Microsoft Windows 10 1809 vulnerabilities

CVE-2025-26645 [HIGH] CWE-23 CVE-2025-26645: Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code ove Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

CVE-2025-26633 [HIGH] CWE-707 CVE-2025-26633: Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.

CVE-2025-24993 [HIGH] CWE-122 CVE-2025-24993: Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally. Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.

CVE-2025-24067 [HIGH] CWE-122 CVE-2025-24067: Heap-based buffer overflow in Microsoft Streaming Service allows an authorized attacker to elevate p Heap-based buffer overflow in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.

CVE-2025-24048 [HIGH] CWE-122 CVE-2025-24048: Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privile Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally.

CVE-2025-24050 [HIGH] CWE-122 CVE-2025-24050: Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privile Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally.

CVE-2025-24044 [HIGH] CWE-416 CVE-2025-24044: Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.

CVE-2025-24059 [HIGH] CWE-125 CVE-2025-24059: Incorrect conversion between numeric types in Windows Common Log File System Driver allows an author Incorrect conversion between numeric types in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

CVE-2025-21180 [HIGH] CWE-122 CVE-2025-21180: Heap-based buffer overflow in Windows exFAT File System allows an unauthorized attacker to execute c Heap-based buffer overflow in Windows exFAT File System allows an unauthorized attacker to execute code locally.

CVE-2025-24056 [HIGH] CWE-122 CVE-2025-24056: Heap-based buffer overflow in Windows Telephony Server allows an unauthorized attacker to execute co Heap-based buffer overflow in Windows Telephony Server allows an unauthorized attacker to execute code over a network.

CVE-2025-24061 [HIGH] CWE-693 CVE-2025-24061: Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to by Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature locally.

CVE-2025-24995 [HIGH] CWE-122 CVE-2025-24995: Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacke Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.

CVE-2025-24072 [HIGH] CWE-416 CVE-2025-24072: Use after free in Microsoft Local Security Authority Server (lsasrv) allows an authorized attacker t Use after free in Microsoft Local Security Authority Server (lsasrv) allows an authorized attacker to elevate privileges locally.

CVE-2025-24046 [HIGH] CWE-416 CVE-2025-24046: Use after free in Microsoft Streaming Service allows an authorized attacker to elevate privileges lo Use after free in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.

CVE-2025-24055 [MEDIUM] CWE-125 CVE-2025-24055: Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to disclose information Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to disclose information with a physical attack.

CVE-2025-24991 [MEDIUM] CWE-125 CVE-2025-24991: Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally. Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally.

CVE-2025-24054 [MEDIUM] CWE-73 CVE-2025-24054: External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spo External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.

CVE-2025-24987 [MEDIUM] CWE-125 CVE-2025-24987: Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges w Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack.

CVE-2025-21247 [MEDIUM] CWE-41 CVE-2025-21247: Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to b Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.

CVE-2025-24984 [MEDIUM] CWE-532 CVE-2025-24984: Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack.