Month: July 2025

Improper control of generation of code (‘code injection’) in Azure Monitor Agent allows an unauthorized attacker to execute code over an adjacent network. Continue reading CVE-2025-47988 Azure Monitor Agent Remote Code Execution Vulnerability→

Processor optimization removal or modification of security-critical code in Windows Kernel allows an authorized attacker to disclose information locally. Continue reading CVE-2025-26636 Windows Kernel Information Disclosure Vulnerability→

Heap-based buffer overflow in Windows Win32K – GRFX allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-49727 Win32k Elevation of Privilege Vulnerability→

Use after free in Windows Connected Devices Platform Service allows an unauthorized attacker to execute code over a network. Continue reading CVE-2025-49724 Windows Connected Devices Platform Service Remote Code Execution Vulnerability→

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. Continue reading CVE-2025-47998 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability→

Use of uninitialized resource in SQL Server allows an unauthorized attacker to disclose information over a network. Continue reading CVE-2025-49718 Microsoft SQL Server Information Disclosure Vulnerability→

Integer underflow (wrap or wraparound) in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-47996 Windows MBT Transport Driver Elevation of Privilege Vulnerability→

Improper authentication in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. Continue reading CVE-2025-49706 Microsoft SharePoint Server Spoofing Vulnerability→