-windows-routing-and-remote-access-service","https://www.vicarius.io/vsociety/posts/cve-2025-62549-mitigation-script-rce-vulnerability-in-windows-routing-and-remote-access-service"],"published_time":"2025-12-09T18:15:59","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-62463","summary":"Null pointer dereference in Windows DirectX allows an authorized attacker to deny service locally.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0009,"ranking_epss":0.25529,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62463"],"published_time":"2025-12-09T18:15:58","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-62464","summary":"Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00106,"ranking_epss":0.28624,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62464"],"published_time":"2025-12-09T18:15:58","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-62466","summary":"Null pointer dereference in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00106,"ranking_epss":0.28624,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62466"],"published_time":"2025-12-09T18:15:58","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-62467","summary":"Integer overflow or wraparound in Windows Projected File System allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00145,"ranking_epss":0.34874,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62467"],"published_time":"2025-12-09T18:15:58","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-62457","summary":"Out-of-bounds read in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00106,"ranking_epss":0.28624,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62457"],"published_time":"2025-12-09T18:15:57","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-62458","summary":"Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00059,"ranking_epss":0.18385,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62458"],"published_time":"2025-12-09T18:15:57","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-62461","summary":"Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00106,"ranking_epss":0.28624,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62461"],"published_time":"2025-12-09T18:15:57","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-62462","summary":"Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00106,"ranking_epss":0.28624,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62462"],"published_time":"2025-12-09T18:15:57","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-62221","summary":"Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.03155,"ranking_epss":0.86925,"kev":true,"propose_action":"Microsoft Windows Cloud Files Mini Filter Driver contains a use after free vulnerability that can allow an authorized attacker to elevate privileges locally.","ransomware_campaign":"Unknown","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62221","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-62221"],"published_time":"2025-12-09T18:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-62454","summary":"Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00142,"ranking_epss":0.34466,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62454"],"published_time":"2025-12-09T18:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-62455","summary":"Improper input validation in Windows Message Queuing allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00076,"ranking_epss":0.22824,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62455"],"published_time":"2025-12-09T18:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-55233","summary":"Out-of-bounds read in Windows Projected File System allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00106,"ranking_epss":0.28624,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55233"],"published_time":"2025-12-09T18:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59516","summary":"Missing authentication for critical function in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00264,"ranking_epss":0.49947,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59516"],"published_time":"2025-12-09T18:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59517","summary":"Improper access control in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00131,"ranking_epss":0.32574,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59517"],"published_time":"2025-12-09T18:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-54100","summary":"Improper neutralization of special elements used in a command ('command injection') in Windows PowerShell allows an unauthorized attacker to execute code locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00352,"ranking_epss":0.57656,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54100","https://www.vicarius.io/vsociety/posts/cve-2025-54100-detect-powershell-vulnerability","https://www.vicarius.io/vsociety/posts/cve-2025-54100-mitigate-powershell-vulnerability"],"published_time":"2025-12-09T18:15:53","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-62452","summary":"Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.","cvss":8.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.0,"cvss_v4":null,"epss":0.00051,"ranking_epss":0.15717,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62452"],"published_time":"2025-11-11T18:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-62217","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07379,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62217"],"published_time":"2025-11-11T18:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-62218","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07379,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62218"],"published_time":"2025-11-11T18:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-62219","summary":"Double free in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07379,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62219"],"published_time":"2025-11-11T18:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-62209","summary":"Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00055,"ranking_epss":0.17085,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62209"],"published_time":"2025-11-11T18:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-62213","summary":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00048,"ranking_epss":0.14805,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62213"],"published_time":"2025-11-11T18:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-62215","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.02374,"ranking_epss":0.84989,"kev":true,"propose_action":"Microsoft Windows Kernel contains a race condition vulnerability that allows a local attacker with low-level privileges to escalate privileges. Successful exploitation of this vulnerability could enable the attacker to gain SYSTEM-level access.","ransomware_campaign":"Unknown","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62215","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-62215"],"published_time":"2025-11-11T18:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-62208","summary":"Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00055,"ranking_epss":0.17085,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62208"],"published_time":"2025-11-11T18:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-60724","summary":"Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00144,"ranking_epss":0.34695,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60724"],"published_time":"2025-11-11T18:15:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-60719","summary":"Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00048,"ranking_epss":0.14805,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60719"],"published_time":"2025-11-11T18:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-60720","summary":"Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.15177,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60720"],"published_time":"2025-11-11T18:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-60723","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to deny service over a network.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00043,"ranking_epss":0.12971,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60723"],"published_time":"2025-11-11T18:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-60714","summary":"Heap-based buffer overflow in Windows OLE allows an unauthorized attacker to execute code locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.14958,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60714"],"published_time":"2025-11-11T18:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-60715","summary":"Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.","cvss":8.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.0,"cvss_v4":null,"epss":0.00051,"ranking_epss":0.15717,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60715"],"published_time":"2025-11-11T18:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-60716","summary":"Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00034,"ranking_epss":0.09992,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60716"],"published_time":"2025-11-11T18:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-60717","summary":"Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00034,"ranking_epss":0.09992,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60717"],"published_time":"2025-11-11T18:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-60704","summary":"Missing cryptographic step in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00038,"ranking_epss":0.1126,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60704"],"published_time":"2025-11-11T18:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-60705","summary":"Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00064,"ranking_epss":0.19985,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60705"],"published_time":"2025-11-11T18:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-60706","summary":"Out-of-bounds read in Windows Hyper-V allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12005,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60706"],"published_time":"2025-11-11T18:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-60707","summary":"Use after free in Multimedia Class Scheduler Service (MMCSS) allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00057,"ranking_epss":0.17663,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60707","https://www.vicarius.io/vsociety/posts/cve-2025-60707-detection-script-eop-vulnerability-in-multimedia-class-scheduler-service-by-microsoft","https://www.vicarius.io/vsociety/posts/cve-2025-60707-mitigation-script-eop-vulnerability-in-multimedia-class-scheduler-service-by-microsoft"],"published_time":"2025-11-11T18:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-60708","summary":"Untrusted pointer dereference in Storvsp.sys Driver allows an authorized attacker to deny service locally.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00042,"ranking_epss":0.12775,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60708"],"published_time":"2025-11-11T18:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-60709","summary":"Out-of-bounds read in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.15177,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60709"],"published_time":"2025-11-11T18:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59511","summary":"External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.001,"ranking_epss":0.27586,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59511"],"published_time":"2025-11-11T18:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59512","summary":"Improper access control in Customer Experience Improvement Program (CEIP) allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00074,"ranking_epss":0.22343,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59512","https://www.vicarius.io/vsociety/posts/cve-2025-59512-detection-script-eop-vulnerability-affecting-ceip-by-microsoft","https://www.vicarius.io/vsociety/posts/cve-2025-59512-mitigation-script-eop-vulnerability-affecting-ceip-by-microsoft"],"published_time":"2025-11-11T18:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59513","summary":"Out-of-bounds read in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12005,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59513"],"published_time":"2025-11-11T18:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59514","summary":"Improper privilege management in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00045,"ranking_epss":0.13825,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59514"],"published_time":"2025-11-11T18:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59515","summary":"Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00034,"ranking_epss":0.09992,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59515"],"published_time":"2025-11-11T18:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-60703","summary":"Untrusted pointer dereference in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.15177,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60703"],"published_time":"2025-11-11T18:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59505","summary":"Double free in Windows Smart Card allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.15177,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59505"],"published_time":"2025-11-11T18:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59506","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07379,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59506"],"published_time":"2025-11-11T18:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59507","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07379,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59507"],"published_time":"2025-11-11T18:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59508","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07379,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59508"],"published_time":"2025-11-11T18:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59509","summary":"Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00055,"ranking_epss":0.17085,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59509"],"published_time":"2025-11-11T18:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59510","summary":"Improper link resolution before file access ('link following') in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to deny service locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00047,"ranking_epss":0.14309,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59510"],"published_time":"2025-11-11T18:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59502","summary":"Uncontrolled resource consumption in Windows Remote Procedure Call allows an unauthorized attacker to deny service over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.08669,"ranking_epss":0.9247,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59502"],"published_time":"2025-10-14T17:16:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59289","summary":"Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.11858,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59289"],"published_time":"2025-10-14T17:16:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59290","summary":"Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00057,"ranking_epss":0.17749,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59290"],"published_time":"2025-10-14T17:16:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59294","summary":"Exposure of sensitive information to an unauthorized actor in Windows Taskbar Live allows an unauthorized attacker to disclose information with a physical attack.","cvss":2.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.1,"cvss_v4":null,"epss":0.00054,"ranking_epss":0.16834,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59294"],"published_time":"2025-10-14T17:16:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59295","summary":"Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker to execute code over a network.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00353,"ranking_epss":0.57713,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59295"],"published_time":"2025-10-14T17:16:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59282","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Inbox COM Objects allows an unauthorized attacker to execute code locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00379,"ranking_epss":0.59471,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59282","https://www.vicarius.io/vsociety/posts/cve-2025-59282-detection-script-race-condition-in-microsoft-inbox-com-objects","https://www.vicarius.io/vsociety/posts/cve-2025-59282-mitigation-script-race-condition-in-microsoft-inbox-com-objects"],"published_time":"2025-10-14T17:16:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59278","summary":"Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00089,"ranking_epss":0.2536,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59278"],"published_time":"2025-10-14T17:16:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59280","summary":"Improper authentication in Windows SMB Client allows an unauthorized attacker to perform tampering over a network.","cvss":3.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.1,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.11496,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59280"],"published_time":"2025-10-14T17:16:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59275","summary":"Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00086,"ranking_epss":0.24801,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59275"],"published_time":"2025-10-14T17:16:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59277","summary":"Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00089,"ranking_epss":0.2536,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59277"],"published_time":"2025-10-14T17:16:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59259","summary":"Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00207,"ranking_epss":0.43108,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59259"],"published_time":"2025-10-14T17:16:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59253","summary":"Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny service locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00047,"ranking_epss":0.14215,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59253"],"published_time":"2025-10-14T17:16:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59254","summary":"Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00602,"ranking_epss":0.6956,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59254"],"published_time":"2025-10-14T17:16:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59255","summary":"Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00057,"ranking_epss":0.17749,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59255"],"published_time":"2025-10-14T17:16:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59242","summary":"Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00078,"ranking_epss":0.23231,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59242"],"published_time":"2025-10-14T17:16:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59244","summary":"External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00078,"ranking_epss":0.2328,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59244"],"published_time":"2025-10-14T17:16:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59230","summary":"Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.03724,"ranking_epss":0.88,"kev":true,"propose_action":"Microsoft Windows contains an improper access control vulnerability in Windows Remote Access Connection Manager which could allow an authorized attacker to elevate privileges locally.","ransomware_campaign":"Unknown","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59230","https://www.vicarius.io/vsociety/posts/cve-2025-59230-detection-script-elevation-of-privilege-vulnerability-affecting-windows-rasman","https://www.vicarius.io/vsociety/posts/cve-2025-59230-mitigation-script-elevation-of-privilege-vulnerability-affecting-windows-rasman","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-59230"],"published_time":"2025-10-14T17:16:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59214","summary":"Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00133,"ranking_epss":0.32819,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59214","https://cymulate.com/blog/ntlm-leak-cve-2025-59214/","https://github.com/rubenformation/CVE-2025-50154/","https://www.vicarius.io/vsociety/posts/cve-2025-59214-detection-script-windows-file-explorer-spoofing-vulnerability","https://www.vicarius.io/vsociety/posts/cve-2025-59214-mitigation-script-windows-file-explorer-spoofing-vulnerability"],"published_time":"2025-10-14T17:16:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59209","summary":"Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00065,"ranking_epss":0.20268,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59209"],"published_time":"2025-10-14T17:16:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59211","summary":"Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00065,"ranking_epss":0.20268,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59211"],"published_time":"2025-10-14T17:16:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59203","summary":"Insertion of sensitive information into log file in Windows StateRepository API allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00065,"ranking_epss":0.20268,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59203"],"published_time":"2025-10-14T17:16:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59204","summary":"Use of uninitialized resource in Windows Management Services allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00121,"ranking_epss":0.31142,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59204"],"published_time":"2025-10-14T17:16:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59205","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00032,"ranking_epss":0.09026,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59205"],"published_time":"2025-10-14T17:16:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59207","summary":"Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00086,"ranking_epss":0.24801,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59207"],"published_time":"2025-10-14T17:16:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59208","summary":"Out-of-bounds read in Windows MapUrlToZone allows an unauthorized attacker to disclose information over a network.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00044,"ranking_epss":0.13244,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59208"],"published_time":"2025-10-14T17:16:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59198","summary":"Improper input validation in Microsoft Windows Search Component allows an authorized attacker to deny service locally.","cvss":5.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.0,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.19134,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59198"],"published_time":"2025-10-14T17:15:59","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59199","summary":"Improper access control in Software Protection Platform (SPP) allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00077,"ranking_epss":0.22983,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59199"],"published_time":"2025-10-14T17:15:59","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59200","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Data Sharing Service Client allows an unauthorized attacker to perform spoofing locally.","cvss":7.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.7,"cvss_v4":null,"epss":0.00054,"ranking_epss":0.16812,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59200"],"published_time":"2025-10-14T17:15:59","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59201","summary":"Improper access control in Network Connection Status Indicator (NCSI) allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00054,"ranking_epss":0.17007,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59201"],"published_time":"2025-10-14T17:15:59","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59202","summary":"Use after free in Windows Remote Desktop Services allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.11858,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59202"],"published_time":"2025-10-14T17:15:59","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59192","summary":"Buffer over-read in Storport.sys Driver allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00057,"ranking_epss":0.17749,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59192"],"published_time":"2025-10-14T17:15:58","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59193","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00032,"ranking_epss":0.09026,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59193"],"published_time":"2025-10-14T17:15:58","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59195","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to deny service locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08628,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59195"],"published_time":"2025-10-14T17:15:58","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59196","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08628,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59196"],"published_time":"2025-10-14T17:15:58","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59197","summary":"Insertion of sensitive information into log file in Windows ETL Channel allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00065,"ranking_epss":0.20268,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59197"],"published_time":"2025-10-14T17:15:58","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59187","summary":"Improper input validation in Windows Kernel allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00086,"ranking_epss":0.24801,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59187"],"published_time":"2025-10-14T17:15:57","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59190","summary":"Improper input validation in Microsoft Windows Search Component allows an unauthorized attacker to deny service locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00062,"ranking_epss":0.19264,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59190"],"published_time":"2025-10-14T17:15:57","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59191","summary":"Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00057,"ranking_epss":0.17749,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59191"],"published_time":"2025-10-14T17:15:57","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-58738","summary":"Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00052,"ranking_epss":0.16178,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58738"],"published_time":"2025-10-14T17:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-58739","summary":"Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00076,"ranking_epss":0.22789,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58739"],"published_time":"2025-10-14T17:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59185","summary":"External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00078,"ranking_epss":0.2328,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59185"],"published_time":"2025-10-14T17:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-58732","summary":"Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00052,"ranking_epss":0.16178,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58732"],"published_time":"2025-10-14T17:15:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-58733","summary":"Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00052,"ranking_epss":0.16178,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58733"],"published_time":"2025-10-14T17:15:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-58734","summary":"Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00052,"ranking_epss":0.16178,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58734"],"published_time":"2025-10-14T17:15:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-58735","summary":"Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00052,"ranking_epss":0.16178,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58735"],"published_time":"2025-10-14T17:15:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-58736","summary":"Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00052,"ranking_epss":0.16178,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58736"],"published_time":"2025-10-14T17:15:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-58726","summary":"Improper access control in Windows SMB Server allows an authorized attacker to elevate privileges over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00143,"ranking_epss":0.34655,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58726","https://www.vicarius.io/vsociety/posts/cve-2025-58726-detection-script-improper-access-control-affecting-smb-server-by-microsoft","https://www.vicarius.io/vsociety/posts/cve-2025-58726-mitigation-script-improper-access-control-affecting-smb-server-by-microsoft"],"published_time":"2025-10-14T17:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-58727","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00032,"ranking_epss":0.09026,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58727"],"published_time":"2025-10-14T17:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-58728","summary":"Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00057,"ranking_epss":0.17749,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58728"],"published_time":"2025-10-14T17:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-58729","summary":"Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00207,"ranking_epss":0.43108,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58729"],"published_time":"2025-10-14T17:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-58730","summary":"Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00052,"ranking_epss":0.16178,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58730"],"published_time":"2025-10-14T17:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-58718","summary":"Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00059,"ranking_epss":0.18464,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58718"],"published_time":"2025-10-14T17:15:53","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-58719","summary":"Use after free in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.","cvss":4.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.7,"cvss_v4":null,"epss":0.00034,"ranking_epss":0.09724,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58719"],"published_time":"2025-10-14T17:15:53","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-58720","summary":"Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00032,"ranking_epss":0.08959,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58720"],"published_time":"2025-10-14T17:15:53","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-58722","summary":"Heap-based buffer overflow in Windows DWM allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0008,"ranking_epss":0.23724,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58722"],"published_time":"2025-10-14T17:15:53","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-58725","summary":"Heap-based buffer overflow in Windows COM allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.11858,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58725"],"published_time":"2025-10-14T17:15:53","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-55700","summary":"Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00048,"ranking_epss":0.14564,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55700"],"published_time":"2025-10-14T17:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-55701","summary":"Improper validation of specified type of input in Microsoft Windows allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00089,"ranking_epss":0.2536,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55701"],"published_time":"2025-10-14T17:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-58714","summary":"Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00054,"ranking_epss":0.17007,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58714"],"published_time":"2025-10-14T17:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-58715","summary":"Integer overflow or wraparound in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00081,"ranking_epss":0.23865,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58715"],"published_time":"2025-10-14T17:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-58716","summary":"Improper input validation in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00089,"ranking_epss":0.2536,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58716"],"published_time":"2025-10-14T17:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-58717","summary":"Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00048,"ranking_epss":0.14564,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58717"],"published_time":"2025-10-14T17:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-55695","summary":"Out-of-bounds read in Windows WLAN Auto Config Service allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00044,"ranking_epss":0.13302,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55695"],"published_time":"2025-10-14T17:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-55696","summary":"Time-of-check time-of-use (toctou) race condition in NtQueryInformation Token function (ntifs.h) allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.08582,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55696"],"published_time":"2025-10-14T17:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-55699","summary":"Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00065,"ranking_epss":0.20268,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55699"],"published_time":"2025-10-14T17:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-55689","summary":"Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.11858,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55689"],"published_time":"2025-10-14T17:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-55692","summary":"Improper input validation in Windows Error Reporting allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00127,"ranking_epss":0.31985,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55692"],"published_time":"2025-10-14T17:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-55685","summary":"Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.11858,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55685"],"published_time":"2025-10-14T17:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-55686","summary":"Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.11858,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55686"],"published_time":"2025-10-14T17:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-55687","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Resilient File System (ReFS) allows an unauthorized attacker to elevate privileges locally.","cvss":7.