Filtered by vendor Microsoft
Subscribe
Total
24758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-54081 | 2 Lizardbyte, Microsoft | 2 Sunshine, Windows | 2026-06-17 | N/A | 6.7 MEDIUM |
| Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.923.33222, the Windows service SunshineService is installed with an unquoted executable path. If Sunshine is installed in a directory whose name includes a space, the Service Control Manager (SCM) interprets the path incrementally and may execute a malicious binary placed earlier in the search string. This issue has been patched in version 2025.923.33222. | |||||
| CVE-2025-53951 | 2 Fortinet, Microsoft | 2 Fortidlp Agent, Windows | 2026-06-17 | N/A | 5.3 MEDIUM |
| An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiDLP Agent's Outlookproxy plugin for Windows 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11.1.1 through 11.1.2 and 11.0.1 and 10.5.1 and 10.4.0, and 10.3.1 may allow an authenticated attacker to escalate their privilege to LocalService via sending a crafted request to a local listening port. | |||||
| CVE-2025-53950 | 3 Apple, Fortinet, Microsoft | 3 Macos, Fortidlp Agent, Windows | 2026-06-17 | N/A | 5.5 MEDIUM |
| An Exposure of Private Personal Information ('Privacy Violation') vulnerability [CWE-359] in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS and Windows 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11.1.1. through 11.1.2 and 11.0.1 and 10.5.1 and 10.4.0, and 10.3.1 may allow an authenticated administrator to collect current user's email information. | |||||
| CVE-2025-53810 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2026-06-17 | N/A | 6.7 MEDIUM |
| Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-53809 | 1 Microsoft | 2 Windows 11 24h2, Windows Server 2025 | 2026-06-17 | N/A | 6.5 MEDIUM |
| Improper input validation in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to deny service over a network. | |||||
| CVE-2025-53808 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2026-06-17 | N/A | 6.7 MEDIUM |
| Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-53807 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2026-06-17 | N/A | 7.0 HIGH |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-53806 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2026-06-17 | N/A | 6.5 MEDIUM |
| Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2025-53805 | 1 Microsoft | 6 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 and 3 more | 2026-06-17 | N/A | 7.5 HIGH |
| Out-of-bounds read in Windows Internet Information Services allows an unauthorized attacker to deny service over a network. | |||||
| CVE-2025-53804 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2026-06-17 | N/A | 5.5 MEDIUM |
| Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally. | |||||
| CVE-2025-53803 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2026-06-17 | N/A | 5.5 MEDIUM |
| Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally. | |||||
| CVE-2025-53802 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 5 more | 2026-06-17 | N/A | 7.0 HIGH |
| Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-53801 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2026-06-17 | N/A | 7.8 HIGH |
| Untrusted pointer dereference in Windows DWM allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-53800 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2026-06-17 | N/A | 7.8 HIGH |
| No cwe for this issue in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-53799 | 1 Microsoft | 16 365 Copilot, Windows 10 1507, Windows 10 1607 and 13 more | 2026-06-17 | N/A | 5.5 MEDIUM |
| Use of uninitialized resource in Windows Imaging Component allows an unauthorized attacker to disclose information locally. | |||||
| CVE-2025-53798 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2026-06-17 | N/A | 6.5 MEDIUM |
| Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2025-53797 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2026-06-17 | N/A | 6.5 MEDIUM |
| Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2025-53796 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2026-06-17 | N/A | 6.5 MEDIUM |
| Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2025-53795 | 1 Microsoft | 1 Pc Manager | 2026-06-17 | N/A | 9.1 CRITICAL |
| Improper authorization in Microsoft PC Manager allows an unauthorized attacker to elevate privileges over a network. | |||||
| CVE-2025-53793 | 1 Microsoft | 1 Azure Stack Hub | 2026-06-17 | N/A | 7.5 HIGH |
| Improper authentication in Azure Stack allows an unauthorized attacker to disclose information over a network. | |||||