TheWindowsUpdate.com

Concurrent execution using shared resource with improper synchronization (‘race condition’) in Inbox COM Objects allows an unauthorized attacker to execute code locally. Continue reading CVE-2025-59282 Internet Information Services (IIS) Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability→

Improper input validation in Windows Kernel allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-59187 Windows Kernel Elevation of Privilege Vulnerability→

Improper link resolution before file access (‘link following’) in XBox Gaming Services allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-59281 Xbox Gaming Services Elevation of Privilege Vulnerability→

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. Continue reading CVE-2025-58739 Microsoft Windows File Explorer Spoofing Vulnerability→

Cursor is a code editor built for programming with AI. In versions below 1.3, Mermaid (which is used to render diagrams) allows embedding images which then get rendered by Cursor in the chat box. An attacker can use this to exfiltrate sensitive informa… Continue reading CVE-2025-54132 GitHub CVE-2025-54132: Arbitrary Image Fetch in Mermaid Diagram Tool→

Use after free in Windows Remote Desktop allows an unauthorized attacker to execute code locally. Continue reading CVE-2025-58737 Remote Desktop Protocol Remote Code Execution Vulnerability→

Insertion of sensitive information into log file in Windows Failover Cluster allows an authorized attacker to disclose information locally. Continue reading CVE-2025-47979 Microsoft Failover Cluster Information Disclosure Vulnerability→

Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. Continue reading CVE-2025-58734 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability→