Common Vulnerabilities and Exposures (CVE)

CVE-2025-64666

Feb 20, 2026 15:59:17 UTC

Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.

CVE-2025-64667

Feb 20, 2026 15:59:16 UTC

User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

CVE-2025-64658

Feb 20, 2026 15:59:15 UTC

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally.

CVE-2025-62573

Feb 20, 2026 15:59:15 UTC

Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.

CVE-2025-62572

Feb 20, 2026 15:59:14 UTC

Out-of-bounds read in Application Information Services allows an authorized attacker to elevate privileges locally.

CVE-2025-62571

Feb 20, 2026 15:59:13 UTC

Improper input validation in Windows Installer allows an authorized attacker to elevate privileges locally.

CVE-2025-62564

Feb 20, 2026 15:59:13 UTC

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-62563

Feb 20, 2026 15:59:12 UTC

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-62562

Feb 20, 2026 15:59:11 UTC

Use after free in Microsoft Office Outlook allows an unauthorized attacker to execute code locally.

CVE-2025-62561

Feb 20, 2026 15:59:11 UTC

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-62549

Feb 20, 2026 15:59:10 UTC

Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

CVE-2025-62473

Feb 20, 2026 15:59:09 UTC

Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

CVE-2025-62472

Feb 20, 2026 15:59:09 UTC

Use of uninitialized resource in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.

CVE-2025-62470

Feb 20, 2026 15:59:08 UTC

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

CVE-2025-62469

Feb 20, 2026 15:59:07 UTC

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.