Vulnerabilities (CVE)

  1. Yack CVE
  2. Vulnerabilities (CVE)
Filtered by vendor Microsoft
Angry Yack Logo
Total 22989 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-27482 1 Microsoft 5 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 2 more 2025-07-08 N/A 8.1 HIGH
Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
CVE-2025-27481 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more 2025-07-08 N/A 8.8 HIGH
Stack-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
CVE-2025-27480 1 Microsoft 6 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 3 more 2025-07-08 N/A 8.1 HIGH
Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
CVE-2025-27479 1 Microsoft 6 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 3 more 2025-07-08 N/A 7.5 HIGH
Insufficient resource pool in Windows Kerberos allows an unauthorized attacker to deny service over a network.
CVE-2025-27478 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more 2025-07-08 N/A 7.0 HIGH
Heap-based buffer overflow in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally.
CVE-2025-27477 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more 2025-07-08 N/A 8.8 HIGH
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
CVE-2025-27476 1 Microsoft 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more 2025-07-08 N/A 7.8 HIGH
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.
CVE-2025-27475 1 Microsoft 3 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 2025-07-08 N/A 7.0 HIGH
Sensitive data storage in improperly locked memory in Windows Update Stack allows an authorized attacker to elevate privileges locally.
CVE-2025-27474 1 Microsoft 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more 2025-07-08 N/A 6.5 MEDIUM
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-27473 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more 2025-07-08 N/A 7.5 HIGH
Uncontrolled resource consumption in Windows HTTP.sys allows an unauthorized attacker to deny service over a network.
CVE-2025-27472 1 Microsoft 2 Windows 10 1507, Windows Server 2012 2025-07-08 N/A 5.4 MEDIUM
Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network.
CVE-2025-27471 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more 2025-07-08 N/A 5.9 MEDIUM
Sensitive data storage in improperly locked memory in Microsoft Streaming Service allows an unauthorized attacker to deny service over a network.
CVE-2025-27470 1 Microsoft 5 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 2 more 2025-07-08 N/A 7.5 HIGH
Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
CVE-2025-27469 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more 2025-07-08 N/A 7.5 HIGH
Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.
CVE-2025-27467 1 Microsoft 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more 2025-07-08 N/A 7.8 HIGH
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.
CVE-2024-43186 3 Ibm, Linux, Microsoft 4 Aix, Infosphere Information Server, Linux Kernel and 1 more 2025-07-08 N/A 5.3 MEDIUM
IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that is stored locally under certain conditions.
CVE-2024-7577 3 Ibm, Linux, Microsoft 4 Aix, Infosphere Information Server, Linux Kernel and 1 more 2025-07-08 N/A 4.4 MEDIUM
IBM InfoSphere Information Server 11.7 could disclose sensitive user credentials from log files during new installation of the product.
CVE-2024-55895 3 Ibm, Linux, Microsoft 4 Aix, Infosphere Information Server, Linux Kernel and 1 more 2025-07-08 N/A 2.7 LOW
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVE-2025-27492 1 Microsoft 6 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 and 3 more 2025-07-08 N/A 7.0 HIGH
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally.
CVE-2025-49741 1 Microsoft 1 Edge Chromium 2025-07-08 N/A 7.4 HIGH
No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.
CVE-2025-27491 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2025-07-08 N/A 7.1 HIGH
Use after free in Windows Hyper-V allows an authorized attacker to execute code over a network.
CVE-2025-21384 1 Microsoft 1 Azure Health Bot 2025-07-08 N/A 8.3 HIGH
An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.
CVE-2025-27490 1 Microsoft 8 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 5 more 2025-07-08 N/A 7.8 HIGH
Heap-based buffer overflow in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
CVE-2025-27486 1 Microsoft 5 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 2 more 2025-07-08 N/A 7.5 HIGH
Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
CVE-2025-27485 1 Microsoft 5 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 2 more 2025-07-08 N/A 7.5 HIGH
Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
CVE-2025-32726 1 Microsoft 1 Visual Studio Code 2025-07-08 N/A 6.8 MEDIUM
Improper access control in Visual Studio Code allows an authorized attacker to elevate privileges locally.
CVE-2025-29823 1 Microsoft 1 365 Apps 2025-07-08 N/A 7.8 HIGH
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-29822 1 Microsoft 3 Office, Office Long Term Servicing Channel, Onenote 2025-07-08 N/A 7.8 HIGH
Incomplete list of disallowed inputs in Microsoft Office OneNote allows an unauthorized attacker to bypass a security feature locally.
CVE-2025-29820 1 Microsoft 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more 2025-07-08 N/A 7.8 HIGH
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-27732 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more 2025-07-08 N/A 7.0 HIGH
Sensitive data storage in improperly locked memory in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2025-27731 1 Microsoft 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more 2025-07-08 N/A 7.8 HIGH
Improper input validation in OpenSSH for Windows allows an authorized attacker to elevate privileges locally.
CVE-2025-4540 2 Lodop, Microsoft 2 C-lodop, Windows 2025-07-08 6.0 MEDIUM 7.0 HIGH
A vulnerability was found in MTSoftware C-Lodop 6.6.1.1 on Windows. It has been rated as critical. This issue affects some unknown processing of the component CLodopPrintService. The manipulation leads to unquoted search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 6.6.13 is able to address this issue. It is recommended to u ...

Show More
CVE-2025-27730 1 Microsoft 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more 2025-07-08 N/A 7.8 HIGH
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.
CVE-2025-27729 1 Microsoft 6 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 3 more 2025-07-08 N/A 7.8 HIGH
Use after free in Windows Shell allows an unauthorized attacker to execute code locally.
CVE-2025-27728 1 Microsoft 2 Windows 11 24h2, Windows Server 2025 2025-07-08 N/A 7.8 HIGH
Out-of-bounds read in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
CVE-2025-27727 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more 2025-07-08 N/A 7.8 HIGH
Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally.
CVE-2025-47966 1 Microsoft 1 Power Automate For Desktop 2025-07-08 N/A 9.8 CRITICAL
Exposure of sensitive information to an unauthorized actor in Power Automate allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-29817 1 Microsoft 1 Power Automate For Desktop 2025-07-08 N/A 5.7 MEDIUM
Uncontrolled search path element in Power Automate allows an authorized attacker to disclose information over a network.
CVE-2025-49713 1 Microsoft 1 Edge Chromium 2025-07-08 N/A 8.8 HIGH
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2025-29825 1 Microsoft 1 Edge Chromium 2025-07-08 N/A 6.5 MEDIUM
User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.