U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.288:*:*:*:standard:*:x64:*
  • CPE Name Search: true
There are 1,020 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2025-47991

Use after free in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.

Published: July 08, 2025; 1:15:40 PM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2025-47987

Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally.

Published: July 08, 2025; 1:15:40 PM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2025-47986

Use after free in Universal Print Management Service allows an authorized attacker to elevate privileges locally.

Published: July 08, 2025; 1:15:39 PM -0400
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2025-47985

Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate privileges locally.

Published: July 08, 2025; 1:15:39 PM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2025-47984

Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.

Published: July 08, 2025; 1:15:39 PM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2025-47982

Improper input validation in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.

Published: July 08, 2025; 1:15:39 PM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2025-47981

Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.

Published: July 08, 2025; 1:15:38 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2025-47980

Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an unauthorized attacker to disclose information locally.

Published: July 08, 2025; 1:15:38 PM -0400
V4.0:(not available)
V3.1: 6.2 MEDIUM
V2.0:(not available)
CVE-2025-47978

Out-of-bounds read in Windows Kerberos allows an authorized attacker to deny service over a network.

Published: July 08, 2025; 1:15:38 PM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2025-47976

Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

Published: July 08, 2025; 1:15:37 PM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2025-47975

Double free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

Published: July 08, 2025; 1:15:37 PM -0400
V4.0:(not available)
V3.1: 7.0 HIGH
V2.0:(not available)
CVE-2025-47973

Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.

Published: July 08, 2025; 1:15:37 PM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2025-47972

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges over a network.

Published: July 08, 2025; 1:15:37 PM -0400
V4.0:(not available)
V3.1: 8.0 HIGH
V2.0:(not available)
CVE-2025-47971

Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.

Published: July 08, 2025; 1:15:37 PM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2025-47159

Protection mechanism failure in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.

Published: July 08, 2025; 1:15:36 PM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2025-47955

Improper privilege management in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.

Published: June 10, 2025; 1:24:03 PM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2025-47160

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

Published: June 10, 2025; 1:23:24 PM -0400
V4.0:(not available)
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2025-33075

Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally.

Published: June 10, 2025; 1:23:08 PM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2025-33073

Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.

Published: June 10, 2025; 1:23:02 PM -0400
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2025-33071

Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network.

Published: June 10, 2025; 1:22:59 PM -0400
V4.0:(not available)
V3.1: 8.1 HIGH
V2.0:(not available)