Month: March 2025

Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-24994 Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability→

Improper neutralization of special elements used in a command (‘command injection’) in Azure Arc allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-26627 Azure Arc Installer Elevation of Privilege Vulnerability→

Information published. Continue reading CVE-2024-9157 Synaptics: CVE-2024-9157 Synaptics Service Binaries DLL Loading Vulnerability→

Untrusted pointer dereference in Windows Subsystem for Linux allows an unauthorized attacker to execute code locally. Continue reading CVE-2025-24084 Windows Subsystem for Linux (WSL2) Kernel Remote Code Execution Vulnerability→

Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Continue reading CVE-2025-24075 Microsoft Excel Remote Code Execution Vulnerability→

Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-24998 Visual Studio Elevation of Privilege Vulnerability→

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. Continue reading CVE-2025-24071 Microsoft Windows File Explorer Spoofing Vulnerability→

Null pointer dereference in Windows Kernel Memory allows an authorized attacker to deny service locally. Continue reading CVE-2025-24997 DirectX Graphics Kernel File Denial of Service Vulnerability→