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.4,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08628,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55687"],"published_time":"2025-10-14T17:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-55678","summary":"Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.11858,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55678"],"published_time":"2025-10-14T17:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-55679","summary":"Improper input validation in Windows Kernel allows an unauthorized attacker to disclose information locally.","cvss":5.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.1,"cvss_v4":null,"epss":0.00069,"ranking_epss":0.21152,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55679"],"published_time":"2025-10-14T17:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-55680","summary":"Time-of-check time-of-use (toctou) race condition in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00032,"ranking_epss":0.08989,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55680"],"published_time":"2025-10-14T17:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-55681","summary":"Out-of-bounds read in Windows DWM allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00056,"ranking_epss":0.174,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55681"],"published_time":"2025-10-14T17:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-55338","summary":"Missing Ability to Patch ROM Code in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","cvss":6.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00344,"ranking_epss":0.57035,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55338"],"published_time":"2025-10-14T17:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-55340","summary":"Improper authentication in Windows Remote Desktop Protocol allows an authorized attacker to bypass a security feature locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00038,"ranking_epss":0.1121,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55340"],"published_time":"2025-10-14T17:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-55331","summary":"Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.11858,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55331"],"published_time":"2025-10-14T17:15:46","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-55332","summary":"Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","cvss":6.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.0655,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55332"],"published_time":"2025-10-14T17:15:46","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-55333","summary":"Incomplete comparison with missing factors in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","cvss":6.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.18959,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55333"],"published_time":"2025-10-14T17:15:46","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-55335","summary":"Use after free in Windows NTFS allows an unauthorized attacker to elevate privileges locally.","cvss":7.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.4,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08628,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55335"],"published_time":"2025-10-14T17:15:46","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-55336","summary":"Exposure of sensitive information to an unauthorized actor in Windows Cloud Files Mini Filter Driver allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00065,"ranking_epss":0.20268,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55336"],"published_time":"2025-10-14T17:15:46","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-55325","summary":"Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.18823,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55325"],"published_time":"2025-10-14T17:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-55326","summary":"Use after free in Connected Devices Platform Service (Cdpsvc) allows an unauthorized attacker to execute code over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00064,"ranking_epss":0.19899,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55326"],"published_time":"2025-10-14T17:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-55328","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00032,"ranking_epss":0.08989,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55328"],"published_time":"2025-10-14T17:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-55248","summary":"Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.","cvss":4.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.8,"cvss_v4":null,"epss":0.00029,"ranking_epss":0.08003,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55248"],"published_time":"2025-10-14T17:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-50175","summary":"Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00057,"ranking_epss":0.17749,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50175"],"published_time":"2025-10-14T17:15:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-53139","summary":"Cleartext transmission of sensitive information in Windows Hello allows an unauthorized attacker to bypass a security feature locally.","cvss":7.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.7,"cvss_v4":null,"epss":0.00029,"ranking_epss":0.08075,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53139"],"published_time":"2025-10-14T17:15:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-53150","summary":"Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00044,"ranking_epss":0.13372,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53150"],"published_time":"2025-10-14T17:15:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-53768","summary":"Use after free in Xbox allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00044,"ranking_epss":0.13372,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53768"],"published_time":"2025-10-14T17:15:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48813","summary":"Use of a key past its expiration date in Virtual Secure Mode allows an authorized attacker to perform spoofing locally.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05338,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48813"],"published_time":"2025-10-14T17:15:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-49708","summary":"Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges over a network.","cvss":9.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.9,"cvss_v4":null,"epss":0.00089,"ranking_epss":0.2532,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49708"],"published_time":"2025-10-14T17:15:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-50152","summary":"Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00057,"ranking_epss":0.17749,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50152"],"published_time":"2025-10-14T17:15:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24990","summary":"Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems.  This is an announcement of the upcoming removal of ltmdm64.sys driver.  The driver has been removed in the October cumulative update.\nFax modem hardware dependent on this specific driver will no longer work on Windows.\nMicrosoft recommends removing any existing dependencies on this hardware.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.03896,"ranking_epss":0.88286,"kev":true,"propose_action":"Microsoft Windows Agere Modem Driver contains an untrusted pointer dereference vulnerability that allows for privilege escalation. An attacker who successfully exploited this vulnerability could gain administrator privileges.","ransomware_campaign":"Unknown","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24990","https://www.vicarius.io/vsociety/posts/cve-2025-24990-detection-script-elevation-of-privilege-vulnerability-in-agere-modem-driver-affecting-windows","https://www.vicarius.io/vsociety/posts/cve-2025-24990-mitigation-script-elevation-of-privilege-vulnerability-in-agere-modem-driver-affecting-windows","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24990"],"published_time":"2025-10-14T17:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-25004","summary":"Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"cvss_v4":null,"epss":0.00044,"ranking_epss":0.13269,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-25004"],"published_time":"2025-10-14T17:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24052","summary":"Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems.  This is an announcement of the upcoming removal of ltmdm64.sys driver.  The driver has been removed in the October cumulative update.\nFax modem hardware dependent on this specific driver will no longer work on Windows.\nMicrosoft recommends removing any existing dependencies on this hardware.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0008,"ranking_epss":0.23724,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24052"],"published_time":"2025-10-14T17:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-59220","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05694,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59220"],"published_time":"2025-09-18T22:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-55228","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.11808,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55228"],"published_time":"2025-09-09T17:16:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-55234","summary":"SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks.\nThe SMB Server already supports mechanisms for hardening against relay attacks:\n\nSMB Server signing\nSMB Server Extended Protection for Authentication (EPA)\n\nMicrosoft is releasing this CVE to provide customers with audit capabilities to help them to assess their environment and to identify any potential device or software incompatibility issues before deploying SMB Server hardening measures that protect against relay attacks.\nIf you have not already enabled SMB Server hardening measures, we advise customers to take the following actions to be protected from these relay attacks:\n\nAssess your environment by utilizing the audit capabilities that we are exposing in the September 2025 security updates.  See Support for Audit Events to deploy SMB Server Hardening—SMB Server Signing & SMB Server EPA.\nAdopt appropriate SMB Server hardening measures.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00293,"ranking_epss":0.52717,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55234","https://www.vicarius.io/vsociety/posts/cve-2025-55234-detection-script-smb-server-vulnerability-affecting-microsoft-systems","https://www.vicarius.io/vsociety/posts/cve-2025-55234-mitigation-script-smb-server-vulnerability-affecting-microsoft-systems"],"published_time":"2025-09-09T17:16:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-55236","summary":"Time-of-check time-of-use (toctou) race condition in Graphics Kernel allows an authorized attacker to execute code locally.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"cvss_v4":null,"epss":0.00111,"ranking_epss":0.29539,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55236"],"published_time":"2025-09-09T17:16:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-55224","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.11808,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55224"],"published_time":"2025-09-09T17:16:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-55226","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to execute code locally.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05592,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55226"],"published_time":"2025-09-09T17:16:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-54916","summary":"Stack-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00104,"ranking_epss":0.28313,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54916"],"published_time":"2025-09-09T17:16:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-54917","summary":"Protection mechanism failure in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00054,"ranking_epss":0.16898,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54917"],"published_time":"2025-09-09T17:16:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-54918","summary":"Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00189,"ranking_epss":0.40754,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54918"],"published_time":"2025-09-09T17:16:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-54919","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00044,"ranking_epss":0.13267,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54919"],"published_time":"2025-09-09T17:16:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-55223","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.11808,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55223"],"published_time":"2025-09-09T17:16:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-54911","summary":"Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"cvss_v4":null,"epss":0.00072,"ranking_epss":0.21895,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54911"],"published_time":"2025-09-09T17:16:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-54912","summary":"Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00073,"ranking_epss":0.22197,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54912"],"published_time":"2025-09-09T17:16:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-54913","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows UI XAML Maps MapControlSettings allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.11808,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54913"],"published_time":"2025-09-09T17:16:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-54915","summary":"Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"cvss_v4":null,"epss":0.00228,"ranking_epss":0.45596,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54915"],"published_time":"2025-09-09T17:16:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-54895","summary":"Integer overflow or wraparound in Windows SPNEGO Extended Negotiation allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00074,"ranking_epss":0.22336,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54895"],"published_time":"2025-09-09T17:16:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-54894","summary":"Local Security Authority Subsystem Service Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00096,"ranking_epss":0.26542,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54894"],"published_time":"2025-09-09T17:15:59","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-54114","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00052,"ranking_epss":0.16108,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54114"],"published_time":"2025-09-09T17:15:57","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-54115","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00116,"ranking_epss":0.30312,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54115","https://www.vicarius.io/vsociety/posts/cve-2025-54115-detection-script-privilege-elevation-vulnerability-in-windows-hyper-v","https://www.vicarius.io/vsociety/posts/cve-2025-54115-mitigation-script-privilege-elevation-vulnerability-in-windows-hyper-v"],"published_time":"2025-09-09T17:15:57","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-54116","summary":"Improper access control in Windows MultiPoint Services allows an authorized attacker to elevate privileges locally.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"cvss_v4":null,"epss":0.00074,"ranking_epss":0.22361,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54116"],"published_time":"2025-09-09T17:15:57","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-54109","summary":"Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"cvss_v4":null,"epss":0.00291,"ranking_epss":0.5255,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54109"],"published_time":"2025-09-09T17:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-54110","summary":"Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges locally.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00069,"ranking_epss":0.21156,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54110"],"published_time":"2025-09-09T17:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-54111","summary":"Use after free in Windows UI XAML Phone DatePickerFlyout allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00067,"ranking_epss":0.20612,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54111"],"published_time":"2025-09-09T17:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-54112","summary":"Use after free in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00067,"ranking_epss":0.20612,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54112"],"published_time":"2025-09-09T17:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-54103","summary":"Use after free in Windows Management Services allows an unauthorized attacker to elevate privileges locally.","cvss":7.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.4,"cvss_v4":null,"epss":0.00067,"ranking_epss":0.20747,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54103"],"published_time":"2025-09-09T17:15:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-54104","summary":"Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"cvss_v4":null,"epss":0.00291,"ranking_epss":0.5255,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54104"],"published_time":"2025-09-09T17:15:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-54107","summary":"Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00072,"ranking_epss":0.21909,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54107"],"published_time":"2025-09-09T17:15:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-54098","summary":"Improper access control in Windows Hyper-V allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0013,"ranking_epss":0.32505,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54098"],"published_time":"2025-09-09T17:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-54099","summary":"Stack-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00067,"ranking_epss":0.20612,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54099"],"published_time":"2025-09-09T17:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-54101","summary":"Use after free in Windows SMBv3 Client allows an authorized attacker to execute code over a network.","cvss":4.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.8,"cvss_v4":null,"epss":0.00179,"ranking_epss":0.39573,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54101","https://www.vicarius.io/vsociety/posts/cve-2025-54101-detection-script-remote-code-execution-vulnerability-affecting-windows-smbv3","https://www.vicarius.io/vsociety/posts/cve-2025-54101-mitigation-script-remote-code-execution-vulnerability-affecting-windows-smbv3"],"published_time":"2025-09-09T17:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-54102","summary":"Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00096,"ranking_epss":0.26542,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54102"],"published_time":"2025-09-09T17:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-54094","summary":"Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"cvss_v4":null,"epss":0.00291,"ranking_epss":0.5255,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54094"],"published_time":"2025-09-09T17:15:53","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-53810","summary":"Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"cvss_v4":null,"epss":0.00291,"ranking_epss":0.5255,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53810"],"published_time":"2025-09-09T17:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-54091","summary":"Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00132,"ranking_epss":0.32749,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54091"],"published_time":"2025-09-09T17:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-54092","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00074,"ranking_epss":0.22487,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54092"],"published_time":"2025-09-09T17:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-54093","summary":"Time-of-check time-of-use (toctou) race condition in Windows TCP/IP allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00054,"ranking_epss":0.16763,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54093"],"published_time":"2025-09-09T17:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-53804","summary":"Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00105,"ranking_epss":0.28556,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53804"],"published_time":"2025-09-09T17:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-53807","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00052,"ranking_epss":0.16108,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53807"],"published_time":"2025-09-09T17:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-53808","summary":"Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"cvss_v4":null,"epss":0.00291,"ranking_epss":0.5255,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53808"],"published_time":"2025-09-09T17:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-53799","summary":"Use of uninitialized resource in Windows Imaging Component allows an unauthorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00126,"ranking_epss":0.31919,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53799"],"published_time":"2025-09-09T17:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-53800","summary":"No cwe for this issue in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00254,"ranking_epss":0.48738,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53800"],"published_time":"2025-09-09T17:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-53801","summary":"Untrusted pointer dereference in Windows DWM allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00096,"ranking_epss":0.26542,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53801"],"published_time":"2025-09-09T17:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-53802","summary":"Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00067,"ranking_epss":0.20612,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53802"],"published_time":"2025-09-09T17:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-53803","summary":"Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00105,"ranking_epss":0.28556,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53803"],"published_time":"2025-09-09T17:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-49734","summary":"Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00056,"ranking_epss":0.1747,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49734"],"published_time":"2025-09-09T17:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-55229","summary":"Improper verification of cryptographic signature in Windows Certificates allows an unauthorized attacker to perform spoofing over a network.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00064,"ranking_epss":0.1994,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55229"],"published_time":"2025-08-21T20:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-55230","summary":"Untrusted pointer dereference in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00095,"ranking_epss":0.2632,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55230"],"published_time":"2025-08-21T20:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-53789","summary":"Missing authentication for critical function in Windows StateRepository API allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00071,"ranking_epss":0.216,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53789"],"published_time":"2025-08-12T18:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-53778","summary":"Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00319,"ranking_epss":0.54975,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53778","https://www.vicarius.io/vsociety/posts/cve-2025-53778-detection-script-improper-authentication-vulnerability-affecting-windows-ntlm","https://www.vicarius.io/vsociety/posts/cve-2025-53778-mitigation-script-improper-authentication-vulnerability-affecting-windows-ntlm"],"published_time":"2025-08-12T18:15:46","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-53766","summary":"Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00554,"ranking_epss":0.6813,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53766"],"published_time":"2025-08-12T18:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-53726","summary":"Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00148,"ranking_epss":0.35317,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53726"],"published_time":"2025-08-12T18:15:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-53721","summary":"Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00051,"ranking_epss":0.15822,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53721"],"published_time":"2025-08-12T18:15:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-53722","summary":"Uncontrolled resource consumption in Windows Remote Desktop Services allows an unauthorized attacker to deny service over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.07901,"ranking_epss":0.92044,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53722"],"published_time":"2025-08-12T18:15:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-53723","summary":"Numeric truncation error in Windows Hyper-V allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00125,"ranking_epss":0.31792,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53723"],"published_time":"2025-08-12T18:15:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-53724","summary":"Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00148,"ranking_epss":0.35317,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53724"],"published_time":"2025-08-12T18:15:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-53725","summary":"Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00148,"ranking_epss":0.35317,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53725"],"published_time":"2025-08-12T18:15:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-53154","summary":"Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00077,"ranking_epss":0.22898,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53154"],"published_time":"2025-08-12T18:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-53155","summary":"Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00074,"ranking_epss":0.22336,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53155"],"published_time":"2025-08-12T18:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-53716","summary":"Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to deny service over a network.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00316,"ranking_epss":0.54743,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53716"],"published_time":"2025-08-12T18:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-53718","summary":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00051,"ranking_epss":0.15822,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53718"],"published_time":"2025-08-12T18:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-53147","summary":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00051,"ranking_epss":0.15822,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53147"],"published_time":"2025-08-12T18:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-53149","summary":"Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00514,"ranking_epss":0.66603,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53149","https://www.crowdfense.com/cve-2025-53149-windows-ksthunk-heap-overflow/"],"published_time":"2025-08-12T18:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-53151","summary":"Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00074,"ranking_epss":0.22336,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53151"],"published_time":"2025-08-12T18:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-53152","summary":"Use after free in Desktop Windows Manager allows an authorized attacker to execute code locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00074,"ranking_epss":0.22336,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53152"],"published_time":"2025-08-12T18:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-53140","summary":"Use after free in Kernel Transaction Manager allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00051,"ranking_epss":0.15822,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53140"],"published_time":"2025-08-12T18:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-53141","summary":"Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00077,"ranking_epss":0.22898,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53141"],"published_time":"2025-08-12T18:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-53143","summary":"Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0235,"ranking_epss":0.84921,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53143"],"published_time":"2025-08-12T18:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-53144","summary":"Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0312,"ranking_epss":0.86862,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53144"],"published_time":"2025-08-12T18:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-53145","summary":"Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0312,"ranking_epss":0.86862,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53145"],"published_time":"2025-08-12T18:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-53134","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00074,"ranking_epss":0.22407,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53134"],"published_time":"2025-08-12T18:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-53135","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00054,"ranking_epss":0.16873,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53135"],"published_time":"2025-08-12T18:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-53136","summary":"Exposure of sensitive information to an unauthorized actor in Windows NT OS Kernel allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00064,"ranking_epss":0.19975,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53136"],"published_time":"2025-08-12T18:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-53137","summary":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00067,"ranking_epss":0.207,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53137"],"published_time":"2025-08-12T18:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-50172","summary":"Allocation of resources without limits or throttling in Windows DirectX allows an authorized attacker to deny service over a network.