Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows 11 23h2
Subscriptions
Total
1253 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-38013 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2025-12-09 | 6.7 Medium |
| Microsoft Windows Server Backup Elevation of Privilege Vulnerability | ||||
| CVE-2024-37987 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2025-12-09 | 8 High |
| Secure Boot Security Feature Bypass Vulnerability | ||||
| CVE-2024-37986 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2025-12-09 | 8 High |
| Secure Boot Security Feature Bypass Vulnerability | ||||
| CVE-2024-37985 | 1 Microsoft | 4 Windows 11 22h2, Windows 11 22h2, Windows 11 23h2 and 1 more | 2025-12-09 | 5.9 Medium |
| Windows Kernel Information Disclosure Vulnerability | ||||
| CVE-2024-37981 | 1 Microsoft | 15 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 12 more | 2025-12-09 | 8 High |
| Secure Boot Security Feature Bypass Vulnerability | ||||
| CVE-2024-37974 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2025-12-09 | 8 High |
| Secure Boot Security Feature Bypass Vulnerability | ||||
| CVE-2024-37970 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2025-12-09 | 8 High |
| Secure Boot Security Feature Bypass Vulnerability | ||||
| CVE-2024-37969 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2025-12-09 | 8 High |
| Secure Boot Security Feature Bypass Vulnerability | ||||
| CVE-2024-35270 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2025-12-09 | 5.3 Medium |
| Windows iSCSI Service Denial of Service Vulnerability | ||||
| CVE-2024-30081 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2025-12-09 | 7.1 High |
| Windows NTLM Spoofing Vulnerability | ||||
| CVE-2024-28899 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2025-12-09 | 8.8 High |
| Secure Boot Security Feature Bypass Vulnerability | ||||
| CVE-2024-21417 | 1 Microsoft | 15 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 12 more | 2025-12-09 | 8.8 High |
| Windows Text Services Framework Elevation of Privilege Vulnerability | ||||
| CVE-2025-9491 | 1 Microsoft | 2 Windows, Windows 11 23h2 | 2025-12-05 | 3.3 Low |
| Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of .LNK files. Crafted data in an .LNK file can cause hazardous content in the file to be invisible to a user who inspects the file via the Windows-provided user interface. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25373. | ||||
| CVE-2023-38039 | 4 Fedoraproject, Haxx, Microsoft and 1 more | 11 Fedora, Curl, Windows 10 1809 and 8 more | 2025-12-02 | 7.5 High |
| When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it would accept in a response, allowing a malicious server to stream an endless series of headers and eventually cause curl to run out of heap memory. | ||||
| CVE-2025-59220 | 1 Microsoft | 19 Windows, Windows 10, Windows 10 21h2 and 16 more | 2025-11-20 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55229 | 1 Microsoft | 17 Windows, Windows 10, Windows 10 1507 and 14 more | 2025-11-10 | 5.3 Medium |
| Improper verification of cryptographic signature in Windows Certificates allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-48807 | 1 Microsoft | 17 Hyper-v, Server, Windows and 14 more | 2025-11-10 | 6.7 Medium |
| Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally. | ||||
| CVE-2025-53789 | 1 Microsoft | 17 Server, Windows, Windows 10 1507 and 14 more | 2025-11-10 | 7.8 High |
| Missing authentication for critical function in Windows StateRepository API allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-53778 | 1 Microsoft | 21 Windows, Windows 10, Windows 10 1507 and 18 more | 2025-11-10 | 8.8 High |
| Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-50155 | 1 Microsoft | 19 Server, Windows, Windows 10 1507 and 16 more | 2025-11-10 | 7.8 High |
| Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | ||||