Microsoft: Security Vulnerabilities
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
CVSS Score
7.5
EPSS Score
0.326
Published
2025-04-08
Sensitive data storage in improperly locked memory in Windows TCP/IP allows an unauthorized attacker to execute code over a network.
CVSS Score
7.5
EPSS Score
0.002
Published
2025-04-08
Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-04-08
Stack-based buffer overflow in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.004
Published
2025-04-08
After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-04-08
After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-04-08
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVSS Score
6.5
EPSS Score
0.008
Published
2025-04-08
Improper access control in Windows Defender Application Control (WDAC) allows an unauthorized attacker to bypass a security feature locally.
CVSS Score
8.4
EPSS Score
0.003
Published
2025-04-08
Use after free in RPC Endpoint Mapper Service allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.004
Published
2025-04-08
Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
CVSS Score
7.5
EPSS Score
0.284
Published
2025-04-08