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.118,"ranking_epss":0.93736,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50172"],"published_time":"2025-08-12T18:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-50173","summary":"Weak authentication in Windows Installer allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00177,"ranking_epss":0.39299,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50173"],"published_time":"2025-08-12T18:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-50177","summary":"Use after free in Windows Message Queuing allows an unauthorized attacker to execute code over a network.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00163,"ranking_epss":0.37245,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50177"],"published_time":"2025-08-12T18:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-53131","summary":"Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00108,"ranking_epss":0.2906,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53131"],"published_time":"2025-08-12T18:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-53132","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00075,"ranking_epss":0.22572,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53132"],"published_time":"2025-08-12T18:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-50170","summary":"Improper handling of insufficient permissions or privileges in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00093,"ranking_epss":0.25914,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50170"],"published_time":"2025-08-12T18:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-50166","summary":"Integer overflow or wraparound in Windows Distributed Transaction Coordinator allows an authorized attacker to disclose information over a network.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00259,"ranking_epss":0.49297,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50166"],"published_time":"2025-08-12T18:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-50167","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00052,"ranking_epss":0.16215,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50167"],"published_time":"2025-08-12T18:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-50161","summary":"Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"cvss_v4":null,"epss":0.00095,"ranking_epss":0.26311,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50161"],"published_time":"2025-08-12T18:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-50154","summary":"Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.15898,"ranking_epss":0.94764,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50154","https://cymulate.com/blog/zero-click-one-ntlm-microsoft-security-patch-bypass-cve-2025-50154/","https://github.com/rubenformation/CVE-2025-50154/","https://www.vicarius.io/vsociety/posts/cve-2025-50154-detection-script-zero-click-windows-file-explorer-spoofing-vulnerability","https://www.vicarius.io/vsociety/posts/cve-2025-50154-mitigation-script-zero-click-windows-file-explorer-spoofing-vulnerability"],"published_time":"2025-08-12T18:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-50155","summary":"Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00165,"ranking_epss":0.37526,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50155"],"published_time":"2025-08-12T18:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-50158","summary":"Time-of-check time-of-use (toctou) race condition in Windows NTFS allows an unauthorized attacker to disclose information locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00058,"ranking_epss":0.18132,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50158"],"published_time":"2025-08-12T18:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-50159","summary":"Use after free in Remote Access Point-to-Point Protocol (PPP) EAP-TLS allows an authorized attacker to elevate privileges locally.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"cvss_v4":null,"epss":0.00095,"ranking_epss":0.26311,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50159"],"published_time":"2025-08-12T18:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-49761","summary":"Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00097,"ranking_epss":0.26655,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49761"],"published_time":"2025-08-12T18:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-49762","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00054,"ranking_epss":0.16873,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49762"],"published_time":"2025-08-12T18:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-50153","summary":"Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00097,"ranking_epss":0.26655,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50153"],"published_time":"2025-08-12T18:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-49743","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"cvss_v4":null,"epss":0.00068,"ranking_epss":0.20835,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49743"],"published_time":"2025-08-12T18:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-49751","summary":"Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00204,"ranking_epss":0.42631,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49751"],"published_time":"2025-08-12T18:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48807","summary":"Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"cvss_v4":null,"epss":0.00068,"ranking_epss":0.21092,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48807"],"published_time":"2025-08-12T18:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-49760","summary":"External control of file name or path in Windows Storage allows an authorized attacker to perform spoofing over a network.","cvss":3.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.5,"cvss_v4":null,"epss":0.00438,"ranking_epss":0.63143,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49760"],"published_time":"2025-07-08T17:16:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-49740","summary":"Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00313,"ranking_epss":0.54494,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49740"],"published_time":"2025-07-08T17:16:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-49742","summary":"Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00473,"ranking_epss":0.64758,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49742"],"published_time":"2025-07-08T17:16:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-49744","summary":"Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.0181,"ranking_epss":0.82866,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49744"],"published_time":"2025-07-08T17:16:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-49733","summary":"Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00345,"ranking_epss":0.5712,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49733"],"published_time":"2025-07-08T17:16:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-49730","summary":"Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.02185,"ranking_epss":0.84389,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49730"],"published_time":"2025-07-08T17:16:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-49732","summary":"Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00345,"ranking_epss":0.5712,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49732"],"published_time":"2025-07-08T17:16:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-49723","summary":"Missing authorization in Windows StateRepository API allows an authorized attacker to perform tampering locally.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00219,"ranking_epss":0.44624,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49723"],"published_time":"2025-07-08T17:16:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-49724","summary":"Use after free in Windows Connected Devices Platform Service allows an unauthorized attacker to execute code over a network.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00698,"ranking_epss":0.72012,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49724"],"published_time":"2025-07-08T17:16:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-49725","summary":"Use after free in Windows Notification allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00345,"ranking_epss":0.5712,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49725"],"published_time":"2025-07-08T17:16:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-49726","summary":"Use after free in Windows Notification allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00345,"ranking_epss":0.5712,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49726"],"published_time":"2025-07-08T17:16:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-49727","summary":"Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00118,"ranking_epss":0.3073,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49727"],"published_time":"2025-07-08T17:16:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-49721","summary":"Heap-based buffer overflow in Windows Fast FAT Driver allows an unauthorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00247,"ranking_epss":0.48003,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49721"],"published_time":"2025-07-08T17:15:59","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-49722","summary":"Uncontrolled resource consumption in Windows Print Spooler Components allows an authorized attacker to deny service over an adjacent network.","cvss":5.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.7,"cvss_v4":null,"epss":0.00869,"ranking_epss":0.75225,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49722"],"published_time":"2025-07-08T17:15:59","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-49691","summary":"Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over an adjacent network.","cvss":8.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.0,"cvss_v4":null,"epss":0.00252,"ranking_epss":0.48593,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49691"],"published_time":"2025-07-08T17:15:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-49686","summary":"Null pointer dereference in Windows TCP/IP allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00468,"ranking_epss":0.64529,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49686"],"published_time":"2025-07-08T17:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-49687","summary":"Out-of-bounds read in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00255,"ranking_epss":0.48866,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49687"],"published_time":"2025-07-08T17:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-49689","summary":"Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00312,"ranking_epss":0.54454,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49689"],"published_time":"2025-07-08T17:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-49690","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an unauthorized attacker to elevate privileges locally.","cvss":7.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.4,"cvss_v4":null,"epss":0.00092,"ranking_epss":0.25893,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49690"],"published_time":"2025-07-08T17:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-49682","summary":"Use after free in Windows Media allows an authorized attacker to elevate privileges locally.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"cvss_v4":null,"epss":0.00245,"ranking_epss":0.47791,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49682"],"published_time":"2025-07-08T17:15:53","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-49683","summary":"Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execute code locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.01063,"ranking_epss":0.77696,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49683"],"published_time":"2025-07-08T17:15:53","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-49684","summary":"Buffer over-read in Storage Port Driver allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00327,"ranking_epss":0.55671,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49684"],"published_time":"2025-07-08T17:15:53","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-49685","summary":"Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00118,"ranking_epss":0.3073,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49685"],"published_time":"2025-07-08T17:15:53","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-49678","summary":"Null pointer dereference in Windows NTFS allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00124,"ranking_epss":0.31664,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49678"],"published_time":"2025-07-08T17:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-49679","summary":"Numeric truncation error in Windows Shell allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00523,"ranking_epss":0.66956,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49679"],"published_time":"2025-07-08T17:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-49680","summary":"Improper link resolution before file access ('link following') in Windows Performance Recorder allows an authorized attacker to deny service locally.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"cvss_v4":null,"epss":0.0027,"ranking_epss":0.50559,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49680"],"published_time":"2025-07-08T17:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-49675","summary":"Use after free in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00345,"ranking_epss":0.5712,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49675"],"published_time":"2025-07-08T17:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-49667","summary":"Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00415,"ranking_epss":0.61717,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49667"],"published_time":"2025-07-08T17:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-49664","summary":"Exposure of sensitive information to an unauthorized actor in Windows User-Mode Driver Framework Host allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00607,"ranking_epss":0.69724,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49664"],"published_time":"2025-07-08T17:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-49665","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Workspace Broker allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00267,"ranking_epss":0.50234,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49665"],"published_time":"2025-07-08T17:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-49658","summary":"Out-of-bounds read in Windows TDX.sys allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00327,"ranking_epss":0.55671,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49658"],"published_time":"2025-07-08T17:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-49659","summary":"Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00345,"ranking_epss":0.5712,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49659"],"published_time":"2025-07-08T17:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-49660","summary":"Use after free in Windows Event Tracing allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00345,"ranking_epss":0.5712,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49660"],"published_time":"2025-07-08T17:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-49661","summary":"Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00345,"ranking_epss":0.5712,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49661"],"published_time":"2025-07-08T17:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48821","summary":"Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00164,"ranking_epss":0.37327,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48821"],"published_time":"2025-07-08T17:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48822","summary":"Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.","cvss":8.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.6,"cvss_v4":null,"epss":0.00182,"ranking_epss":0.39975,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48822"],"published_time":"2025-07-08T17:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48823","summary":"Cryptographic issues in Windows Cryptographic Services allows an unauthorized attacker to disclose information over a network.","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00125,"ranking_epss":0.3168,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48823"],"published_time":"2025-07-08T17:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48818","summary":"Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00389,"ranking_epss":0.6003,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48818"],"published_time":"2025-07-08T17:15:46","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48819","summary":"Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00172,"ranking_epss":0.38551,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48819"],"published_time":"2025-07-08T17:15:46","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48820","summary":"Improper link resolution before file access ('link following') in Windows AppX Deployment Service allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00549,"ranking_epss":0.67968,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48820"],"published_time":"2025-07-08T17:15:46","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48814","summary":"Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an unauthorized attacker to bypass a security feature over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00921,"ranking_epss":0.76007,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48814"],"published_time":"2025-07-08T17:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48815","summary":"Access of resource using incompatible type ('type confusion') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00523,"ranking_epss":0.66956,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48815"],"published_time":"2025-07-08T17:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48816","summary":"Integer overflow or wraparound in HID class driver allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00473,"ranking_epss":0.64758,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48816"],"published_time":"2025-07-08T17:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48817","summary":"Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00199,"ranking_epss":0.41985,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48817"],"published_time":"2025-07-08T17:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48808","summary":"Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00607,"ranking_epss":0.69724,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48808"],"published_time":"2025-07-08T17:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48811","summary":"Missing support for integrity check in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"cvss_v4":null,"epss":0.00213,"ranking_epss":0.43917,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48811"],"published_time":"2025-07-08T17:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48803","summary":"Missing support for integrity check in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"cvss_v4":null,"epss":0.00213,"ranking_epss":0.43917,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48803"],"published_time":"2025-07-08T17:15:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48804","summary":"Acceptance of extraneous untrusted data with trusted data in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00229,"ranking_epss":0.45689,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48804"],"published_time":"2025-07-08T17:15:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48805","summary":"Heap-based buffer overflow in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00345,"ranking_epss":0.5712,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48805"],"published_time":"2025-07-08T17:15:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48806","summary":"Use after free in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00345,"ranking_epss":0.5712,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48806"],"published_time":"2025-07-08T17:15:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48001","summary":"Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00389,"ranking_epss":0.6003,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48001"],"published_time":"2025-07-08T17:15:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48003","summary":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00502,"ranking_epss":0.66097,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48003"],"published_time":"2025-07-08T17:15:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48799","summary":"Improper link resolution before file access ('link following') in Windows Update Service allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.01674,"ranking_epss":0.82177,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48799","https://www.vicarius.io/vsociety/posts/cve-2025-48799-detection-script-elevation-of-privilege-vulnerability-in-windows-update-service","https://www.vicarius.io/vsociety/posts/cve-2025-48799-mitigation-script-elevation-of-privilege-vulnerability-in-windows-update-service"],"published_time":"2025-07-08T17:15:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48800","summary":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00502,"ranking_epss":0.66097,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48800"],"published_time":"2025-07-08T17:15:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-47996","summary":"Integer underflow (wrap or wraparound) in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00473,"ranking_epss":0.64758,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47996"],"published_time":"2025-07-08T17:15:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-47999","summary":"Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00403,"ranking_epss":0.60957,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47999"],"published_time":"2025-07-08T17:15:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-48000","summary":"Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00267,"ranking_epss":0.50234,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48000"],"published_time":"2025-07-08T17:15:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-47987","summary":"Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00499,"ranking_epss":0.65973,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47987"],"published_time":"2025-07-08T17:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-47991","summary":"Use after free in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00118,"ranking_epss":0.3073,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47991"],"published_time":"2025-07-08T17:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-47982","summary":"Improper input validation in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00453,"ranking_epss":0.63823,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47982"],"published_time":"2025-07-08T17:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-47984","summary":"Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.02428,"ranking_epss":0.8517,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47984"],"published_time":"2025-07-08T17:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-47985","summary":"Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00345,"ranking_epss":0.5712,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47985"],"published_time":"2025-07-08T17:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-47986","summary":"Use after free in Universal Print Management Service allows an authorized attacker to elevate privileges locally.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00255,"ranking_epss":0.48866,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47986"],"published_time":"2025-07-08T17:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-47980","summary":"Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an unauthorized attacker to disclose information locally.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"cvss_v4":null,"epss":0.00612,"ranking_epss":0.69872,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47980"],"published_time":"2025-07-08T17:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-47981","summary":"Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.02038,"ranking_epss":0.83855,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47981","https://www.vicarius.io/vsociety/posts/cve-2025-47981-detection-script-heap-based-buffer-overflow-in-windows-spnego-extended-negotiation","https://www.vicarius.io/vsociety/posts/cve-2025-47981-mitigation-script-heap-based-buffer-overflow-in-windows-spnego-extended-negotiation"],"published_time":"2025-07-08T17:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-47971","summary":"Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00247,"ranking_epss":0.48003,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47971"],"published_time":"2025-07-08T17:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-47972","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges over a network.","cvss":8.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.0,"cvss_v4":null,"epss":0.00148,"ranking_epss":0.35367,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47972"],"published_time":"2025-07-08T17:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-47973","summary":"Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00247,"ranking_epss":0.48003,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47973"],"published_time":"2025-07-08T17:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-47975","summary":"Double free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00118,"ranking_epss":0.3073,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47975"],"published_time":"2025-07-08T17:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-47976","summary":"Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00345,"ranking_epss":0.5712,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47976"],"published_time":"2025-07-08T17:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-47159","summary":"Protection mechanism failure in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00468,"ranking_epss":0.64529,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47159"],"published_time":"2025-07-08T17:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-47955","summary":"Improper privilege management in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00554,"ranking_epss":0.68125,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47955"],"published_time":"2025-06-10T17:24:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-47160","summary":"Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.01494,"ranking_epss":0.81114,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47160"],"published_time":"2025-06-10T17:23:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-33075","summary":"Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.01168,"ranking_epss":0.7867,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33075"],"published_time":"2025-06-10T17:23:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-33073","summary":"Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.4924,"ranking_epss":0.9779,"kev":true,"propose_action":"Microsoft Windows SMB Client contains an improper access control vulnerability that could allow for privilege escalation. An attacker could execute a specially crafted malicious script to coerce the victim machine to connect back to the attack system using SMB and authenticate.","ransomware_campaign":"Unknown","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33073","https://www.vicarius.io/vsociety/posts/cve-2025-33073-detection-script-improper-access-control-in-windows-smb-affects-microsoft-products","https://www.vicarius.io/vsociety/posts/cve-2025-33073-mitigation-script-improper-access-control-in-windows-smb-affects-microsoft-products","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-33073"],"published_time":"2025-06-10T17:23:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-33070","summary":"Use of uninitialized resource in Windows Netlogon allows an unauthorized attacker to elevate privileges over a network.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00926,"ranking_epss":0.76083,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33070"],"published_time":"2025-06-10T17:22:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-33067","summary":"Improper privilege management in Windows Kernel allows an unauthorized attacker to elevate privileges locally.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"cvss_v4":null,"epss":0.00864,"ranking_epss":0.75142,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33067"],"published_time":"2025-06-10T17:22:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-33066","summary":"Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01338,"ranking_epss":0.8003,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33066"],"published_time":"2025-06-10T17:22:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-33065","summary":"Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00698,"ranking_epss":0.71989,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33065"],"published_time":"2025-06-10T17:22:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-33064","summary":"Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01988,"ranking_epss":0.83636,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33064"],"published_time":"2025-06-10T17:22:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-33063","summary":"Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00698,"ranking_epss":0.71989,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33063"],"published_time":"2025-06-10T17:22:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-33062","summary":"Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00698,"ranking_epss":0.71989,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33062"],"published_time":"2025-06-10T17:22:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-33061","summary":"Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00698,"ranking_epss":0.71989,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33061"],"published_time":"2025-06-10T17:22:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-33060","summary":"Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00698,"ranking_epss":0.71989,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33060"],"published_time":"2025-06-10T17:22:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-33059","summary":"Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00698,"ranking_epss":0.71989,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33059"],"published_time":"2025-06-10T17:22:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-33058","summary":"Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00698,"ranking_epss":0.71989,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33058"],"published_time":"2025-06-10T17:22:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-33057","summary":"Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.06983,"ranking_epss":0.91475,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33057"],"published_time":"2025-06-10T17:22:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-33056","summary":"Improper access control in Microsoft Local Security Authority Server (lsasrv) allows an unauthorized attacker to deny service over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.03776,"ranking_epss":0.88067,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33056"],"published_time":"2025-06-10T17:22:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-33055","summary":"Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00698,"ranking_epss":0.71989,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33055"],"published_time":"2025-06-10T17:22:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-33053","summary":"External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.50282,"ranking_epss":0.97849,"kev":true,"propose_action":"Microsoft Windows contains an external control of file name or path vulnerability that could allow an attacker to execute code from a remote WebDAV location specified by the WorkingDirectory attribute of Internet Shortcut files.","ransomware_campaign":"Unknown","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33053","https://research.checkpoint.com/2025/stealth-falcon-zero-day/","https://therecord.media/microsoft-cisa-zero-day-turkish-defense-org","https://www.bleepingcomputer.com/news/security/stealth-falcon-hackers-exploited-windows-webdav-zero-day-to-drop-malware/","https://www.darkreading.com/vulnerabilities-threats/stealth-falcon-apt-exploits-microsoft-rce-zero-day-mideast","https://www.theregister.com/2025/06/10/microsoft_patch_tuesday_june/","https://www.vicarius.io/vsociety/posts/cve-2025-33053-detection-script-remote-code-execution-vulnerability-in-microsoft-webdav","https://www.vicarius.io/vsociety/posts/cve-2025-33053-mitigation-script-remote-code-execution-vulnerability-in-microsoft-webdav","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-33053"],"published_time":"2025-06-10T17:22:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-33052","summary":"Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.01055,"ranking_epss":0.77627,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33052"],"published_time":"2025-06-10T17:22:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-32724","summary":"Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.46168,"ranking_epss":0.97651,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32724"],"published_time":"2025-06-10T17:22:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-32722","summary":"Improper access control in Windows Storage Port Driver allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00601,"ranking_epss":0.69524,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32722"],"published_time":"2025-06-10T17:22:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-32721","summary":"Improper link resolution before file access ('link following') in Windows Recovery Driver allows an authorized attacker to elevate privileges locally.