Windows

This hub aggregates every CVE we track for Windows, a product in the operating systems space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Windows.

• BDU:2026-08267Уязвимость операционных систем Windows, связанная с недостаточной защитой служебных данных, позволяющая нарушителю обойти функцию шифрования данных BitLocker7.8Jun 16, 2026
• CVE-2025-11567CWE-276: Incorrect Default Permissions vulnerability exists that could cause elevated system access when the target installation folder is not properly secured.7.8Nov 12, 2025
• CVE-2025-11566CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker on the local network to gain access to the user account by performing an arbitra...7.3Nov 12, 2025
• CVE-2025-11565CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause elevated system access when a Web Admin user on the local network tamper...7.0Nov 12, 2025
• CVE-2025-59033The Microsoft vulnerable driver block list is implemented as Windows Defender Application Control (WDAC) policy. Entries that specify only the to-be-signed (TBS) part of the code signer certificate...7.4Sep 8, 2025
• CVE-2022-50238The on-endpoint Microsoft vulnerable driver blocklist is not fully synchronized with the online Microsoft recommended driver block rules. Some entries present on the online list have been excluded ...7.4Sep 8, 2025
• CVE-2025-9491Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability7.8Aug 26, 2025
• CVE-2025-46385CWE-918 Server-Side Request Forgery (SSRF)8.6Jul 20, 2025
• CVE-2025-46384CWE-434 Unrestricted Upload of File with Dangerous Type8.8Jul 20, 2025
• CVE-2025-46383CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')6.1Jul 20, 2025
• BDU:2025-04739Уязвимость планировщика заданий операционных систем Windows, позволяющая нарушителю выполнить произвольные команды с привилегиями SYSTEM8.8Apr 22, 2025
• BDU:2025-02936Уязвимость механизма обработки .LNK-файлов пользовательского интерфейса операционных систем Windows, позволяющая нарушителю скрытно выполнить произвольные команды операционной системы7.0Mar 19, 2025
• BDU:2025-01870Уязвимость пользовательского интерфейса (UI) операционных систем Windows, позволяющая нарушителю скрыть от пользователей файлы, распакованные из специально сформированного архива4.5Feb 21, 2025
• CVE-2022-40733An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as pa...5.0Dec 18, 2024
• CVE-2022-40732An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as pa...5.0Dec 18, 2024