Total
1269 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-7200 | 1 Microsoft | 5 Edge, Windows 10 1507, Windows 10 1511 and 2 more | 2025-10-22 | 7.6 HIGH | 8.8 HIGH |
| The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243. | |||||
| CVE-2016-3393 | 1 Microsoft | 9 Windows 10 1507, Windows 10 1511, Windows 10 1607 and 6 more | 2025-10-22 | 9.3 HIGH | 7.8 HIGH |
| Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Component RCE Vulnerability." | |||||
| CVE-2016-3351 | 1 Microsoft | 11 Edge, Internet Explorer, Windows 10 1507 and 8 more | 2025-10-22 | 2.6 LOW | 6.5 MEDIUM |
| Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." | |||||
| CVE-2016-3309 | 1 Microsoft | 9 Windows 10 1507, Windows 10 1511, Windows 10 1607 and 6 more | 2025-10-22 | 7.2 HIGH | 7.8 HIGH |
| The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3308, CVE-2016-3310, and CVE-2016-3311. | |||||
| CVE-2016-3298 | 1 Microsoft | 10 Internet Explorer, Windows 10 1507, Windows 10 1511 and 7 more | 2025-10-22 | 2.6 LOW | 6.5 MEDIUM |
| Microsoft Internet Explorer 9 through 11 and the Internet Messaging API in Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to determine the existence of arbitrary files via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." | |||||
| CVE-2016-0189 | 1 Microsoft | 11 Internet Explorer, Jscript, Vbscript and 8 more | 2025-10-22 | 7.6 HIGH | 7.5 HIGH |
| The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0187. | |||||
| CVE-2016-0167 | 1 Microsoft | 8 Windows 10 1507, Windows 10 1511, Windows 7 and 5 more | 2025-10-22 | 7.2 HIGH | 7.8 HIGH |
| The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0143 and CVE-2016-0165. | |||||
| CVE-2016-0165 | 1 Microsoft | 8 Windows 10 1507, Windows 10 1511, Windows 7 and 5 more | 2025-10-22 | 7.2 HIGH | 7.8 HIGH |
| The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0143 and CVE-2016-0167. | |||||
| CVE-2016-0162 | 1 Microsoft | 9 Internet Explorer, Windows 10 1507, Windows 10 1511 and 6 more | 2025-10-22 | 4.3 MEDIUM | 4.3 MEDIUM |
| Microsoft Internet Explorer 9 through 11 allows remote attackers to determine the existence of files via crafted JavaScript code, aka "Internet Explorer Information Disclosure Vulnerability." | |||||
| CVE-2016-0151 | 1 Microsoft | 5 Windows 10 1507, Windows 10 1511, Windows 8.1 and 2 more | 2025-10-22 | 7.2 HIGH | 7.8 HIGH |
| The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mismanages process tokens, which allows local users to gain privileges via a crafted application, aka "Windows CSRSS Security Feature Bypass Vulnerability." | |||||
| CVE-2016-0099 | 1 Microsoft | 7 Windows 10 1507, Windows 10 1511, Windows 7 and 4 more | 2025-10-22 | 7.2 HIGH | 7.8 HIGH |
| The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 does not properly process request handles, which allows local users to gain privileges via a crafted application, aka "Secondary Logon Elevation of Privilege Vulnerability." | |||||
| CVE-2015-6175 | 1 Microsoft | 1 Windows 10 1507 | 2025-10-22 | 7.2 HIGH | 7.8 HIGH |
| The kernel in Microsoft Windows 10 Gold allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of Privilege Vulnerability." | |||||
| CVE-2015-2546 | 1 Microsoft | 9 Windows 10 1507, Windows 7, Windows 8 and 6 more | 2025-10-22 | 6.9 MEDIUM | 8.2 HIGH |
| The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2511, CVE-2015-2517, and CVE-2015-2518. | |||||
| CVE-2015-2502 | 1 Microsoft | 9 Internet Explorer, Windows 10 1507, Windows 7 and 6 more | 2025-10-22 | 9.3 HIGH | 8.8 HIGH |
| Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," as exploited in the wild in August 2015. | |||||
| CVE-2025-47827 | 2 Igel, Microsoft | 16 Igel Os, Windows 10 1507, Windows 10 1607 and 13 more | 2025-10-21 | N/A | 4.6 MEDIUM |
| In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image. | |||||
| CVE-2025-59214 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2025-10-21 | N/A | 6.5 MEDIUM |
| Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2025-50154 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-10-21 | N/A | 6.5 MEDIUM |
| Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2025-53768 | 1 Microsoft | 9 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 6 more | 2025-10-20 | N/A | 7.8 HIGH |
| Use after free in Xbox allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-24052 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2025-10-20 | N/A | 7.8 HIGH |
| Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update. Fax modem hardware dependent on this specific driver will no longer work on Windows. Microsoft recommends removing any existing dependencies on this hardware. | |||||
| CVE-2025-25004 | 1 Microsoft | 17 Powershell, Windows 10 1507, Windows 10 1607 and 14 more | 2025-10-20 | N/A | 7.3 HIGH |
| Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges locally. | |||||