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"cvss_v4":null,"epss":0.00674,"ranking_epss":0.71448,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32721"],"published_time":"2025-06-10T17:22:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-32720","summary":"Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00738,"ranking_epss":0.72901,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32720"],"published_time":"2025-06-10T17:22:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-32719","summary":"Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00698,"ranking_epss":0.71989,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32719"],"published_time":"2025-06-10T17:22:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-32718","summary":"Integer overflow or wraparound in Windows SMB allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.01008,"ranking_epss":0.77114,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32718"],"published_time":"2025-06-10T17:21:58","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-32716","summary":"Out-of-bounds read in Windows Media allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00736,"ranking_epss":0.72872,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32716"],"published_time":"2025-06-10T17:21:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-32715","summary":"Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.02066,"ranking_epss":0.83954,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32715"],"published_time":"2025-06-10T17:21:53","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-32714","summary":"Improper access control in Windows Installer allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00635,"ranking_epss":0.70443,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32714"],"published_time":"2025-06-10T17:21:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-32713","summary":"Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00736,"ranking_epss":0.72872,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32713"],"published_time":"2025-06-10T17:21:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-32712","summary":"Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00736,"ranking_epss":0.72872,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32712"],"published_time":"2025-06-10T17:21:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24069","summary":"Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00698,"ranking_epss":0.71989,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24069"],"published_time":"2025-06-10T17:21:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24068","summary":"Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00698,"ranking_epss":0.71989,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24068"],"published_time":"2025-06-10T17:21:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-47827","summary":"In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.01402,"ranking_epss":0.80458,"kev":true,"propose_action":"IGEL OS contains a use of a key past its expiration date vulnerability that allows for Secure Boot bypass. The igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.","ransomware_campaign":"Unknown","references":["https://github.com/Zedeldi/CVE-2025-47827","https://github.com/Zedeldi/igelfs","https://github.com/Zedeldi/CVE-2025-47827","https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47827","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-47827"],"published_time":"2025-06-05T14:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-32709","summary":"Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00584,"ranking_epss":0.69064,"kev":true,"propose_action":"Microsoft Windows Ancillary Function Driver for WinSock contains a use-after-free vulnerability that allows an authorized attacker to escalate privileges to administrator.","ransomware_campaign":"Unknown","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32709","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32709"],"published_time":"2025-05-13T17:16:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-32706","summary":"Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.013,"ranking_epss":0.79751,"kev":true,"propose_action":"Microsoft Windows Common Log File System (CLFS) Driver contains a heap-based buffer overflow vulnerability that allows an authorized attacker to elevate privileges locally.","ransomware_campaign":"Unknown","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32706","https://www.vicarius.io/vsociety/posts/cve-2025-32706-detection-script-elevation-of-privilege-vulnerability-in-microsoft-windows-common-log-file-system-driver","https://www.vicarius.io/vsociety/posts/cve-2025-32706-mitigation-script-elevation-of-privilege-vulnerability-in-microsoft-windows-common-log-file-system-driver","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32706"],"published_time":"2025-05-13T17:16:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30397","summary":"Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.21265,"ranking_epss":0.95692,"kev":true,"propose_action":"Microsoft Windows Scripting Engine contains a type confusion vulnerability that allows an unauthorized attacker to execute code over a network via a specially crafted URL.","ransomware_campaign":"Unknown","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30397","https://www.vicarius.io/vsociety/posts/cve-2025-30397-type-confusion-vulnerability-in-microsoft-scripting-engine-detection-script","https://www.vicarius.io/vsociety/posts/cve-2025-30397-type-confusion-vulnerability-in-microsoft-scripting-engine-mitigation-script","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-30397"],"published_time":"2025-05-13T17:16:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30400","summary":"Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00752,"ranking_epss":0.73242,"kev":true,"propose_action":"Microsoft Windows DWM Core Library contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.","ransomware_campaign":"Unknown","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30400","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-30400"],"published_time":"2025-05-13T17:16:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-32701","summary":"Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.01544,"ranking_epss":0.81427,"kev":true,"propose_action":"Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.","ransomware_campaign":"Unknown","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32701","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32701"],"published_time":"2025-05-13T17:16:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30385","summary":"Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0082,"ranking_epss":0.74429,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30385"],"published_time":"2025-05-13T17:16:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30388","summary":"Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00818,"ranking_epss":0.74408,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30388"],"published_time":"2025-05-13T17:16:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-29974","summary":"Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose information over an adjacent network.","cvss":5.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.7,"cvss_v4":null,"epss":0.01098,"ranking_epss":0.7805,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29974"],"published_time":"2025-05-13T17:15:58","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-29966","summary":"Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.02619,"ranking_epss":0.85685,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29966"],"published_time":"2025-05-13T17:15:57","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-29967","summary":"Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.02619,"ranking_epss":0.85685,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29967"],"published_time":"2025-05-13T17:15:57","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-29969","summary":"Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0034,"ranking_epss":0.5677,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29969"],"published_time":"2025-05-13T17:15:57","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-29959","summary":"Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0464,"ranking_epss":0.89303,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29959"],"published_time":"2025-05-13T17:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-29960","summary":"Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.02343,"ranking_epss":0.84898,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29960"],"published_time":"2025-05-13T17:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-29961","summary":"Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.02343,"ranking_epss":0.84898,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29961"],"published_time":"2025-05-13T17:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-29962","summary":"Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01674,"ranking_epss":0.82184,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29962"],"published_time":"2025-05-13T17:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-29963","summary":"Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01543,"ranking_epss":0.81417,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29963"],"published_time":"2025-05-13T17:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-29964","summary":"Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01543,"ranking_epss":0.81417,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29964"],"published_time":"2025-05-13T17:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-29842","summary":"Acceptance of extraneous untrusted data with trusted data in UrlMon allows an unauthorized attacker to bypass a security feature over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00206,"ranking_epss":0.43037,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29842"],"published_time":"2025-05-13T17:15:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-29954","summary":"Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00608,"ranking_epss":0.69756,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29954"],"published_time":"2025-05-13T17:15:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-29956","summary":"Buffer over-read in Windows SMB allows an authorized attacker to disclose information over a network.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00453,"ranking_epss":0.638,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29956"],"published_time":"2025-05-13T17:15:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-29957","summary":"Uncontrolled resource consumption in Windows Deployment Services allows an unauthorized attacker to deny service locally.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"cvss_v4":null,"epss":0.01067,"ranking_epss":0.77743,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29957"],"published_time":"2025-05-13T17:15:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-29958","summary":"Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0464,"ranking_epss":0.89303,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29958"],"published_time":"2025-05-13T17:15:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-29836","summary":"Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.01738,"ranking_epss":0.82527,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29836"],"published_time":"2025-05-13T17:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-29837","summary":"Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.01404,"ranking_epss":0.80478,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29837"],"published_time":"2025-05-13T17:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-29839","summary":"Out-of-bounds read in Windows File Server allows an unauthorized attacker to disclose information locally.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"cvss_v4":null,"epss":0.01007,"ranking_epss":0.77094,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29839"],"published_time":"2025-05-13T17:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-29840","summary":"Stack-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01141,"ranking_epss":0.78447,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29840"],"published_time":"2025-05-13T17:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-29841","summary":"Concurrent execution using shared resource with improper synchronization ('race condition') in Universal Print Management Service allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00251,"ranking_epss":0.48477,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29841"],"published_time":"2025-05-13T17:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-29830","summary":"Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.03471,"ranking_epss":0.87563,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29830"],"published_time":"2025-05-13T17:15:53","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-29832","summary":"Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.01738,"ranking_epss":0.82527,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29832"],"published_time":"2025-05-13T17:15:53","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-29833","summary":"Time-of-check time-of-use (toctou) race condition in Windows Virtual Machine Bus allows an unauthorized attacker to execute code locally.","cvss":7.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.7,"cvss_v4":null,"epss":0.00304,"ranking_epss":0.53697,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29833"],"published_time":"2025-05-13T17:15:53","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-29835","summary":"Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.01729,"ranking_epss":0.82483,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29835"],"published_time":"2025-05-13T17:15:53","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-27468","summary":"Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00235,"ranking_epss":0.46532,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27468"],"published_time":"2025-05-13T17:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-27488","summary":"Use of hard-coded credentials in Windows Hardware Lab Kit allows an authorized attacker to elevate privileges locally.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"cvss_v4":null,"epss":0.00958,"ranking_epss":0.76497,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27488"],"published_time":"2025-05-13T17:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-29829","summary":"Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0096,"ranking_epss":0.76521,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29829"],"published_time":"2025-05-13T17:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24063","summary":"Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00939,"ranking_epss":0.76261,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24063"],"published_time":"2025-05-13T17:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-29824","summary":"Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00392,"ranking_epss":0.60238,"kev":true,"propose_action":"Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.","ransomware_campaign":"Known","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29824","https://www.vicarius.io/vsociety/posts/cve-2025-29824-windows-common-log-file-system-driver-elevation-of-privilege-vulnerability-detection-script","https://www.vicarius.io/vsociety/posts/cve-2025-29824-windows-common-log-file-system-driver-elevation-of-privilege-vulnerability-mitigation-script","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-29824"],"published_time":"2025-04-08T18:16:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-29809","summary":"Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.01277,"ranking_epss":0.79583,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29809"],"published_time":"2025-04-08T18:16:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-29810","summary":"Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00116,"ranking_epss":0.30289,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29810"],"published_time":"2025-04-08T18:16:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-27742","summary":"Out-of-bounds read in Windows NTFS allows an unauthorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00773,"ranking_epss":0.73631,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27742"],"published_time":"2025-04-08T18:16:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-27737","summary":"Improper input validation in Windows Security Zone Mapping allows an unauthorized attacker to bypass a security feature locally.","cvss":8.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.6,"cvss_v4":null,"epss":0.00834,"ranking_epss":0.74644,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27737"],"published_time":"2025-04-08T18:16:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-27738","summary":"Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0321,"ranking_epss":0.87046,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27738"],"published_time":"2025-04-08T18:16:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-27739","summary":"Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00605,"ranking_epss":0.69649,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27739"],"published_time":"2025-04-08T18:16:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-27731","summary":"Improper input validation in OpenSSH for Windows allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0083,"ranking_epss":0.74567,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27731"],"published_time":"2025-04-08T18:16:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-27732","summary":"Sensitive data storage in improperly locked memory in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00191,"ranking_epss":0.4109,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27732"],"published_time":"2025-04-08T18:16:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-27735","summary":"Insufficient verification of data authenticity in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.","cvss":6.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.0,"cvss_v4":null,"epss":0.00467,"ranking_epss":0.6449,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27735"],"published_time":"2025-04-08T18:16:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-27736","summary":"Exposure of sensitive information to an unauthorized actor in Windows Power Dependency Coordinator allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00822,"ranking_epss":0.74457,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27736"],"published_time":"2025-04-08T18:16:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-27491","summary":"Use after free in Windows Hyper-V allows an authorized attacker to execute code over a network.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00449,"ranking_epss":0.63629,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27491"],"published_time":"2025-04-08T18:16:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-27727","summary":"Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.01099,"ranking_epss":0.7806,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27727"],"published_time":"2025-04-08T18:16:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-27729","summary":"Use after free in Windows Shell allows an unauthorized attacker to execute code locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00742,"ranking_epss":0.73011,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27729"],"published_time":"2025-04-08T18:16:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-27730","summary":"Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00693,"ranking_epss":0.71881,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27730"],"published_time":"2025-04-08T18:16:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-27484","summary":"Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00345,"ranking_epss":0.57129,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27484"],"published_time":"2025-04-08T18:15:59","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-27487","summary":"Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network.","cvss":8.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.0,"cvss_v4":null,"epss":0.00723,"ranking_epss":0.72571,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27487"],"published_time":"2025-04-08T18:15:59","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-27490","summary":"Heap-based buffer overflow in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00605,"ranking_epss":0.69649,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27490"],"published_time":"2025-04-08T18:15:59","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-27478","summary":"Heap-based buffer overflow in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00182,"ranking_epss":0.39954,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27478"],"published_time":"2025-04-08T18:15:58","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-27481","summary":"Stack-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01103,"ranking_epss":0.78102,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27481"],"published_time":"2025-04-08T18:15:58","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-27473","summary":"Uncontrolled resource consumption in Windows HTTP.sys allows an unauthorized attacker to deny service over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.42371,"ranking_epss":0.97466,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27473"],"published_time":"2025-04-08T18:15:57","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-27476","summary":"Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00693,"ranking_epss":0.71881,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27476"],"published_time":"2025-04-08T18:15:57","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-27477","summary":"Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.03513,"ranking_epss":0.87644,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27477"],"published_time":"2025-04-08T18:15:57","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-27467","summary":"Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00693,"ranking_epss":0.71881,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27467"],"published_time":"2025-04-08T18:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-27469","summary":"Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.42371,"ranking_epss":0.97466,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27469"],"published_time":"2025-04-08T18:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-27471","summary":"Sensitive data storage in improperly locked memory in Microsoft Streaming Service allows an unauthorized attacker to deny service over a network.","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00501,"ranking_epss":0.66031,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27471"],"published_time":"2025-04-08T18:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26686","summary":"Sensitive data storage in improperly locked memory in Windows TCP/IP allows an unauthorized attacker to execute code over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00402,"ranking_epss":0.60881,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26686"],"published_time":"2025-04-08T18:15:53","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26687","summary":"Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00463,"ranking_epss":0.64285,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26687"],"published_time":"2025-04-08T18:15:53","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26688","summary":"Stack-based buffer overflow in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00693,"ranking_epss":0.71881,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26688"],"published_time":"2025-04-08T18:15:53","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26678","summary":"Improper access control in Windows Defender Application Control (WDAC) allows an unauthorized attacker to bypass a security feature locally.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"cvss_v4":null,"epss":0.00602,"ranking_epss":0.69542,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26678"],"published_time":"2025-04-08T18:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26679","summary":"Use after free in RPC Endpoint Mapper Service allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00693,"ranking_epss":0.71881,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26679"],"published_time":"2025-04-08T18:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26681","summary":"Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"cvss_v4":null,"epss":0.00262,"ranking_epss":0.49612,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26681"],"published_time":"2025-04-08T18:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26672","summary":"Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.03036,"ranking_epss":0.86687,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26672"],"published_time":"2025-04-08T18:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26673","summary":"Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.44121,"ranking_epss":0.97555,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26673"],"published_time":"2025-04-08T18:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26674","summary":"Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00793,"ranking_epss":0.73968,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26674"],"published_time":"2025-04-08T18:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26675","summary":"Out-of-bounds read in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00693,"ranking_epss":0.71881,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26675"],"published_time":"2025-04-08T18:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26668","summary":"Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00463,"ranking_epss":0.64285,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26668"],"published_time":"2025-04-08T18:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26669","summary":"Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01491,"ranking_epss":0.81098,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26669"],"published_time":"2025-04-08T18:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26670","summary":"Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.0057,"ranking_epss":0.6866,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26670"],"published_time":"2025-04-08T18:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26663","summary":"Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00553,"ranking_epss":0.6808,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26663"],"published_time":"2025-04-08T18:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26665","summary":"Sensitive data storage in improperly locked memory in Windows upnphost.dll allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00191,"ranking_epss":0.4109,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26665"],"published_time":"2025-04-08T18:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26666","summary":"Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00793,"ranking_epss":0.73968,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26666"],"published_time":"2025-04-08T18:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26644","summary":"Automated recognition mechanism with inadequate detection or handling of adversarial input perturbations in Windows Hello allows an unauthorized attacker to perform spoofing locally.","cvss":5.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.1,"cvss_v4":null,"epss":0.0032,"ranking_epss":0.55098,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26644"],"published_time":"2025-04-08T18:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26648","summary":"Sensitive data storage in improperly locked memory in Windows Kernel allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00537,"ranking_epss":0.67559,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26648"],"published_time":"2025-04-08T18:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26635","summary":"Weak authentication in Windows Hello allows an authorized attacker to bypass a security feature over a network.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00977,"ranking_epss":0.76751,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26635"],"published_time":"2025-04-08T18:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26639","summary":"Integer overflow or wraparound in Windows USB Print Driver allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.01284,"ranking_epss":0.79637,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26639"],"published_time":"2025-04-08T18:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26640","summary":"Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00182,"ranking_epss":0.39954,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26640"],"published_time":"2025-04-08T18:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26641","summary":"Uncontrolled resource consumption in Windows Cryptographic Services allows an unauthorized attacker to deny service over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.42371,"ranking_epss":0.97466,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26641"],"published_time":"2025-04-08T18:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24058","summary":"Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00939,"ranking_epss":0.76261,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24058"],"published_time":"2025-04-08T18:15:46","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24060","summary":"Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00939,"ranking_epss":0.76261,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24060"],"published_time":"2025-04-08T18:15:46","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24062","summary":"Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00939,"ranking_epss":0.76261,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24062"],"published_time":"2025-04-08T18:15:46","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24073","summary":"Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00939,"ranking_epss":0.76261,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24073"],"published_time":"2025-04-08T18:15:46","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24074","summary":"Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00939,"ranking_epss":0.76261,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24074"],"published_time":"2025-04-08T18:15:46","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21197","summary":"Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.02389,"ranking_epss":0.85042,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21197"],"published_time":"2025-04-08T18:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21204","summary":"Improper link resolution before file access ('link following') in Windows Update Stack allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.07251,"ranking_epss":0.91647,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21204","https://www.vicarius.io/vsociety/posts/cve-2025-21204-privilege-elevation-vulnerability-in-microsoft-windows-update-stack-detection-script","https://www.vicarius.io/vsociety/posts/cve-2025-21204-privilege-elevation-vulnerability-in-microsoft-windows-update-stack-mitigation-script"],"published_time":"2025-04-08T18:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21205","summary":"Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01103,"ranking_epss":0.78102,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21205"],"published_time":"2025-04-08T18:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21221","summary":"Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01103,"ranking_epss":0.78102,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21221"],"published_time":"2025-04-08T18:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21222","summary":"Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01103,"ranking_epss":0.78102,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21222"],"published_time":"2025-04-08T18:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21191","summary":"Time-of-check time-of-use (toctou) race condition in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00191,"ranking_epss":0.4109,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21191"],"published_time":"2025-04-08T18:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26645","summary":"Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00311,"ranking_epss":0.54265,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26645"],"published_time":"2025-03-11T17:16:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26633","summary":"Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.19604,"ranking_epss":0.95427,"kev":true,"propose_action":"Microsoft Windows Management Console (MMC) contains an improper neutralization vulnerability that allows an unauthorized attacker to bypass a security feature locally.","ransomware_campaign":"Known","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26633","https://www.vicarius.io/vsociety/posts/cve-2025-26633-security-feature-bypass-in-microsoft-management-console-detection-script","https://www.vicarius.io/vsociety/posts/cve-2025-26633-security-feature-bypass-in-microsoft-management-console-mitigation-script","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-26633"],"published_time":"2025-03-11T17:16:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-26634","summary":"Heap-based buffer overflow in Windows Core Messaging allows an authorized attacker to elevate privileges over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00406,"ranking_epss":0.61146,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26634"],"published_time":"2025-03-11T17:16:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24997","summary":"Null pointer dereference in Windows Kernel Memory allows an authorized attacker to deny service locally.","cvss":4.