CVE-2025-24998 Visual Studio Elevation of Privilege Vulnerability
Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.
CVE-2025-24057 Microsoft Office Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-26627 Azure Arc Installer Elevation of Privilege Vulnerability
Improper neutralization of special elements used in a command (‘command injection’) in Azure Arc allows an authorized attacker to elevate privileges locally.
CVE-2025-24064 Windows Domain Name Service Remote Code Execution Vulnerability
Use after free in DNS Server allows an unauthorized attacker to execute code over a network.
CVE-2025-24997 DirectX Graphics Kernel File Denial of Service Vulnerability
Null pointer dereference in Windows Kernel Memory allows an authorized attacker to deny service locally.
CVE-2025-24043 WinDbg Remote Code Execution Vulnerability
Improper verification of cryptographic signature in .NET allows an authorized attacker to execute code over a network.
CVE-2025-24049 Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability
Improper neutralization of special elements used in a command (‘command injection’) in Azure Command Line Integration (CLI) allows an unauthorized attacker to elevate privileges locally.
CVE-2025-24061 Windows Mark of the Web Security Feature Bypass Vulnerability
Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature locally.
CVE-2025-24996 NTLM Hash Disclosure Spoofing Vulnerability
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-24044 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.
