Month: April 2025

Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally. Continue reading CVE-2025-27733 NTFS Elevation of Privilege Vulnerability→

Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. Continue reading CVE-2025-21205 Windows Telephony Service Remote Code Execution Vulnerability→

Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-27730 Windows Digital Media Elevation of Privilege Vulnerability→

Time-of-check time-of-use (toctou) race condition in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-21191 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability→

Out-of-bounds read in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-27728 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability→

Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn’t have permission to list content. Continue reading CVE-2025-21197 Windows NTFS Information Disclosure Vulnerability→

Improper link resolution before file access (‘link following’) in Windows Installer allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-27727 Windows Installer Elevation of Privilege Vulnerability→

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. Continue reading CVE-2025-21174 Windows Standards-Based Storage Management Service Denial of Service Vulnerability→