Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-04-08 CVE-2025-27475 Sensitive data storage in improperly locked memory in Windows Update Stack allows an authorized attacker to elevate privileges locally.
local
high complexity
CWE-591
7.0
7.0
2025-04-08 CVE-2025-27476 Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.
local
low complexity
CWE-416
7.8
7.8
2025-04-08 CVE-2025-27479 Insufficient resource pool in Windows Kerberos allows an unauthorized attacker to deny service over a network.
network
low complexity
CWE-410
7.5
7.5
2025-04-08 CVE-2025-27480 Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
network
high complexity
CWE-416
8.1
8.1
2025-04-08 CVE-2025-27482 Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
network
high complexity
CWE-591
8.1
8.1
2025-04-08 CVE-2025-27485 Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
network
low complexity
CWE-400
7.5
7.5
2025-04-08 CVE-2025-27486 Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
network
low complexity
CWE-400
7.5
7.5
2025-04-08 CVE-2025-27489 Improper input validation in Azure Local allows an authorized attacker to elevate privileges locally.
local
low complexity
CWE-20
7.8
7.8
2025-04-08 CVE-2025-27490 Heap-based buffer overflow in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
local
low complexity
CWE-122
7.8
7.8
2025-04-08 CVE-2025-1095 IBM Personal Communications v14 and v15 include a Windows service that is vulnerable to local privilege escalation (LPE).
local
low complexity
CWE-119
8.8
8.8