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.4,"cvss_v4":null,"epss":0.00195,"ranking_epss":0.41482,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24997"],"published_time":"2025-03-11T17:16:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24995","summary":"Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00216,"ranking_epss":0.4424,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24995"],"published_time":"2025-03-11T17:16:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24996","summary":"External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00773,"ranking_epss":0.73621,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24996"],"published_time":"2025-03-11T17:16:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24988","summary":"Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack.","cvss":6.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.6,"cvss_v4":null,"epss":0.0036,"ranking_epss":0.58236,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24988"],"published_time":"2025-03-11T17:16:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24991","summary":"Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00525,"ranking_epss":0.67022,"kev":true,"propose_action":"Microsoft Windows New Technology File System (NTFS) contains an out-of-bounds read vulnerability that allows an authorized attacker to disclose information locally.","ransomware_campaign":"Unknown","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24991","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24991"],"published_time":"2025-03-11T17:16:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24992","summary":"Buffer over-read in Windows NTFS allows an unauthorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00433,"ranking_epss":0.62784,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24992"],"published_time":"2025-03-11T17:16:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24993","summary":"Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00806,"ranking_epss":0.74212,"kev":true,"propose_action":"Microsoft Windows New Technology File System (NTFS) contains a heap-based buffer overflow vulnerability that allows an unauthorized attacker to execute code locally.","ransomware_campaign":"Unknown","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24993","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24993"],"published_time":"2025-03-11T17:16:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24984","summary":"Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.04449,"ranking_epss":0.89075,"kev":true,"propose_action":"Microsoft Windows New Technology File System (NTFS) contains an insertion of sensitive Information into log file vulnerability that allows an unauthorized attacker to disclose information with a physical attack. An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.","ransomware_campaign":"Unknown","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24984","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24984"],"published_time":"2025-03-11T17:16:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24985","summary":"Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00711,"ranking_epss":0.72301,"kev":true,"propose_action":"Microsoft Windows Fast FAT File System Driver contains an integer overflow or wraparound vulnerability that allows an unauthorized attacker to execute code locally.","ransomware_campaign":"Unknown","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24985","https://www.vicarius.io/vsociety/posts/cve-2025-24985-integer-overflow-vulnerability-in-microsoft-windows-fast-fat-driver-detection-script","https://www.vicarius.io/vsociety/posts/cve-2025-24985-integer-overflow-vulnerability-in-microsoft-windows-fast-fat-driver-mitigation-script","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24985"],"published_time":"2025-03-11T17:16:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24987","summary":"Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack.","cvss":6.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.6,"cvss_v4":null,"epss":0.0036,"ranking_epss":0.58236,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24987"],"published_time":"2025-03-11T17:16:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24072","summary":"Use after free in Microsoft Local Security Authority Server (lsasrv) allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00189,"ranking_epss":0.40724,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24072"],"published_time":"2025-03-11T17:16:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24066","summary":"Heap-based buffer overflow in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00216,"ranking_epss":0.4424,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24066"],"published_time":"2025-03-11T17:16:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24067","summary":"Heap-based buffer overflow in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00216,"ranking_epss":0.4424,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24067"],"published_time":"2025-03-11T17:16:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24056","summary":"Heap-based buffer overflow in Windows Telephony Server allows an unauthorized attacker to execute code over a network.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00491,"ranking_epss":0.65637,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24056"],"published_time":"2025-03-11T17:16:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24059","summary":"Incorrect conversion between numeric types in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00283,"ranking_epss":0.51742,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24059"],"published_time":"2025-03-11T17:16:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24061","summary":"Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00396,"ranking_epss":0.60495,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24061"],"published_time":"2025-03-11T17:16:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24050","summary":"Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00189,"ranking_epss":0.40724,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24050"],"published_time":"2025-03-11T17:16:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24051","summary":"Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00516,"ranking_epss":0.66678,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24051"],"published_time":"2025-03-11T17:16:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24054","summary":"External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.11927,"ranking_epss":0.93778,"kev":true,"propose_action":"Microsoft Windows NTLM contains an external control of file name or path vulnerability that allows an unauthorized attacker to perform spoofing over a network.","ransomware_campaign":"Unknown","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24054","http://seclists.org/fulldisclosure/2025/Apr/28","https://www.exploit-db.com/exploits/52478","https://www.exploit-db.com/exploits/52480","https://www.vicarius.io/vsociety/posts/cve-2025-24054-spoofing-vulnerability-in-windows-ntlm-by-microsoft-detection-script","https://www.vicarius.io/vsociety/posts/cve-2025-24054-spoofing-vulnerability-in-windows-ntlm-by-microsoft-mitigation-script","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24054"],"published_time":"2025-03-11T17:16:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24055","summary":"Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to disclose information with a physical attack.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00276,"ranking_epss":0.51109,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24055"],"published_time":"2025-03-11T17:16:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24044","summary":"Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00216,"ranking_epss":0.4424,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24044"],"published_time":"2025-03-11T17:16:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24046","summary":"Use after free in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00189,"ranking_epss":0.40724,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24046"],"published_time":"2025-03-11T17:16:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24048","summary":"Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00189,"ranking_epss":0.40724,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24048"],"published_time":"2025-03-11T17:16:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24035","summary":"Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00478,"ranking_epss":0.65039,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24035"],"published_time":"2025-03-11T17:16:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21247","summary":"Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.0053,"ranking_epss":0.6728,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21247"],"published_time":"2025-03-11T17:16:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21180","summary":"Heap-based buffer overflow in Windows exFAT File System allows an unauthorized attacker to execute code locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00528,"ranking_epss":0.67204,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21180"],"published_time":"2025-03-11T17:16:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21418","summary":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.1327,"ranking_epss":0.9418,"kev":true,"propose_action":"Microsoft Windows Ancillary Function Driver for WinSock contains a heap-based buffer overflow vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges.","ransomware_campaign":"Unknown","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21418","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-21418"],"published_time":"2025-02-11T18:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21419","summary":"Windows Setup Files Cleanup Elevation of Privilege Vulnerability","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00205,"ranking_epss":0.42702,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21419"],"published_time":"2025-02-11T18:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21420","summary":"Windows Disk Cleanup Tool Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.4147,"ranking_epss":0.97415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21420"],"published_time":"2025-02-11T18:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21407","summary":"Windows Telephony Service Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00165,"ranking_epss":0.37556,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21407"],"published_time":"2025-02-11T18:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21414","summary":"Windows Core Messaging Elevation of Privileges Vulnerability","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.1867,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21414"],"published_time":"2025-02-11T18:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21406","summary":"Windows Telephony Service Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00165,"ranking_epss":0.37556,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21406"],"published_time":"2025-02-11T18:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21391","summary":"Windows Storage Elevation of Privilege Vulnerability","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.05443,"ranking_epss":0.90196,"kev":true,"propose_action":"Microsoft Windows Storage contains a link following vulnerability that could allow for privilege escalation. This vulnerability could allow an attacker to delete data including data that results in the service being unavailable.","ransomware_campaign":"Unknown","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21391","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-21391"],"published_time":"2025-02-11T18:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21376","summary":"Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.01292,"ranking_epss":0.79697,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21376"],"published_time":"2025-02-11T18:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21377","summary":"NTLM Hash Disclosure Spoofing Vulnerability","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.03798,"ranking_epss":0.88096,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21377"],"published_time":"2025-02-11T18:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21368","summary":"Microsoft Digest Authentication Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00307,"ranking_epss":0.53928,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21368"],"published_time":"2025-02-11T18:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21369","summary":"Microsoft Digest Authentication Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00335,"ranking_epss":0.56384,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21369"],"published_time":"2025-02-11T18:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21371","summary":"Windows Telephony Service Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0023,"ranking_epss":0.45828,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21371","https://www.vicarius.io/vsociety/posts/windows-telephony-service-remote-code-execution-vulnerability-detection-script","https://www.vicarius.io/vsociety/posts/windows-telephony-service-remote-code-execution-vulnerability-mitigation-script"],"published_time":"2025-02-11T18:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21373","summary":"Windows Installer Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00163,"ranking_epss":0.37191,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21373"],"published_time":"2025-02-11T18:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21375","summary":"Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00163,"ranking_epss":0.37211,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21375"],"published_time":"2025-02-11T18:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21351","summary":"Windows Active Directory Domain Services API Denial of Service Vulnerability","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.10245,"ranking_epss":0.93171,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21351"],"published_time":"2025-02-11T18:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21352","summary":"Internet Connection Sharing (ICS) Denial of Service Vulnerability","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00451,"ranking_epss":0.63726,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21352"],"published_time":"2025-02-11T18:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21358","summary":"Windows Core Messaging Elevation of Privileges Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00081,"ranking_epss":0.23893,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21358"],"published_time":"2025-02-11T18:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21359","summary":"Windows Kernel Security Feature Bypass Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00111,"ranking_epss":0.29502,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21359"],"published_time":"2025-02-11T18:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21367","summary":"Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00128,"ranking_epss":0.32209,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21367"],"published_time":"2025-02-11T18:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21337","summary":"Windows NTFS Elevation of Privilege Vulnerability","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00116,"ranking_epss":0.30262,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21337"],"published_time":"2025-02-11T18:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21347","summary":"Windows Deployment Services Denial of Service Vulnerability","cvss":6.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.0,"cvss_v4":null,"epss":0.0028,"ranking_epss":0.51482,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21347"],"published_time":"2025-02-11T18:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21349","summary":"Windows Remote Desktop Configuration Service Tampering Vulnerability","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00155,"ranking_epss":0.36252,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21349"],"published_time":"2025-02-11T18:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21350","summary":"Windows Kerberos Denial of Service Vulnerability","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"cvss_v4":null,"epss":0.02127,"ranking_epss":0.84184,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21350"],"published_time":"2025-02-11T18:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21216","summary":"Internet Connection Sharing (ICS) Denial of Service Vulnerability","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0019,"ranking_epss":0.40882,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21216"],"published_time":"2025-02-11T18:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21254","summary":"Internet Connection Sharing (ICS) Denial of Service Vulnerability","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0019,"ranking_epss":0.40882,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21254"],"published_time":"2025-02-11T18:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21200","summary":"Windows Telephony Service Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00165,"ranking_epss":0.37556,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21200"],"published_time":"2025-02-11T18:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21201","summary":"Windows Telephony Server Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00165,"ranking_epss":0.37556,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21201"],"published_time":"2025-02-11T18:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21212","summary":"Internet Connection Sharing (ICS) Denial of Service Vulnerability","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0019,"ranking_epss":0.40882,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21212"],"published_time":"2025-02-11T18:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21184","summary":"Windows Core Messaging Elevation of Privileges Vulnerability","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.1867,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21184"],"published_time":"2025-02-11T18:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21190","summary":"Windows Telephony Service Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00165,"ranking_epss":0.37556,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21190"],"published_time":"2025-02-11T18:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21181","summary":"Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.13583,"ranking_epss":0.94254,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21181","https://www.vicarius.io/vsociety/posts/cve-2025-21181-denial-of-service-vulnerability-in-microsoft-message-queuing-detection-script","https://www.vicarius.io/vsociety/posts/cve-2025-21181-denial-of-service-vulnerability-in-microsoft-message-queuing-mitigation-script"],"published_time":"2025-02-11T18:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21325","summary":"Windows Secure Kernel Mode Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00895,"ranking_epss":0.75641,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21325"],"published_time":"2025-01-17T01:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21413","summary":"Windows Telephony Service Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.06103,"ranking_epss":0.90806,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21413"],"published_time":"2025-01-14T18:16:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21417","summary":"Windows Telephony Service Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.06103,"ranking_epss":0.90806,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21417"],"published_time":"2025-01-14T18:16:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21409","summary":"Windows Telephony Service Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.06103,"ranking_epss":0.90806,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21409"],"published_time":"2025-01-14T18:16:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21411","summary":"Windows Telephony Service Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.06103,"ranking_epss":0.90806,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21411"],"published_time":"2025-01-14T18:16:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21374","summary":"Windows CSC Service Information Disclosure Vulnerability","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00232,"ranking_epss":0.46138,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21374"],"published_time":"2025-01-14T18:16:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21378","summary":"Windows CSC Service Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00463,"ranking_epss":0.64333,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21378"],"published_time":"2025-01-14T18:16:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21382","summary":"Windows Graphics Component Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.01847,"ranking_epss":0.83018,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21382"],"published_time":"2025-01-14T18:16:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21389","summary":"Uncontrolled resource consumption in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to deny service over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.02393,"ranking_epss":0.8506,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21389"],"published_time":"2025-01-14T18:16:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21336","summary":"Windows Cryptographic Information Disclosure Vulnerability","cvss":5.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.6,"cvss_v4":null,"epss":0.00105,"ranking_epss":0.28556,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21336"],"published_time":"2025-01-14T18:15:59","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21338","summary":"GDI+ Remote Code Execution Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00532,"ranking_epss":0.67364,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21338"],"published_time":"2025-01-14T18:15:59","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21339","summary":"Windows Telephony Service Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.06103,"ranking_epss":0.90806,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21339"],"published_time":"2025-01-14T18:15:59","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21340","summary":"Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00074,"ranking_epss":0.22475,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21340"],"published_time":"2025-01-14T18:15:59","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21341","summary":"Windows Digital Media Elevation of Privilege Vulnerability","cvss":6.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.6,"cvss_v4":null,"epss":0.00208,"ranking_epss":0.43201,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21341"],"published_time":"2025-01-14T18:15:59","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21331","summary":"Windows Installer Elevation of Privilege Vulnerability","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"cvss_v4":null,"epss":0.00451,"ranking_epss":0.63741,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21331"],"published_time":"2025-01-14T18:15:58","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21332","summary":"MapUrlToZone Security Feature Bypass Vulnerability","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00128,"ranking_epss":0.3217,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21332"],"published_time":"2025-01-14T18:15:58","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21333","summary":"Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.81336,"ranking_epss":0.99171,"kev":true,"propose_action":"Microsoft Windows Hyper-V NT Kernel Integration VSP contains a heap-based buffer overflow vulnerability that allows a local attacker to gain SYSTEM privileges.","ransomware_campaign":"Unknown","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21333","https://www.exploit-db.com/exploits/52436","https://www.vicarius.io/vsociety/posts/cve-2025-21333-elevated-privilege-exposure-in-windows-hyper-v-by-microsoft-detection-script","https://www.vicarius.io/vsociety/posts/cve-2025-21333-elevated-privilege-exposure-in-windows-hyper-v-by-microsoft-mitigation-script","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-21333"],"published_time":"2025-01-14T18:15:58","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21334","summary":"Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.06635,"ranking_epss":0.91218,"kev":true,"propose_action":"Microsoft Windows Hyper-V NT Kernel Integration VSP contains a use-after-free vulnerability that allows a local attacker to gain SYSTEM privileges.","ransomware_campaign":"Unknown","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21334","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-21334"],"published_time":"2025-01-14T18:15:58","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21335","summary":"Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.08716,"ranking_epss":0.92502,"kev":true,"propose_action":"Microsoft Windows Hyper-V NT Kernel Integration VSP contains a use-after-free vulnerability that allows a local attacker to gain SYSTEM privileges.","ransomware_campaign":"Unknown","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21335","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-21335"],"published_time":"2025-01-14T18:15:58","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21327","summary":"Windows Digital Media Elevation of Privilege Vulnerability","cvss":6.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.6,"cvss_v4":null,"epss":0.00208,"ranking_epss":0.43201,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21327"],"published_time":"2025-01-14T18:15:57","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21328","summary":"MapUrlToZone Security Feature Bypass Vulnerability","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00107,"ranking_epss":0.28835,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21328"],"published_time":"2025-01-14T18:15:57","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21329","summary":"MapUrlToZone Security Feature Bypass Vulnerability","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00105,"ranking_epss":0.28588,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21329"],"published_time":"2025-01-14T18:15:57","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21330","summary":"Windows Remote Desktop Services Denial of Service Vulnerability","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01314,"ranking_epss":0.79866,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21330"],"published_time":"2025-01-14T18:15:57","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21319","summary":"Windows Kernel Memory Information Disclosure Vulnerability","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00158,"ranking_epss":0.36585,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21319"],"published_time":"2025-01-14T18:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21320","summary":"Windows Kernel Memory Information Disclosure Vulnerability","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00158,"ranking_epss":0.36585,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21320"],"published_time":"2025-01-14T18:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21321","summary":"Windows Kernel Memory Information Disclosure Vulnerability","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00158,"ranking_epss":0.36585,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21321"],"published_time":"2025-01-14T18:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21323","summary":"Windows Kernel Memory Information Disclosure Vulnerability","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00143,"ranking_epss":0.34524,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21323"],"published_time":"2025-01-14T18:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21324","summary":"Windows Digital Media Elevation of Privilege Vulnerability","cvss":6.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.6,"cvss_v4":null,"epss":0.0019,"ranking_epss":0.40887,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21324"],"published_time":"2025-01-14T18:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21314","summary":"Windows SmartScreen Spoofing Vulnerability","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00298,"ranking_epss":0.53192,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21314"],"published_time":"2025-01-14T18:15:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21316","summary":"Windows Kernel Memory Information Disclosure Vulnerability","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0024,"ranking_epss":0.47101,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21316"],"published_time":"2025-01-14T18:15:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21317","summary":"Windows Kernel Memory Information Disclosure Vulnerability","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00143,"ranking_epss":0.34524,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21317"],"published_time":"2025-01-14T18:15:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21318","summary":"Windows Kernel Memory Information Disclosure Vulnerability","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00158,"ranking_epss":0.36585,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21318"],"published_time":"2025-01-14T18:15:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21308","summary":"Windows Themes Spoofing Vulnerability","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00675,"ranking_epss":0.71482,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21308"],"published_time":"2025-01-14T18:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21310","summary":"Windows Digital Media Elevation of Privilege Vulnerability","cvss":6.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.6,"cvss_v4":null,"epss":0.0019,"ranking_epss":0.40887,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21310"],"published_time":"2025-01-14T18:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21312","summary":"Windows Smart Card Reader Information Disclosure Vulnerability","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00198,"ranking_epss":0.41843,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21312"],"published_time":"2025-01-14T18:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21303","summary":"Windows Telephony Service Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01224,"ranking_epss":0.79138,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21303"],"published_time":"2025-01-14T18:15:53","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21304","summary":"Microsoft DWM Core Library Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00277,"ranking_epss":0.51227,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21304"],"published_time":"2025-01-14T18:15:53","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21305","summary":"Windows Telephony Service Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01224,"ranking_epss":0.79138,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21305"],"published_time":"2025-01-14T18:15:53","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21306","summary":"Windows Telephony Service Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01654,"ranking_epss":0.82071,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21306"],"published_time":"2025-01-14T18:15:53","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21307","summary":"Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.1077,"ranking_epss":0.93364,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21307"],"published_time":"2025-01-14T18:15:53","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21298","summary":"Windows OLE Remote Code Execution Vulnerability","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.72219,"ranking_epss":0.98757,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21298"],"published_time":"2025-01-14T18:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21299","summary":"Windows Kerberos Security Feature Bypass Vulnerability","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00639,"ranking_epss":0.70576,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21299"],"published_time":"2025-01-14T18:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21300","summary":"Windows Universal Plug and Play (UPnP) Device Host Denial of Service Vulnerability","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01314,"ranking_epss":0.79866,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21300"],"published_time":"2025-01-14T18:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21301","summary":"Windows Geolocation Service Information Disclosure Vulnerability","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00476,"ranking_epss":0.6494,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21301"],"published_time":"2025-01-14T18:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21302","summary":"Windows Telephony Service Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01224,"ranking_epss":0.79138,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21302"],"published_time":"2025-01-14T18:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21293","summary":"Active Directory Domain Services Elevation of Privilege Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.75829,"ranking_epss":0.98912,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21293"],"published_time":"2025-01-14T18:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21294","summary":"Microsoft Digest Authentication Remote Code Execution Vulnerability","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.01892,"ranking_epss":0.83231,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21294"],"published_time":"2025-01-14T18:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21295","summary":"SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.0171,"ranking_epss":0.82369,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21295"],"published_time":"2025-01-14T18:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21296","summary":"BranchCache Remote Code Execution Vulnerability","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00283,"ranking_epss":0.51772,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21296"],"published_time":"2025-01-14T18:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21288","summary":"Windows COM Server Information Disclosure Vulnerability","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00184,"ranking_epss":0.40115,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21288"],"published_time":"2025-01-14T18:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21289","summary":"Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01314,"ranking_epss":0.79866,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21289"],"published_time":"2025-01-14T18:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21290","summary":"Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01314,"ranking_epss":0.79866,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21290"],"published_time":"2025-01-14T18:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21291","summary":"Windows Direct Show Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01654,"ranking_epss":0.82071,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21291"],"published_time":"2025-01-14T18:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21292","summary":"Windows Search Service Elevation of Privilege Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00545,"ranking_epss":0.67846,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21292"],"published_time":"2025-01-14T18:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21282","summary":"Windows Telephony Service Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01654,"ranking_epss":0.82071,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21282"],"published_time":"2025-01-14T18:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21284","summary":"Windows Virtual Trusted Platform Module Denial of Service Vulnerability","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00186,"ranking_epss":0.40392,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21284"],"published_time":"2025-01-14T18:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21285","summary":"Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.38795,"ranking_epss":0.97267,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21285"],"published_time":"2025-01-14T18:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21286","summary":"Windows Telephony Service Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.03318,"ranking_epss":0.87284,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21286"],"published_time":"2025-01-14T18:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21287","summary":"Windows Installer Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00217,"ranking_epss":0.44385,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21287"],"published_time":"2025-01-14T18:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21276","summary":"Windows MapUrlToZone Denial of Service Vulnerability","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.06777,"ranking_epss":0.91332,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21276"],"published_time":"2025-01-14T18:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21277","summary":"Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.30331,"ranking_epss":0.967,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21277"],"published_time":"2025-01-14T18:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21278","summary":"Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"cvss_v4":null,"epss":0.00111,"ranking_epss":0.29545,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21278"],"published_time":"2025-01-14T18:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21280","summary":"Windows Virtual Trusted Platform Module Denial of Service Vulnerability","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00186,"ranking_epss":0.40392,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21280"],"published_time":"2025-01-14T18:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21281","summary":"Microsoft COM for Windows Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00277,"ranking_epss":0.51227,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21281"],"published_time":"2025-01-14T18:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21273","summary":"Windows Telephony Service Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01654,"ranking_epss":0.82071,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21273"],"published_time":"2025-01-14T18:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21274","summary":"Windows Event Tracing Denial of Service Vulnerability","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00137,"ranking_epss":0.33435,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21274"],"published_time":"2025-01-14T18:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21275","summary":"Windows App Package Installer Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00159,"ranking_epss":0.36779,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21275"],"published_time":"2025-01-14T18:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21268","summary":"MapUrlToZone Security Feature Bypass Vulnerability","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00212,"ranking_epss":0.43808,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21268"],"published_time":"2025-01-14T18:15:46","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21269","summary":"Windows HTML Platforms Security Feature Bypass Vulnerability","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00171,"ranking_epss":0.38416,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21269"],"published_time":"2025-01-14T18:15:46","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21270","summary":"Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01314,"ranking_epss":0.79866,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21270"],"published_time":"2025-01-14T18:15:46","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21271","summary":"Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00277,"ranking_epss":0.51227,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21271"],"published_time":"2025-01-14T18:15:46","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21272","summary":"Windows COM Server Information Disclosure Vulnerability","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00184,"ranking_epss":0.40115,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21272"],"published_time":"2025-01-14T18:15:46","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21261","summary":"Windows Digital Media Elevation of Privilege Vulnerability","cvss":6.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.6,"cvss_v4":null,"epss":0.00188,"ranking_epss":0.40638,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21261"],"published_time":"2025-01-14T18:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21263","summary":"Windows Digital Media Elevation of Privilege Vulnerability","cvss":6.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.6,"cvss_v4":null,"epss":0.00208,"ranking_epss":0.43201,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21263"],"published_time":"2025-01-14T18:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21265","summary":"Windows Digital Media Elevation of Privilege Vulnerability","cvss":6.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.6,"cvss_v4":null,"epss":0.00208,"ranking_epss":0.43201,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21265"],"published_time":"2025-01-14T18:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21266","summary":"Windows Telephony Service Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01654,"ranking_epss":0.82071,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21266"],"published_time":"2025-01-14T18:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21258","summary":"Windows Digital Media Elevation of Privilege Vulnerability","cvss":6.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.6,"cvss_v4":null,"epss":0.0021,"ranking_epss":0.43478,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21258"],"published_time":"2025-01-14T18:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21260","summary":"Windows Digital Media Elevation of Privilege Vulnerability","cvss":6.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.6,"cvss_v4":null,"epss":0.0021,"ranking_epss":0.43478,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21260"],"published_time":"2025-01-14T18:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21252","summary":"Windows Telephony Service Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01654,"ranking_epss":0.82071,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21252"],"published_time":"2025-01-14T18:15:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21255","summary":"Windows Digital Media Elevation of Privilege Vulnerability","cvss":6.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.6,"cvss_v4":null,"epss":0.0021,"ranking_epss":0.43478,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21255"],"published_time":"2025-01-14T18:15:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21256","summary":"Windows Digital Media Elevation of Privilege Vulnerability","cvss":6.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.6,"cvss_v4":null,"epss":0.0019,"ranking_epss":0.40887,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21256"],"published_time":"2025-01-14T18:15:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21257","summary":"Windows WLAN AutoConfig Service Information Disclosure Vulnerability","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00141,"ranking_epss":0.34261,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21257"],"published_time":"2025-01-14T18:15:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21248","summary":"Windows Telephony Service Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00667,"ranking_epss":0.71314,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21248"],"published_time":"2025-01-14T18:15:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21249","summary":"Windows Digital Media Elevation of Privilege Vulnerability","cvss":6.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.6,"cvss_v4":null,"epss":0.0021,"ranking_epss":0.43478,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21249"],"published_time":"2025-01-14T18:15:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21250","summary":"Windows Telephony Service Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00904,"ranking_epss":0.75757,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21250"],"published_time":"2025-01-14T18:15:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21251","summary":"Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01314,"ranking_epss":0.79866,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21251"],"published_time":"2025-01-14T18:15:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21245","summary":"Windows Telephony Service Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00667,"ranking_epss":0.71314,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21245"],"published_time":"2025-01-14T18:15:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21246","summary":"Windows Telephony Service Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00667,"ranking_epss":0.71314,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21246"],"published_time":"2025-01-14T18:15:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21243","summary":"Windows Telephony Service Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00718,"ranking_epss":0.72495,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21243"],"published_time":"2025-01-14T18:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21244","summary":"Windows Telephony Service Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00718,"ranking_epss":0.72495,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21244"],"published_time":"2025-01-14T18:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21241","summary":"Windows Telephony Service Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00904,"ranking_epss":0.75757,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21241"],"published_time":"2025-01-14T18:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21242","summary":"Windows Kerberos Information Disclosure Vulnerability","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00249,"ranking_epss":0.48212,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21242"],"published_time":"2025-01-14T18:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21239","summary":"Windows Telephony Service Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00667,"ranking_epss":0.71314,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21239"],"published_time":"2025-01-14T18:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21240","summary":"Windows Telephony Service Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00904,"ranking_epss":0.75757,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21240"],"published_time":"2025-01-14T18:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21238","summary":"Windows Telephony Service Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00667,"ranking_epss":0.71314,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21238"],"published_time":"2025-01-14T18:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21234","summary":"Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00414,"ranking_epss":0.61653,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21234"],"published_time":"2025-01-14T18:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21235","summary":"Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00299,"ranking_epss":0.53294,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21235"],"published_time":"2025-01-14T18:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21236","summary":"Windows Telephony Service Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00667,"ranking_epss":0.71314,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21236"],"published_time":"2025-01-14T18:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21237","summary":"Windows Telephony Service Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00667,"ranking_epss":0.71314,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21237"],"published_time":"2025-01-14T18:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21229","summary":"Windows Digital Media Elevation of Privilege Vulnerability","cvss":6.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.6,"cvss_v4":null,"epss":0.0019,"ranking_epss":0.40887,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21229"],"published_time":"2025-01-14T18:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21230","summary":"Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01314,"ranking_epss":0.79866,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21230"],"published_time":"2025-01-14T18:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21231","summary":"IP Helper Denial of Service Vulnerability","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01314,"ranking_epss":0.79866,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21231"],"published_time":"2025-01-14T18:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21232","summary":"Windows Digital Media Elevation of Privilege Vulnerability","cvss":6.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.6,"cvss_v4":null,"epss":0.0019,"ranking_epss":0.40887,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21232"],"published_time":"2025-01-14T18:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21233","summary":"Windows Telephony Service Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00667,"ranking_epss":0.71314,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21233"],"published_time":"2025-01-14T18:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21224","summary":"Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00504,"ranking_epss":0.66165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21224","https://www.vicarius.io/vsociety/posts/cve-2025-21224-remote-code-execution-vulnerability-in-windows-line-printer-daemon-service-detection-script","https://www.vicarius.io/vsociety/posts/cve-2025-21224-remote-code-execution-vulnerability-in-windows-line-printer-daemon-service-mitigation-script"],"published_time":"2025-01-14T18:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21226","summary":"Windows Digital Media Elevation of Privilege Vulnerability","cvss":6.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.6,"cvss_v4":null,"epss":0.0019,"ranking_epss":0.40887,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21226"],"published_time":"2025-01-14T18:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21227","summary":"Windows Digital Media Elevation of Privilege Vulnerability","cvss":6.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.6,"cvss_v4":null,"epss":0.0019,"ranking_epss":0.40887,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21227"],"published_time":"2025-01-14T18:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21228","summary":"Windows Digital Media Elevation of Privilege Vulnerability","cvss":6.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.6,"cvss_v4":null,"epss":0.0019,"ranking_epss":0.40887,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21228"],"published_time":"2025-01-14T18:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21217","summary":"Windows NTLM Spoofing Vulnerability","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00575,"ranking_epss":0.68818,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21217"],"published_time":"2025-01-14T18:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21219","summary":"MapUrlToZone Security Feature Bypass Vulnerability","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00303,"ranking_epss":0.53619,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21219"],"published_time":"2025-01-14T18:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21220","summary":"Microsoft Message Queuing Information Disclosure Vulnerability","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01,"ranking_epss":0.77024,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21220"],"published_time":"2025-01-14T18:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21223","summary":"Windows Telephony Service Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00667,"ranking_epss":0.71314,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21223"],"published_time":"2025-01-14T18:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21207","summary":"Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00831,"ranking_epss":0.74597,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21207"],"published_time":"2025-01-14T18:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21210","summary":"Windows BitLocker Information Disclosure Vulnerability","cvss":4.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.2,"cvss_v4":null,"epss":0.00231,"ranking_epss":0.46021,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21210"],"published_time":"2025-01-14T18:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21211","summary":"Secure Boot Security Feature Bypass Vulnerability","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00242,"ranking_epss":0.47508,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21211"],"published_time":"2025-01-14T18:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21213","summary":"Secure Boot Security Feature Bypass Vulnerability","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00259,"ranking_epss":0.49321,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21213"],"published_time":"2025-01-14T18:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21214","summary":"Windows BitLocker Information Disclosure Vulnerability","cvss":4.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.2,"cvss_v4":null,"epss":0.0021,"ranking_epss":0.43475,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21214"],"published_time":"2025-01-14T18:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21215","summary":"Secure Boot Security Feature Bypass Vulnerability","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.0019,"ranking_epss":0.40855,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21215"],"published_time":"2025-01-14T18:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21189","summary":"MapUrlToZone Security Feature Bypass Vulnerability","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00288,"ranking_epss":0.5235,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21189"],"published_time":"2025-01-14T18:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21202","summary":"Windows Recovery Environment Agent Elevation of Privilege Vulnerability","cvss":6.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00186,"ranking_epss":0.40366,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21202"],"published_time":"2025-01-14T18:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-21176","summary":".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01411,"ranking_epss":0.80533,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21176","https://www.herodevs.com/vulnerability-directory/cve-2025-21176"],"published_time":"2025-01-14T18:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49132","summary":"Windows Remote Desktop Services Remote Code Execution Vulnerability","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00346,"ranking_epss":0.57213,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49132"],"published_time":"2024-12-12T02:04:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49138","summary":"Windows Common Log File System Driver Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.84831,"ranking_epss":0.99347,"kev":true,"propose_action":"Microsoft Windows Common Log File System (CLFS) driver contains a heap-based buffer overflow vulnerability that allows a local attacker to escalate privileges.","ransomware_campaign":"Unknown","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49138","https://packetstorm.news/files/id/190585/","https://www.exploit-db.com/exploits/52270","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-49138"],"published_time":"2024-12-12T02:04:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49123","summary":"Windows Remote Desktop Services Remote Code Execution Vulnerability","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00362,"ranking_epss":0.58383,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49123"],"published_time":"2024-12-12T02:04:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49124","summary":"Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00387,"ranking_epss":0.59885,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49124"],"published_time":"2024-12-12T02:04:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49126","summary":"Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.0054,"ranking_epss":0.67667,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49126"],"published_time":"2024-12-12T02:04:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49127","summary":"Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.0054,"ranking_epss":0.67667,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49127"],"published_time":"2024-12-12T02:04:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49118","summary":"Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00309,"ranking_epss":0.54097,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49118"],"published_time":"2024-12-12T02:04:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49121","summary":"Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.16507,"ranking_epss":0.94915,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49121"],"published_time":"2024-12-12T02:04:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49122","summary":"Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.022,"ranking_epss":0.84444,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49122"],"published_time":"2024-12-12T02:04:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49109","summary":"Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability","cvss":6.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.6,"cvss_v4":null,"epss":0.00358,"ranking_epss":0.58085,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49109"],"published_time":"2024-12-12T02:04:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49110","summary":"Windows Mobile Broadband Driver Elevation of Privilege Vulnerability","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00212,"ranking_epss":0.43813,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49110"],"published_time":"2024-12-12T02:04:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49111","summary":"Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability","cvss":6.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.6,"cvss_v4":null,"epss":0.00407,"ranking_epss":0.61198,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49111"],"published_time":"2024-12-12T02:04:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49112","summary":"Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.81638,"ranking_epss":0.99189,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49112"],"published_time":"2024-12-12T02:04:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49113","summary":"Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.88639,"ranking_epss":0.99512,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49113"],"published_time":"2024-12-12T02:04:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49114","summary":"Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00436,"ranking_epss":0.63066,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49114"],"published_time":"2024-12-12T02:04:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49103","summary":"Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.0055,"ranking_epss":0.68008,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49103"],"published_time":"2024-12-12T02:04:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49104","summary":"Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0536,"ranking_epss":0.901,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49104"],"published_time":"2024-12-12T02:04:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49105","summary":"Remote Desktop Client Remote Code Execution Vulnerability","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"cvss_v4":null,"epss":0.01448,"ranking_epss":0.80791,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49105"],"published_time":"2024-12-12T02:04:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49107","summary":"WmsRepair Service Elevation of Privilege Vulnerability","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"cvss_v4":null,"epss":0.00722,"ranking_epss":0.7256,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49107"],"published_time":"2024-12-12T02:04:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49095","summary":"Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00138,"ranking_epss":0.33835,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49095"],"published_time":"2024-12-12T02:04:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49096","summary":"Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.05732,"ranking_epss":0.90459,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49096"],"published_time":"2024-12-12T02:04:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49097","summary":"Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00158,"ranking_epss":0.36637,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49097"],"published_time":"2024-12-12T02:04:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49098","summary":"Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00277,"ranking_epss":0.5118,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49098"],"published_time":"2024-12-12T02:04:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49099","summary":"Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00277,"ranking_epss":0.5118,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49099"],"published_time":"2024-12-12T02:04:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49101","summary":"Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability","cvss":6.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.6,"cvss_v4":null,"epss":0.00358,"ranking_epss":0.58085,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49101"],"published_time":"2024-12-12T02:04:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49102","summary":"Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.04123,"ranking_epss":0.88644,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49102"],"published_time":"2024-12-12T02:04:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49089","summary":"Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability","cvss":7.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.2,"cvss_v4":null,"epss":0.0269,"ranking_epss":0.85886,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49089"],"published_time":"2024-12-12T02:04:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49090","summary":"Windows Common Log File System Driver Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00262,"ranking_epss":0.49601,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49090"],"published_time":"2024-12-12T02:04:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49092","summary":"Windows Mobile Broadband Driver Elevation of Privilege Vulnerability","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00345,"ranking_epss":0.5711,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49092"],"published_time":"2024-12-12T02:04:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49094","summary":"Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability","cvss":6.