Vulnerabilities > Microsoft > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-05-13 | CVE-2025-29967 | Heap-based Buffer Overflow vulnerability in Microsoft products Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. | 8.8 |
| 2025-05-13 | CVE-2025-29969 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Microsoft products Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network. | 7.5 |
| 2025-05-13 | CVE-2025-29970 | Use After Free vulnerability in Microsoft products Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | 7.8 |
| 2025-05-13 | CVE-2025-29971 | Out-of-bounds Read vulnerability in Microsoft Windows 11 22H2 Out-of-bounds read in Web Threat Defense (WTD.sys) allows an unauthorized attacker to deny service over a network. | 7.5 |
| 2025-05-13 | CVE-2025-29973 | Improper Access Control vulnerability in Microsoft Azure File Sync 19.0.0.0/20.0.0.0 Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally. | 7.0 |
| 2025-05-13 | CVE-2025-29975 | Link Following vulnerability in Microsoft PC Manager Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally. | 7.8 |
| 2025-05-13 | CVE-2025-29976 | Improper Privilege Management vulnerability in Microsoft products Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally. | 7.8 |
| 2025-05-13 | CVE-2025-29978 | Use After Free vulnerability in Microsoft 365 Apps and Office Long Term Servicing Channel Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. | 7.8 |
| 2025-05-08 | CVE-2025-29827 | Improper Authorization vulnerability in Microsoft Azure Automation Improper Authorization in Azure Automation allows an authorized attacker to elevate privileges over a network. | 8.8 |
| 2025-05-08 | CVE-2025-33072 | Improper Access Control vulnerability in Microsoft Msagsfeedback.Azurewebsites.Net Improper access control in Azure allows an unauthorized attacker to disclose information over a network. | 7.5 |