CVE-2025-60716
Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.
CVE-2025-60707
Use after free in Multimedia Class Scheduler Service (MMCSS) allows an authorized attacker to elevate privileges locally.
CVE-2025-59515
Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally.
CVE-2025-59511
External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally.
CVE-2025-59509
Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker to disclose information locally.
CVE-2025-59502
Uncontrolled resource consumption in Windows Remote Procedure Call allows an unauthorized attacker to deny service over a network.
CVE-2025-59255
Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2025-59207
Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2025-59204
Use of uninitialized resource in Windows Management Services allows an authorized attacker to disclose information locally.
CVE-2025-59199
Improper access control in Software Protection Platform (SPP) allows an authorized attacker to elevate privileges locally.
CVE-2025-59195
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to deny service locally.
CVE-2025-59193
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2025-59191
Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.
CVE-2025-58728
Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
CVE-2025-58720
Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.
CVE-2025-55696
Time-of-check time-of-use (toctou) race condition in NtQueryInformation Token function (ntifs.h) allows an authorized attacker to elevate privileges locally.
CVE-2025-55681
Out-of-bounds read in Windows DWM allows an authorized attacker to elevate privileges locally.
CVE-2025-55680
Time-of-check time-of-use (toctou) race condition in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-55679
Improper input validation in Windows Kernel allows an unauthorized attacker to disclose information locally.
CVE-2025-55336
Exposure of sensitive information to an unauthorized actor in Windows Cloud Files Mini Filter Driver allows an authorized attacker to disclose information locally.