Month: April 2025

Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-29802 Visual Studio Elevation of Privilege Vulnerability→

Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. Continue reading CVE-2025-21222 Windows Telephony Service Remote Code Execution Vulnerability→

Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-29803 Visual Studio Tools for Applications and SQL Server Management Studio Elevation of Privilege Vulnerability→

Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. Continue reading CVE-2025-21221 Windows Telephony Service Remote Code Execution Vulnerability→

Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network. Continue reading CVE-2025-27738 Windows Resilient File System (ReFS) Information Disclosure Vulnerability→

Improper link resolution before file access (‘link following’) in Windows Update Stack allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-21204 Windows Process Activation Elevation of Privilege Vulnerability→

Exposure of sensitive information to an unauthorized actor in Windows Power Dependency Coordinator allows an authorized attacker to disclose information locally. Continue reading CVE-2025-27736 Windows Power Dependency Coordinator Information Disclosure Vulnerability→

Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Continue reading CVE-2025-21203 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability→