Common Vulnerabilities and Exposures (CVE)
CVE-2025-29812
Untrusted pointer dereference in Windows Kernel Memory allows an authorized attacker to elevate privileges locally.
CVE-2025-29810
Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network.
CVE-2025-29805
Exposure of sensitive information to an unauthorized actor in Outlook for Android allows an unauthorized attacker to disclose information over a network.
CVE-2025-29808
Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.
CVE-2025-29809
Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally.
CVE-2025-29804
Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.
CVE-2025-29801
Incorrect default permissions in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.
CVE-2025-29802
Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.
CVE-2025-29800
Improper privilege management in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.
CVE-2025-29803
Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally.
CVE-2025-27739
Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2025-27738
Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network.
CVE-2025-27737
Improper input validation in Windows Security Zone Mapping allows an unauthorized attacker to bypass a security feature locally.
CVE-2025-27736
Exposure of sensitive information to an unauthorized actor in Windows Power Dependency Coordinator allows an authorized attacker to disclose information locally.
CVE-2025-27735
Insufficient verification of data authenticity in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.