Month: April 2025

Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. Continue reading CVE-2025-27480 Windows Remote Desktop Services Remote Code Execution Vulnerability→

Incomplete list of disallowed inputs in Microsoft Office OneNote allows an unauthorized attacker to bypass a security feature locally. Continue reading CVE-2025-29822 Microsoft OneNote Security Feature Bypass Vulnerability→

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. Continue reading CVE-2025-27485 Windows Standards-Based Storage Management Service Denial of Service Vulnerability→

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. Continue reading CVE-2025-29820 Microsoft Word Remote Code Execution Vulnerability→

Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-27467 Windows Digital Media Elevation of Privilege Vulnerability→

Improper input validation in Dynamics Business Central allows an authorized attacker to disclose information locally. Continue reading CVE-2025-29821 Microsoft Dynamics Business Central Information Disclosure Vulnerability→

Improper access control in Windows Defender Application Control (WDAC) allows an unauthorized attacker to bypass a security feature locally. Continue reading CVE-2025-26678 Windows Defender Application Control Security Feature Bypass Vulnerability→

Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. Continue reading CVE-2025-29794 Microsoft SharePoint Remote Code Execution Vulnerability→