Security
Headlines
HeadlinesLatestCVEs

Source

Microsoft Security Response Center

CVE-2025-49739: Visual Studio Elevation of Privilege Vulnerability

Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.

Microsoft Security Response Center
Open in Source
#vulnerability#auth#Visual Studio#Security Vulnerability
CVE-2025-49718: Microsoft SQL Server Information Disclosure Vulnerability

Use of uninitialized resource in SQL Server allows an unauthorized attacker to disclose information over a network.

CVE-2025-48804: BitLocker Security Feature Bypass Vulnerability

Acceptance of extraneous untrusted data with trusted data in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

CVE-2025-48816: HID Class Driver Elevation of Privilege Vulnerability

Integer overflow or wraparound in HID class driver allows an authorized attacker to elevate privileges locally.

CVE-2025-48815: Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability

Access of resource using incompatible type ('type confusion') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

CVE-2025-48802: Windows SMB Server Spoofing Vulnerability

Improper certificate validation in Windows SMB allows an authorized attacker to perform spoofing over a network.

CVE-2025-48810: Windows Secure Kernel Mode Information Disclosure Vulnerability

Processor optimization removal or modification of security-critical code in Windows Secure Kernel Mode allows an authorized attacker to disclose information locally.

CVE-2025-48809: Windows Secure Kernel Mode Information Disclosure Vulnerability

Processor optimization removal or modification of security-critical code in Windows Kernel allows an authorized attacker to disclose information locally.