Security
Headlines
HeadlinesLatestCVEs

Source

Microsoft Security Response Center

CVE-2025-59259: Windows Local Session Manager (LSM) Denial of Service Vulnerability

Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.

Microsoft Security Response Center
Open in Source
#vulnerability#windows#dos#auth#Windows Local Session Manager (LSM)#Security Vulnerability
CVE-2025-47979: Microsoft Failover Cluster Information Disclosure Vulnerability

Insertion of sensitive information into log file in Windows Failover Cluster allows an authorized attacker to disclose information locally.

CVE-2025-59288: Playwright Spoofing Vulnerability

Improper verification of cryptographic signature in GitHub allows an unauthorized attacker to perform spoofing over an adjacent network.

CVE-2025-59284: Windows NTLM Spoofing Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing locally.

CVE-2025-54132: GitHub CVE-2025-54132: Arbitrary Image Fetch in Mermaid Diagram Tool

Ai command injection in Visual Studio allows an authorized attacker to disclose information over a network.

CVE-2025-59242: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.

CVE-2025-59237: Microsoft SharePoint Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVE-2025-59257: Windows Local Session Manager (LSM) Denial of Service Vulnerability

Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.