Total
2377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-59282 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2026-06-17 | N/A | 7.0 HIGH |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Inbox COM Objects allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-59220 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 5 more | 2026-06-17 | N/A | 7.0 HIGH |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-59216 | 1 Microsoft | 2 Windows 11 24h2, Windows Server 2025 | 2026-06-17 | N/A | 7.0 HIGH |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-59205 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2026-06-17 | N/A | 7.0 HIGH |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-59200 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2026-06-17 | N/A | 7.7 HIGH |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Data Sharing Service Client allows an unauthorized attacker to perform spoofing locally. | |||||
| CVE-2025-59196 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2026-06-17 | N/A | 7.0 HIGH |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-59195 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 8 more | 2026-06-17 | N/A | 7.0 HIGH |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to deny service locally. | |||||
| CVE-2025-59193 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 8 more | 2026-06-17 | N/A | 7.0 HIGH |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-59052 | 2026-06-17 | N/A | N/A | ||
| Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Angular uses a DI container (the "platform injector") to hold request-specific state during server-side rendering. For historical reasons, the container was stored as a JavaScript module-scoped global variable. When multiple requests are processed concurrently, they could inadvertently share or overwrite the global injector state. In practical terms, this can lead to one request responding with data meant for a completely different request, leaking data or tokens included on the rendered page or in response headers. As long as an attacker had network access to send any traffic that received a rendered response, they may have been able to send a large number of requests and then inspect the responses for information leaks. The APIs `bootstrapApplication`, `getPlatform`, and `destroyPlatform` were vulnerable and required SSR-only breaking changes. The issue has been patched in all active release lines as well as in the v21 prerelease. Patched packages include `@angular/platform-server` 21.0.0-next.3, 20.3.0, 19.2.15, and 18.2.14 and `@angular/ssr` 21.0.0-next.3, 20.3.0, 19.2.16, and 18.2.21. Several workarounds are available. Disable SSR via Server Routes or builder options, remove any asynchronous behavior from custom `bootstrap` functions, remove uses of `getPlatform()` in application code, and/or ensure that the server build defines `ngJitMode` as false. | |||||
| CVE-2025-58727 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 5 more | 2026-06-17 | N/A | 7.0 HIGH |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-58316 | 1 Huawei | 1 Harmonyos | 2026-06-17 | N/A | 7.3 HIGH |
| DoS vulnerability in the video-related system service module. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-58313 | 1 Huawei | 1 Harmonyos | 2026-06-17 | N/A | 5.1 MEDIUM |
| Race condition vulnerability in the device standby module. Impact: Successful exploitation of this vulnerability may cause feature exceptions of the device standby module. | |||||
| CVE-2025-58303 | 1 Huawei | 1 Harmonyos | 2026-06-17 | N/A | 8.4 HIGH |
| UAF vulnerability in the screen recording framework module. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-58296 | 1 Huawei | 1 Harmonyos | 2026-06-17 | N/A | 7.5 HIGH |
| Race condition vulnerability in the audio module. Impact: Successful exploitation of this vulnerability may affect function stability. | |||||
| CVE-2025-58145 | 1 Xen | 1 Xen | 2026-06-17 | N/A | 7.5 HIGH |
| [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are two issues related to the mapping of pages belonging to other domains: For one, an assertion is wrong there, where the case actually needs handling. A NULL pointer de-reference could result on a release build. This is CVE-2025-58144. And then the P2M lock isn't held until a page reference was actually obtained (or the attempt to do so has failed). Otherwise the page can not only change type, but even ownership in between, thus allowing domain boundaries to be violated. This is CVE-2025-58145. | |||||
| CVE-2025-55687 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2026-06-17 | N/A | 7.4 HIGH |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Resilient File System (ReFS) allows an unauthorized attacker to elevate privileges locally. | |||||
| CVE-2025-55335 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2026-06-17 | N/A | 7.4 HIGH |
| Use after free in Windows NTFS allows an unauthorized attacker to elevate privileges locally. | |||||
| CVE-2025-55328 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2026-06-17 | N/A | 7.8 HIGH |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-55231 | 1 Microsoft | 5 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 2 more | 2026-06-17 | N/A | 7.5 HIGH |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Storage allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-55228 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 5 more | 2026-06-17 | N/A | 7.8 HIGH |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally. | |||||