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.6,"cvss_v4":null,"epss":0.00358,"ranking_epss":0.58085,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49094"],"published_time":"2024-12-12T02:04:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49084","summary":"Windows Kernel Elevation of Privilege Vulnerability","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00125,"ranking_epss":0.31777,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49084"],"published_time":"2024-12-12T02:04:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49087","summary":"Windows Mobile Broadband Driver Information Disclosure Vulnerability","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00516,"ranking_epss":0.66708,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49087"],"published_time":"2024-12-12T02:04:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49088","summary":"Windows Common Log File System Driver Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00262,"ranking_epss":0.49601,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49088"],"published_time":"2024-12-12T02:04:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49078","summary":"Windows Mobile Broadband Driver Elevation of Privilege Vulnerability","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00799,"ranking_epss":0.7408,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49078"],"published_time":"2024-12-12T02:04:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49079","summary":"Input Method Editor (IME) Remote Code Execution Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00545,"ranking_epss":0.67842,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49079"],"published_time":"2024-12-12T02:04:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49080","summary":"Windows IP Routing Management Snapin Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.06607,"ranking_epss":0.91199,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49080"],"published_time":"2024-12-12T02:04:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49081","summary":"Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability","cvss":6.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.6,"cvss_v4":null,"epss":0.00392,"ranking_epss":0.60253,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49081"],"published_time":"2024-12-12T02:04:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49082","summary":"Windows File Explorer Information Disclosure Vulnerability","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.0011,"ranking_epss":0.29322,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49082"],"published_time":"2024-12-12T02:04:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49083","summary":"Windows Mobile Broadband Driver Elevation of Privilege Vulnerability","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00377,"ranking_epss":0.5931,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49083"],"published_time":"2024-12-12T02:04:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49072","summary":"Windows Task Scheduler Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0022,"ranking_epss":0.44717,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49072"],"published_time":"2024-12-12T02:04:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49073","summary":"Windows Mobile Broadband Driver Elevation of Privilege Vulnerability","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00387,"ranking_epss":0.59859,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49073"],"published_time":"2024-12-12T02:04:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49074","summary":"Windows Kernel-Mode Driver Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00118,"ranking_epss":0.3074,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49074"],"published_time":"2024-12-12T02:04:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49075","summary":"Windows Remote Desktop Services Denial of Service Vulnerability","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01373,"ranking_epss":0.80265,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49075"],"published_time":"2024-12-12T02:04:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49076","summary":"Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00142,"ranking_epss":0.34398,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49076"],"published_time":"2024-12-12T02:04:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49077","summary":"Windows Mobile Broadband Driver Elevation of Privilege Vulnerability","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00605,"ranking_epss":0.6966,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49077"],"published_time":"2024-12-12T02:04:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49046","summary":"Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00245,"ranking_epss":0.47867,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49046"],"published_time":"2024-11-12T18:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-49039","summary":"Windows Task Scheduler Elevation of Privilege Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.63673,"ranking_epss":0.98422,"kev":true,"propose_action":"Microsoft Windows Task Scheduler contains a privilege escalation vulnerability that can allow an attacker-provided, local application to escalate privileges outside of its AppContainer, and access privileged RPC functions.","ransomware_campaign":"Known","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49039","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-49039"],"published_time":"2024-11-12T18:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43646","summary":"Windows Secure Kernel Mode Elevation of Privilege Vulnerability","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"cvss_v4":null,"epss":0.00121,"ranking_epss":0.31203,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43646"],"published_time":"2024-11-12T18:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43643","summary":"Windows USB Video Class System Driver Elevation of Privilege Vulnerability","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00223,"ranking_epss":0.45046,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43643"],"published_time":"2024-11-12T18:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43644","summary":"Windows Client-Side Caching Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00231,"ranking_epss":0.45997,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43644"],"published_time":"2024-11-12T18:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43638","summary":"Windows USB Video Class System Driver Elevation of Privilege Vulnerability","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00223,"ranking_epss":0.45046,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43638"],"published_time":"2024-11-12T18:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43640","summary":"Windows Kernel-Mode Driver Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00299,"ranking_epss":0.53301,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43640"],"published_time":"2024-11-12T18:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43641","summary":"Windows Registry Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00749,"ranking_epss":0.7318,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43641"],"published_time":"2024-11-12T18:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43634","summary":"Windows USB Video Class System Driver Elevation of Privilege Vulnerability","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00223,"ranking_epss":0.45046,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43634"],"published_time":"2024-11-12T18:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43635","summary":"Windows Telephony Service Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.03059,"ranking_epss":0.8673,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43635"],"published_time":"2024-11-12T18:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43636","summary":"Win32k Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00299,"ranking_epss":0.53301,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43636"],"published_time":"2024-11-12T18:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43637","summary":"Windows USB Video Class System Driver Elevation of Privilege Vulnerability","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00223,"ranking_epss":0.45046,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43637"],"published_time":"2024-11-12T18:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43629","summary":"Windows DWM Core Library Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.02415,"ranking_epss":0.85133,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43629"],"published_time":"2024-11-12T18:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43630","summary":"Windows Kernel Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.03556,"ranking_epss":0.87714,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43630"],"published_time":"2024-11-12T18:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43631","summary":"Windows Secure Kernel Mode Elevation of Privilege Vulnerability","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"cvss_v4":null,"epss":0.00121,"ranking_epss":0.31203,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43631"],"published_time":"2024-11-12T18:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43626","summary":"Windows Telephony Service Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00215,"ranking_epss":0.44052,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43626"],"published_time":"2024-11-12T18:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43627","summary":"Windows Telephony Service Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.02871,"ranking_epss":0.86292,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43627"],"published_time":"2024-11-12T18:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43628","summary":"Windows Telephony Service Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.03085,"ranking_epss":0.86799,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43628"],"published_time":"2024-11-12T18:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43620","summary":"Windows Telephony Service Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.02871,"ranking_epss":0.86292,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43620"],"published_time":"2024-11-12T18:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43621","summary":"Windows Telephony Service Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.02871,"ranking_epss":0.86292,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43621"],"published_time":"2024-11-12T18:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43622","summary":"Windows Telephony Service Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.02871,"ranking_epss":0.86292,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43622"],"published_time":"2024-11-12T18:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43623","summary":"Windows NT OS Kernel Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.05353,"ranking_epss":0.90093,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43623"],"published_time":"2024-11-12T18:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43624","summary":"Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.03517,"ranking_epss":0.87652,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43624"],"published_time":"2024-11-12T18:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43530","summary":"Windows Update Stack Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00569,"ranking_epss":0.68607,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43530"],"published_time":"2024-11-12T18:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43451","summary":"NTLM Hash Disclosure Spoofing Vulnerability","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.90313,"ranking_epss":0.99601,"kev":true,"propose_action":"Microsoft Windows contains an NTLMv2 hash spoofing vulnerability that could result in disclosing a user's NTLMv2 hash to an attacker via a file open operation. The attacker could then leverage this hash to impersonate that user.","ransomware_campaign":"Unknown","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43451","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-43451"],"published_time":"2024-11-12T18:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43452","summary":"Windows Registry Elevation of Privilege Vulnerability","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.04906,"ranking_epss":0.89618,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43452"],"published_time":"2024-11-12T18:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43449","summary":"Windows USB Video Class System Driver Elevation of Privilege Vulnerability","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00223,"ranking_epss":0.45046,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43449"],"published_time":"2024-11-12T18:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38203","summary":"Windows Package Library Manager Information Disclosure Vulnerability","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"cvss_v4":null,"epss":0.00089,"ranking_epss":0.25313,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38203"],"published_time":"2024-11-12T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43615","summary":"Microsoft OpenSSH for Windows Remote Code Execution Vulnerability","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.06889,"ranking_epss":0.91404,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43615"],"published_time":"2024-10-08T18:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43599","summary":"Remote Desktop Client Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0413,"ranking_epss":0.88655,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43599"],"published_time":"2024-10-08T18:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43583","summary":"Winlogon Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.04113,"ranking_epss":0.88624,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43583","https://github.com/Kvngtheta/CVE-2024-43583-PoC/blob/main/poc-43583.py"],"published_time":"2024-10-08T18:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43585","summary":"Code Integrity Guard Security Feature Bypass Vulnerability","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00215,"ranking_epss":0.44084,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43585"],"published_time":"2024-10-08T18:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43574","summary":"Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability","cvss":8.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.3,"cvss_v4":null,"epss":0.00872,"ranking_epss":0.75283,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43574"],"published_time":"2024-10-08T18:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43581","summary":"Microsoft OpenSSH for Windows Remote Code Execution Vulnerability","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.03893,"ranking_epss":0.88276,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43581"],"published_time":"2024-10-08T18:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43582","summary":"Remote Desktop Protocol Server Remote Code Execution Vulnerability","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.26043,"ranking_epss":0.96293,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43582"],"published_time":"2024-10-08T18:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43570","summary":"Windows Kernel Elevation of Privilege Vulnerability","cvss":6.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.4,"cvss_v4":null,"epss":0.00215,"ranking_epss":0.44024,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43570"],"published_time":"2024-10-08T18:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43572","summary":"Microsoft Management Console Remote Code Execution Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.50843,"ranking_epss":0.97872,"kev":true,"propose_action":"Microsoft Windows Management Console contains unspecified vulnerability that allows for remote code execution.","ransomware_campaign":"Unknown","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43572","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-43572"],"published_time":"2024-10-08T18:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43573","summary":"Windows MSHTML Platform Spoofing Vulnerability","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.17703,"ranking_epss":0.95125,"kev":true,"propose_action":"Microsoft Windows MSHTML Platform contains an unspecified spoofing vulnerability which can lead to a loss of confidentiality.","ransomware_campaign":"Unknown","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43573","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-43573"],"published_time":"2024-10-08T18:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43562","summary":"Windows Network Address Translation (NAT) Denial of Service Vulnerability","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.08546,"ranking_epss":0.92409,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43562"],"published_time":"2024-10-08T18:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43563","summary":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00284,"ranking_epss":0.51902,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43563"],"published_time":"2024-10-08T18:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43565","summary":"Windows Network Address Translation (NAT) Denial of Service Vulnerability","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.08546,"ranking_epss":0.92409,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43565"],"published_time":"2024-10-08T18:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43557","summary":"Windows Mobile Broadband Driver Denial of Service Vulnerability","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00255,"ranking_epss":0.48965,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43557"],"published_time":"2024-10-08T18:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43558","summary":"Windows Mobile Broadband Driver Denial of Service Vulnerability","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00255,"ranking_epss":0.48965,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43558"],"published_time":"2024-10-08T18:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43559","summary":"Windows Mobile Broadband Driver Denial of Service Vulnerability","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00401,"ranking_epss":0.60785,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43559"],"published_time":"2024-10-08T18:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43560","summary":"Microsoft Windows Storage Port Driver Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.03722,"ranking_epss":0.87999,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43560"],"published_time":"2024-10-08T18:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43561","summary":"Windows Mobile Broadband Driver Denial of Service Vulnerability","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00255,"ranking_epss":0.48965,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43561"],"published_time":"2024-10-08T18:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43553","summary":"NT OS Kernel Elevation of Privilege Vulnerability","cvss":7.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.4,"cvss_v4":null,"epss":0.00463,"ranking_epss":0.64333,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43553"],"published_time":"2024-10-08T18:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43554","summary":"Windows Kernel-Mode Driver Information Disclosure Vulnerability","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00255,"ranking_epss":0.48956,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43554"],"published_time":"2024-10-08T18:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43555","summary":"Windows Mobile Broadband Driver Denial of Service Vulnerability","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00201,"ranking_epss":0.42185,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43555"],"published_time":"2024-10-08T18:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43556","summary":"Windows Graphics Component Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00628,"ranking_epss":0.70299,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43556"],"published_time":"2024-10-08T18:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43547","summary":"Windows Kerberos Information Disclosure Vulnerability","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0019,"ranking_epss":0.40889,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43547"],"published_time":"2024-10-08T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43550","summary":"Windows Secure Channel Spoofing Vulnerability","cvss":7.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.4,"cvss_v4":null,"epss":0.01819,"ranking_epss":0.829,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43550"],"published_time":"2024-10-08T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43551","summary":"Windows Storage Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0071,"ranking_epss":0.7228,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43551"],"published_time":"2024-10-08T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43542","summary":"Windows Mobile Broadband Driver Denial of Service Vulnerability","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00255,"ranking_epss":0.48965,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43542"],"published_time":"2024-10-08T18:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43543","summary":"Windows Mobile Broadband Driver Remote Code Execution Vulnerability","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00342,"ranking_epss":0.56911,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43543"],"published_time":"2024-10-08T18:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43546","summary":"Windows Cryptographic Information Disclosure Vulnerability","cvss":5.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.6,"cvss_v4":null,"epss":0.00448,"ranking_epss":0.63592,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43546"],"published_time":"2024-10-08T18:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43536","summary":"Windows Mobile Broadband Driver Remote Code Execution Vulnerability","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00342,"ranking_epss":0.56911,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43536"],"published_time":"2024-10-08T18:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43537","summary":"Windows Mobile Broadband Driver Denial of Service Vulnerability","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00261,"ranking_epss":0.49491,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43537"],"published_time":"2024-10-08T18:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43538","summary":"Windows Mobile Broadband Driver Denial of Service Vulnerability","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00255,"ranking_epss":0.48965,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43538"],"published_time":"2024-10-08T18:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43540","summary":"Windows Mobile Broadband Driver Denial of Service Vulnerability","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00255,"ranking_epss":0.48965,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43540"],"published_time":"2024-10-08T18:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43529","summary":"Windows Print Spooler Elevation of Privilege Vulnerability","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"cvss_v4":null,"epss":0.01342,"ranking_epss":0.80053,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43529"],"published_time":"2024-10-08T18:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43532","summary":"Remote Registry Service Elevation of Privilege Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.61411,"ranking_epss":0.98331,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43532"],"published_time":"2024-10-08T18:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43534","summary":"Windows Graphics Component Information Disclosure Vulnerability","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00607,"ranking_epss":0.69726,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43534"],"published_time":"2024-10-08T18:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43535","summary":"Windows Kernel-Mode Driver Elevation of Privilege Vulnerability","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00514,"ranking_epss":0.666,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43535"],"published_time":"2024-10-08T18:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43524","summary":"Windows Mobile Broadband Driver Remote Code Execution Vulnerability","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00497,"ranking_epss":0.65891,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43524"],"published_time":"2024-10-08T18:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43525","summary":"Windows Mobile Broadband Driver Remote Code Execution Vulnerability","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00452,"ranking_epss":0.63763,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43525"],"published_time":"2024-10-08T18:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43526","summary":"Windows Mobile Broadband Driver Remote Code Execution Vulnerability","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00452,"ranking_epss":0.63763,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43526"],"published_time":"2024-10-08T18:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43528","summary":"Windows Secure Kernel Mode Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00628,"ranking_epss":0.70299,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43528"],"published_time":"2024-10-08T18:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43520","summary":"Windows Kernel Denial of Service Vulnerability","cvss":5.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.0,"cvss_v4":null,"epss":0.00449,"ranking_epss":0.63631,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43520"],"published_time":"2024-10-08T18:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43523","summary":"Windows Mobile Broadband Driver Remote Code Execution Vulnerability","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00452,"ranking_epss":0.63763,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43523"],"published_time":"2024-10-08T18:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43515","summary":"Internet Small Computer Systems Interface (iSCSI) Denial of Service Vulnerability","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.03216,"ranking_epss":0.87058,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43515"],"published_time":"2024-10-08T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43516","summary":"Windows Secure Kernel Mode Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00628,"ranking_epss":0.70299,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43516"],"published_time":"2024-10-08T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43517","summary":"Microsoft ActiveX Data Objects Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.08063,"ranking_epss":0.92143,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43517"],"published_time":"2024-10-08T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43518","summary":"Windows Telephony Server Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.08063,"ranking_epss":0.92143,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43518"],"published_time":"2024-10-08T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43519","summary":"Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.07097,"ranking_epss":0.91545,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43519"],"published_time":"2024-10-08T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43509","summary":"Windows Graphics Component Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00628,"ranking_epss":0.70299,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43509"],"published_time":"2024-10-08T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43511","summary":"Windows Kernel Elevation of Privilege Vulnerability","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00208,"ranking_epss":0.43191,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43511"],"published_time":"2024-10-08T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43513","summary":"BitLocker Security Feature Bypass Vulnerability","cvss":6.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.4,"cvss_v4":null,"epss":0.00345,"ranking_epss":0.57116,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43513"],"published_time":"2024-10-08T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43514","summary":"Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00628,"ranking_epss":0.70299,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43514"],"published_time":"2024-10-08T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43506","summary":"BranchCache Denial of Service Vulnerability","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.09955,"ranking_epss":0.93048,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43506"],"published_time":"2024-10-08T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43501","summary":"Windows Common Log File System Driver Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0071,"ranking_epss":0.7228,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43501"],"published_time":"2024-10-08T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43502","summary":"Windows Kernel Elevation of Privilege Vulnerability","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.08688,"ranking_epss":0.92491,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43502"],"published_time":"2024-10-08T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43483","summary":".NET, .NET Framework, and Visual Studio Denial of Service Vulnerability","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00738,"ranking_epss":0.72894,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43483"],"published_time":"2024-10-08T18:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43484","summary":".NET, .NET Framework, and Visual Studio Denial of Service Vulnerability","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0121,"ranking_epss":0.79015,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43484","https://security.netapp.com/advisory/ntap-20250328-0007/"],"published_time":"2024-10-08T18:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38149","summary":"BranchCache Denial of Service Vulnerability","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.09955,"ranking_epss":0.93048,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38149"],"published_time":"2024-10-08T18:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-37982","summary":"Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"cvss_v4":null,"epss":0.00193,"ranking_epss":0.41313,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37982"],"published_time":"2024-10-08T18:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-37983","summary":"Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"cvss_v4":null,"epss":0.00247,"ranking_epss":0.47983,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37983"],"published_time":"2024-10-08T18:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-20659","summary":"Windows Hyper-V Security Feature Bypass Vulnerability","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00585,"ranking_epss":0.69104,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20659"],"published_time":"2024-10-08T18:15:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-30092","summary":"Windows Hyper-V Remote Code Execution Vulnerability","cvss":8.