Microsoft Powershell vulnerabilities

CVE-2025-25004 [HIGH] CWE-284 CVE-2025-25004: Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.

CVE-2025-49734 [HIGH] CWE-923 CVE-2025-49734: Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an authorized attacker to elevate privileges locally.

CVE-2025-30399 [HIGH] CWE-426 CVE-2025-30399: Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.

CVE-2024-30045 [MEDIUM] CWE-122 CVE-2024-30045: .NET and Visual Studio Remote Code Execution Vulnerability .NET and Visual Studio Remote Code Execution Vulnerability

CVE-2024-21409 [HIGH] CWE-416 CVE-2024-21409: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

CVE-2024-21392 [HIGH] CWE-400 CVE-2024-21392: .NET and Visual Studio Denial of Service Vulnerability .NET and Visual Studio Denial of Service Vulnerability

CVE-2024-0057 [CRITICAL] CWE-20 CVE-2024-0057: NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability

CVE-2022-41121 [HIGH] CVE-2022-41121: Windows Graphics Component Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability

CVE-2022-23267 [HIGH] CVE-2022-23267: .NET and Visual Studio Denial of Service Vulnerability .NET and Visual Studio Denial of Service Vulnerability

CVE-2022-24512 [MEDIUM] CVE-2022-24512: .NET and Visual Studio Remote Code Execution Vulnerability .NET and Visual Studio Remote Code Execution Vulnerability

CVE-2021-41355 [MEDIUM] CVE-2021-41355: .NET Core and Visual Studio Information Disclosure Vulnerability .NET Core and Visual Studio Information Disclosure Vulnerability

CVE-2020-8927 [MEDIUM] CWE-130 CVE-2020-8927: A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recomm

CVE-2020-0951 [MEDIUM] CVE-2020-0951: <p>A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) whi A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement. An attacker who successfully exploited this vulnerability could execute PowerShell commands that would be blocked by WDAC. To exploit the vulnerability, an attacker need administrator access on a local machine

CVE-2020-1108 [HIGH] CVE-2020-1108: A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web req A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'.

CVE-2018-8327 [CRITICAL] CVE-2018-8327: A remote code execution vulnerability exists in PowerShell Editor Services, aka "PowerShell Editor S A remote code execution vulnerability exists in PowerShell Editor Services, aka "PowerShell Editor Services Remote Code Execution Vulnerability." This affects PowerShell Editor, PowerShell Extension.