Month: September 2025

Concurrent execution using shared resource with improper synchronization (‘race condition’) in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-54105 Microsoft Brokering File System Elevation of Privilege Vulnerability→

Access of resource using incompatible type (‘type confusion’) in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-54104 Windows Defender Firewall Service Elevation of Privilege Vulnerability→

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. Continue reading CVE-2025-54910 Microsoft Office Remote Code Execution Vulnerability→

Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. Continue reading CVE-2025-54107 MapUrlToZone Security Feature Bypass Vulnerability→

Protection mechanism failure in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. Continue reading CVE-2025-54917 MapUrlToZone Security Feature Bypass Vulnerability→

Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-54912 Windows BitLocker Elevation of Privilege Vulnerability→

[CVE-2024-21907](https://www.cve.org/CVERecord?id=CVE-2024-21907) addresses a mishandling of exceptional conditions vulnerability in Newtonsoft.Json before version 13.0.1. Crafted data that is passed to the JsonConvert.DeserializeObject method may trig… Continue reading CVE-2024-21907 VulnCheck: CVE-2024-21907 Improper Handling of Exceptional Conditions in Newtonsoft.Json→

Improper neutralization of special elements used in a command (‘command injection’) in SQL Server allows an authorized attacker to elevate privileges over a network. Continue reading CVE-2025-55227 Microsoft SQL Server Elevation of Privilege Vulnerability→