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.0,"cvss_v4":null,"epss":0.00399,"ranking_epss":0.6067,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30092"],"published_time":"2024-10-08T18:15:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-37976","summary":"Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"cvss_v4":null,"epss":0.00898,"ranking_epss":0.75682,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37976"],"published_time":"2024-10-08T18:15:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43487","summary":"Windows Mark of the Web Security Feature Bypass Vulnerability","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.05122,"ranking_epss":0.89869,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43487"],"published_time":"2024-09-10T17:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43461","summary":"Windows MSHTML Platform Spoofing Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.10842,"ranking_epss":0.9339,"kev":true,"propose_action":"Microsoft Windows MSHTML Platform contains a user interface (UI) misrepresentation of critical information vulnerability that allows an attacker to spoof a web page. This vulnerability was exploited in conjunction with CVE-2024-38112.","ransomware_campaign":"Unknown","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43461","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-43461"],"published_time":"2024-09-10T17:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38249","summary":"Windows Graphics Component Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00626,"ranking_epss":0.70237,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38249"],"published_time":"2024-09-10T17:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38245","summary":"Kernel Streaming Service Driver Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0059,"ranking_epss":0.69214,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38245"],"published_time":"2024-09-10T17:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38246","summary":"Win32k Elevation of Privilege Vulnerability","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00263,"ranking_epss":0.49718,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38246"],"published_time":"2024-09-10T17:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38247","summary":"Windows Graphics Component Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00357,"ranking_epss":0.57992,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38247"],"published_time":"2024-09-10T17:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38248","summary":"Windows Storage Elevation of Privilege Vulnerability","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00263,"ranking_epss":0.49718,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38248"],"published_time":"2024-09-10T17:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38241","summary":"Kernel Streaming Service Driver Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.03447,"ranking_epss":0.8752,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38241"],"published_time":"2024-09-10T17:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38242","summary":"Kernel Streaming Service Driver Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.03813,"ranking_epss":0.8812,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38242"],"published_time":"2024-09-10T17:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38243","summary":"Kernel Streaming Service Driver Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00403,"ranking_epss":0.60906,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38243"],"published_time":"2024-09-10T17:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38244","summary":"Kernel Streaming Service Driver Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.01978,"ranking_epss":0.83599,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38244"],"published_time":"2024-09-10T17:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38237","summary":"Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.02894,"ranking_epss":0.86341,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38237"],"published_time":"2024-09-10T17:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38238","summary":"Kernel Streaming Service Driver Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00418,"ranking_epss":0.61831,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38238"],"published_time":"2024-09-10T17:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38239","summary":"Windows Kerberos Elevation of Privilege Vulnerability","cvss":7.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.2,"cvss_v4":null,"epss":0.04068,"ranking_epss":0.8855,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38239"],"published_time":"2024-09-10T17:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38240","summary":"Windows Remote Access Connection Manager Elevation of Privilege Vulnerability","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.02442,"ranking_epss":0.85202,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38240"],"published_time":"2024-09-10T17:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38234","summary":"Windows Networking Denial of Service Vulnerability","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00381,"ranking_epss":0.59555,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38234"],"published_time":"2024-09-10T17:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38235","summary":"Windows Hyper-V Denial of Service Vulnerability","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00148,"ranking_epss":0.35263,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38235"],"published_time":"2024-09-10T17:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38217","summary":"Windows Mark of the Web Security Feature Bypass Vulnerability","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.12116,"ranking_epss":0.9383,"kev":true,"propose_action":"Microsoft Windows Mark of the Web (MOTW) contains a protection mechanism failure vulnerability that allows an attacker to bypass MOTW-based defenses. This can result in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.","ransomware_campaign":"Unknown","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38217","https://www.elastic.co/security-labs/dismantling-smart-app-control","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38217"],"published_time":"2024-09-10T17:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38045","summary":"Windows TCP/IP Remote Code Execution Vulnerability","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.02465,"ranking_epss":0.85276,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38045"],"published_time":"2024-09-10T17:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38014","summary":"Windows Installer Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.12828,"ranking_epss":0.94057,"kev":true,"propose_action":"Microsoft Windows Installer contains an improper privilege management vulnerability that could allow an attacker to gain SYSTEM privileges.","ransomware_campaign":"Unknown","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38014","http://seclists.org/fulldisclosure/2024/Sep/43","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38014"],"published_time":"2024-09-10T17:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-30073","summary":"Windows Security Zone Mapping Security Feature Bypass Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00322,"ranking_epss":0.55343,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30073"],"published_time":"2024-09-10T17:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-21416","summary":"Windows TCP/IP Remote Code Execution Vulnerability","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.02417,"ranking_epss":0.8514,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21416"],"published_time":"2024-09-10T17:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38163","summary":"Windows Update Stack Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00808,"ranking_epss":0.74246,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38163"],"published_time":"2024-08-14T00:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38215","summary":"Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00727,"ranking_epss":0.72661,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38215"],"published_time":"2024-08-13T18:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38223","summary":"Windows Initial Machine Configuration Elevation of Privilege Vulnerability","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00147,"ranking_epss":0.35202,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38223"],"published_time":"2024-08-13T18:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38213","summary":"Windows Mark of the Web Security Feature Bypass Vulnerability","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.59323,"ranking_epss":0.98248,"kev":true,"propose_action":"Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience via a malicious file.","ransomware_campaign":"Unknown","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38213","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38213"],"published_time":"2024-08-13T18:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38198","summary":"Windows Print Spooler Elevation of Privilege Vulnerability","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.02517,"ranking_epss":0.85432,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38198"],"published_time":"2024-08-13T18:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38199","summary":"Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.04572,"ranking_epss":0.89223,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38199"],"published_time":"2024-08-13T18:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38193","summary":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.74832,"ranking_epss":0.98867,"kev":true,"propose_action":"Microsoft Windows Ancillary Function Driver for WinSock contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges.","ransomware_campaign":"Unknown","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38193","https://www.exploit-db.com/exploits/52284","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38193"],"published_time":"2024-08-13T18:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38196","summary":"Windows Common Log File System Driver Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.08292,"ranking_epss":0.92264,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38196"],"published_time":"2024-08-13T18:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38186","summary":"Windows Kernel-Mode Driver Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00225,"ranking_epss":0.45246,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38186","https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1966"],"published_time":"2024-08-13T18:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38187","summary":"Windows Kernel-Mode Driver Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00376,"ranking_epss":0.59235,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38187","https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1969"],"published_time":"2024-08-13T18:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38191","summary":"Kernel Streaming Service Driver Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00284,"ranking_epss":0.51902,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38191"],"published_time":"2024-08-13T18:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38178","summary":"Scripting Engine Memory Corruption Vulnerability","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.30231,"ranking_epss":0.9669,"kev":true,"propose_action":"Microsoft Windows Scripting Engine contains a memory corruption vulnerability that allows unauthenticated attacker to initiate remote code execution via a specially crafted URL.","ransomware_campaign":"Unknown","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38178","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38178"],"published_time":"2024-08-13T18:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38180","summary":"Windows SmartScreen Security Feature Bypass Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.06536,"ranking_epss":0.91148,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38180"],"published_time":"2024-08-13T18:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38184","summary":"Windows Kernel-Mode Driver Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00333,"ranking_epss":0.56205,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38184","https://massgrave.dev/blog/keyhole","https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1964"],"published_time":"2024-08-13T18:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38185","summary":"Windows Kernel-Mode Driver Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00266,"ranking_epss":0.50105,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38185","https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1965"],"published_time":"2024-08-13T18:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38161","summary":"Windows Mobile Broadband Driver Remote Code Execution Vulnerability","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00351,"ranking_epss":0.57583,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38161"],"published_time":"2024-08-13T18:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38155","summary":"Security Center Broker Information Disclosure Vulnerability","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00134,"ranking_epss":0.33084,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38155"],"published_time":"2024-08-13T18:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38151","summary":"Windows Kernel Information Disclosure Vulnerability","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00259,"ranking_epss":0.49277,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38151"],"published_time":"2024-08-13T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38152","summary":"Windows OLE Remote Code Execution Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00962,"ranking_epss":0.76545,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38152"],"published_time":"2024-08-13T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38153","summary":"Windows Kernel Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00138,"ranking_epss":0.33812,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38153"],"published_time":"2024-08-13T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38146","summary":"Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.17315,"ranking_epss":0.95057,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38146"],"published_time":"2024-08-13T18:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38147","summary":"Microsoft DWM Core Library Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.05171,"ranking_epss":0.89919,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38147"],"published_time":"2024-08-13T18:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38150","summary":"Windows DWM Core Library Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.06806,"ranking_epss":0.91351,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38150"],"published_time":"2024-08-13T18:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38142","summary":"Windows Secure Kernel Mode Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00226,"ranking_epss":0.45471,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38142"],"published_time":"2024-08-13T18:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38143","summary":"Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability","cvss":4.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.2,"cvss_v4":null,"epss":0.04298,"ranking_epss":0.88884,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38143"],"published_time":"2024-08-13T18:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38144","summary":"Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.79806,"ranking_epss":0.991,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38144"],"published_time":"2024-08-13T18:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38145","summary":"Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.17315,"ranking_epss":0.95057,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38145"],"published_time":"2024-08-13T18:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38137","summary":"Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00194,"ranking_epss":0.41392,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38137"],"published_time":"2024-08-13T18:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38140","summary":"Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.05043,"ranking_epss":0.89778,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38140","https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2062"],"published_time":"2024-08-13T18:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38141","summary":"Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.06806,"ranking_epss":0.91351,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38141"],"published_time":"2024-08-13T18:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38132","summary":"Windows Network Address Translation (NAT) Denial of Service Vulnerability","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.11171,"ranking_epss":0.93515,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38132"],"published_time":"2024-08-13T18:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38133","summary":"Windows Kernel Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00329,"ranking_epss":0.55889,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38133"],"published_time":"2024-08-13T18:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38134","summary":"Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00628,"ranking_epss":0.70299,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38134"],"published_time":"2024-08-13T18:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38136","summary":"Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00194,"ranking_epss":0.41392,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38136"],"published_time":"2024-08-13T18:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38130","summary":"Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.05934,"ranking_epss":0.90643,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38130"],"published_time":"2024-08-13T18:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38131","summary":"Clipboard Virtual Channel Extension Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01485,"ranking_epss":0.81061,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38131"],"published_time":"2024-08-13T18:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38125","summary":"Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.09427,"ranking_epss":0.92808,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38125"],"published_time":"2024-08-13T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38126","summary":"Windows Network Address Translation (NAT) Denial of Service Vulnerability","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.12279,"ranking_epss":0.93885,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38126"],"published_time":"2024-08-13T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38127","summary":"Windows Hyper-V Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.08077,"ranking_epss":0.92152,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38127"],"published_time":"2024-08-13T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38122","summary":"Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00516,"ranking_epss":0.6673,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38122"],"published_time":"2024-08-13T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38115","summary":"Windows IP Routing Management Snapin Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.08063,"ranking_epss":0.92143,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38115"],"published_time":"2024-08-13T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38116","summary":"Windows IP Routing Management Snapin Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.11979,"ranking_epss":0.93793,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38116"],"published_time":"2024-08-13T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38117","summary":"NTFS Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00628,"ranking_epss":0.70299,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38117"],"published_time":"2024-08-13T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38118","summary":"Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00335,"ranking_epss":0.56362,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38118"],"published_time":"2024-08-13T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38114","summary":"Windows IP Routing Management Snapin Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.08063,"ranking_epss":0.92143,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38114"],"published_time":"2024-08-13T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38063","summary":"Windows TCP/IP Remote Code Execution Vulnerability","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.89875,"ranking_epss":0.99574,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063"],"published_time":"2024-08-13T18:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38106","summary":"Windows Kernel Elevation of Privilege Vulnerability","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.0075,"ranking_epss":0.73186,"kev":true,"propose_action":"Microsoft Windows Kernel contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges. Successful exploitation of this vulnerability requires an attacker to win a race condition.","ransomware_campaign":"Unknown","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38106","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38106"],"published_time":"2024-08-13T18:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38107","summary":"Windows Power Dependency Coordinator Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.03353,"ranking_epss":0.87345,"kev":true,"propose_action":"Microsoft Windows Power Dependency Coordinator contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to obtain SYSTEM privileges.","ransomware_campaign":"Unknown","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38107","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38107"],"published_time":"2024-08-13T18:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-29995","summary":"Windows Kerberos Elevation of Privilege Vulnerability","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.06141,"ranking_epss":0.90834,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29995"],"published_time":"2024-08-13T18:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38202","summary":"Summary\nMicrosoft was notified that an elevation of privilege vulnerability exists in Windows Update, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS). However, an attacker attempting to exploit this vulnerability requires additional interaction by a privileged user to be successful.\nMicrosoft has developed a security update to mitigate this threat which was made available October 08, 2024 and is provided in the Security Updates table of this CVE for customers to download. Note: Depending on your version of Windows, additional steps may be required to update Windows Recovery Environment (WinRE) to be protected from this vulnerability. Please refer to the FAQ section for more information. Guidance for customers who cannot immediately implement the update is provided in the Recommended Actions section of this CVE to help reduce the risks associated with this vulnerability and to protect their systems.\nIf there are any further updates regarding mitigations for this vulnerability, this CVE will be updated and customers will be notified. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert if an update occurs.\nDetails\nA security researcher informed Microsoft of an elevation of privilege vulnerability in Windows Update potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of VBS. For exploitation to succeed, an attacker must trick or convince an Administrator or a user with delegated permissions into performing a system restore which inadvertently triggers the vulnerability.\nMicrosoft has developed a security update to mitigate this threat which was made available October 08, 2024 and is provided in the Security Updates table of this CVE for customers to download. Note: Depending on your version of Windows, additional steps may be required to update Windows Recovery Environment (WinRE) to be protected from this vulnerability. Please refer to the FAQ section for more information. Guidance for customers who cannot immediately implement the update is provided in the Recommended Actions section of this CVE to help reduce the risks associated with this vulnerability and to protect their systems.\nIf there are any further... See more at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38202","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"cvss_v4":null,"epss":0.02603,"ranking_epss":0.85648,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38202","https://www.vicarius.io/vsociety/posts/cve-2024-38202-potential-elevation-of-privilege-vulnerability-in-windows-backup-detection-script","https://www.vicarius.io/vsociety/posts/cve-2024-38202-potential-elevation-of-privilege-vulnerability-in-windows-backup-mitigation-script"],"published_time":"2024-08-08T02:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-21302","summary":"Summary:\nAs of July 8, 2025 Microsoft has completed mitigations to address this vulnerability. See KB5042562: Guidance for blocking rollback of virtualization-based security related updates and the Recommended Actions section of this CVE for guidance on how to protect your systems from this vulnerability.\nAn elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security (VBS), including a subset of Azure Virtual Machine SKUS. This vulnerability enables an attacker with administrator privileges to replace current versions of Windows system files with outdated versions. By exploiting this vulnerability, an attacker could reintroduce previously mitigated vulnerabilities, circumvent some features of VBS, and exfiltrate data protected by VBS.\nUpdate: July 10, 2025\nMicrosoft has addressed this vulnerability for Windows 10 1507, Windows 10, version 1607, Windows 10, version 1809, and Windows Server 2016 and Windows Server 2018. This ensures that mitigations are available to protect all supported versions of Windows 10 and Windows 11 from this vulnerability. See the available mitigations and deployment guidelines described in KB5042562: Guidance for blocking rollback of virtualization-based security related updates.\nUpdate: August 13, 2024\nMicrosoft has released the August 2024 security updates that include an opt-in revocation policy mitigation to address this vulnerability. Customers running affected versions of Windows are encouraged to review KB5042562: Guidance for blocking rollback of virtualization-based security related updates to assess if this opt-in policy meets the needs of their environment before implementing this mitigation. There are risks associated with this mitigation that should be understood prior to applying it to your systems. Detailed information about these risks is also available in KB5042562.\nDetails:\nA security researcher informed Microsoft of an elevation of privilege vulnerability in Windows 10, Windows 11, Windows Server 2016, and higher based systems including Azure Virtual Machines (VM) that support VBS. For more information on Windows versions and VM SKUs supporting VBS, reference: Virtualization-based Security (VBS) | Microsoft Learn.\nThe vulnerability enables an attacker with administrator privileges on the target system to replace current Windows system files with outdated versions. Successful... See more at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21302","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"cvss_v4":null,"epss":0.01108,"ranking_epss":0.7815,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21302"],"published_time":"2024-08-08T02:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-7553","summary":"Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined by the contents of untrusted files. This issue affects MongoDB Server v5.0 versions prior to 5.0.27, MongoDB Server v6.0 versions prior to 6.0.16, MongoDB Server v7.0 versions prior to 7.0.12, MongoDB Server v7.3 versions prior 7.3.3, MongoDB C Driver versions prior to 1.26.2 and MongoDB PHP Driver versions prior to 1.18.1.\n\nRequired Configuration:\n\nOnly environments with Windows as the underlying operating system is affected by this issue","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"cvss_v4":null,"epss":0.00223,"ranking_epss":0.44963,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://jira.mongodb.org/browse/CDRIVER-5650","https://jira.mongodb.org/browse/PHPC-2369","https://jira.mongodb.org/browse/SERVER-93211"],"published_time":"2024-08-07T10:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-21417","summary":"Windows Text Services Framework Elevation of Privilege Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01794,"ranking_epss":0.82797,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21417","https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21417"],"published_time":"2024-07-10T00:15:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38102","summary":"Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00845,"ranking_epss":0.74821,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38102","https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38102"],"published_time":"2024-07-09T17:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38104","summary":"Windows Fax Service Remote Code Execution Vulnerability","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.06746,"ranking_epss":0.91312,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38104","https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38104"],"published_time":"2024-07-09T17:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38105","summary":"Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00817,"ranking_epss":0.74379,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38105","https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38105"],"published_time":"2024-07-09T17:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38112","summary":"Windows MSHTML Platform Spoofing Vulnerability","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.92959,"ranking_epss":0.99779,"kev":true,"propose_action":"Microsoft Windows MSHTML Platform contains a spoofing vulnerability that has a high impact to confidentiality, integrity, and availability.","ransomware_campaign":"Unknown","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38112","https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38112","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38112"],"published_time":"2024-07-09T17:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38101","summary":"Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00635,"ranking_epss":0.70442,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38101","https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38101"],"published_time":"2024-07-09T17:15:46","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38091","summary":"Microsoft WS-Discovery Denial of Service Vulnerability","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.11055,"ranking_epss":0.93469,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38091","https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38091"],"published_time":"2024-07-09T17:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38085","summary":"Windows Graphics Component Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.04328,"ranking_epss":0.88931,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38085","https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38085"],"published_time":"2024-07-09T17:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38079","summary":"Windows Graphics Component Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00743,"ranking_epss":0.73062,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38079","https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38079"],"published_time":"2024-07-09T17:15:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38081","summary":".NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"cvss_v4":null,"epss":0.008,"ranking_epss":0.74097,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38081","https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38081"],"published_time":"2024-07-09T17:15:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38070","summary":"Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.008,"ranking_epss":0.74108,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38070","https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38070"],"published_time":"2024-07-09T17:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38066","summary":"Windows Win32k Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00519,"ranking_epss":0.66815,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38066","https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38066"],"published_time":"2024-07-09T17:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38068","summary":"Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.05152,"ranking_epss":0.899,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38068","https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38068"],"published_time":"2024-07-09T17:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38069","summary":"Windows Enroll Engine Security Feature Bypass Vulnerability","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00248,"ranking_epss":0.48162,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38069","https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38069"],"published_time":"2024-07-09T17:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-38062","summary":"Windows Kernel-Mode Driver Elevation of Privilege Vulnerability","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.057,"ranking_epss":0.90429,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38062","https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38062","https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1968","https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1970","https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1971","https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1988"],"published_time":"2024-07-09T17:15:38","vendor":null,"product":null,"version":null}]}