Common Vulnerabilities and Exposures (CVE)

CVE-2025-59497

Nov 19, 2025 23:45:20 UTC

Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Linux allows an authorized attacker to deny service locally.

CVE-2025-59289

Nov 19, 2025 23:45:19 UTC

Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.

CVE-2025-59287

Nov 19, 2025 23:45:19 UTC

Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

CVE-2025-59285

Nov 19, 2025 23:45:18 UTC

Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.

CVE-2025-59278

Nov 19, 2025 23:45:17 UTC

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.

CVE-2025-59275

Nov 19, 2025 23:45:17 UTC

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.

CVE-2025-59261

Nov 19, 2025 23:45:16 UTC

Time-of-check time-of-use (toctou) race condition in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

CVE-2025-59253

Nov 19, 2025 23:45:16 UTC

Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny service locally.

CVE-2025-59230

Nov 19, 2025 23:45:15 UTC

Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.

CVE-2025-59248

Nov 19, 2025 23:45:14 UTC

Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

CVE-2025-59244

Nov 19, 2025 23:45:14 UTC

External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network.

CVE-2025-59241

Nov 19, 2025 23:45:13 UTC

Improper link resolution before file access ('link following') in Windows Health and Optimized Experiences Service allows an authorized attacker to elevate privileges locally.

CVE-2025-59238

Nov 19, 2025 23:45:13 UTC

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

CVE-2025-59232

Nov 19, 2025 23:45:12 UTC

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

CVE-2025-59229

Nov 19, 2025 23:45:11 UTC

Uncaught exception in Microsoft Office allows an unauthorized attacker to deny service locally.