Microsoft Windows 10 Version 1507 vulnerabilities
2,277 known vulnerabilities affecting microsoft/windows_10_version_1507.
Total CVEs
2,277
CISA KEV
89
actively exploited
Public exploits
37
Exploited in wild
82
Severity breakdown
CRITICAL69HIGH1630MEDIUM570LOW8
Vulnerabilities
Page 5 of 114
CVE-2025-54912HIGHCVSS 7.8≥ 10.0.10240.0, < 10.0.10240.211282025-09-09
CVE-2025-54912 [HIGH] CWE-416 CVE-2025-54912: Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally.
Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-54098HIGHCVSS 7.8≥ 10.0.10240.0, < 10.0.10240.211282025-09-09
CVE-2025-54098 [HIGH] CWE-284 CVE-2025-54098: Improper access control in Windows Hyper-V allows an authorized attacker to elevate privileges local
Improper access control in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-53804MEDIUMCVSS 5.5≥ 10.0.10240.0, < 10.0.10240.211282025-09-09
CVE-2025-53804 [MEDIUM] CWE-200 CVE-2025-53804: Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized at
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.
cvelistv5nvd
CVE-2025-54107MEDIUMCVSS 4.3≥ 10.0.10240.0, < 10.0.10240.211282025-09-09
CVE-2025-54107 [MEDIUM] CWE-41 CVE-2025-54107: Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to b
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
cvelistv5nvd
CVE-2025-53810MEDIUMCVSS 6.7≥ 10.0.10240.0, < 10.0.10240.211282025-09-09
CVE-2025-53810 [MEDIUM] CWE-843 CVE-2025-53810: Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service a
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-53803MEDIUMCVSS 5.5≥ 10.0.10240.0, < 10.0.10240.211282025-09-09
CVE-2025-53803 [MEDIUM] CWE-209 CVE-2025-53803: Generation of error message containing sensitive information in Windows Kernel allows an authorized
Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally.
cvelistv5nvd
CVE-2025-53799MEDIUMCVSS 5.5≥ 10.0.10240.0, < 10.0.10240.211282025-09-09
CVE-2025-53799 [MEDIUM] CWE-908 CVE-2025-53799: Use of uninitialized resource in Windows Imaging Component allows an unauthorized attacker to disclo
Use of uninitialized resource in Windows Imaging Component allows an unauthorized attacker to disclose information locally.
cvelistv5nvd
CVE-2025-53808MEDIUMCVSS 6.7≥ 10.0.10240.0, < 10.0.10240.211282025-09-09
CVE-2025-53808 [MEDIUM] CWE-843 CVE-2025-53808: Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service a
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-54109MEDIUMCVSS 6.7≥ 10.0.10240.0, < 10.0.10240.211282025-09-09
CVE-2025-54109 [MEDIUM] CWE-843 CVE-2025-54109: Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service a
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-54915MEDIUMCVSS 6.7≥ 10.0.10240.0, < 10.0.10240.211282025-09-09
CVE-2025-54915 [MEDIUM] CWE-843 CVE-2025-54915: Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service a
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-54104MEDIUMCVSS 6.7≥ 10.0.10240.0, < 10.0.10240.211282025-09-09
CVE-2025-54104 [MEDIUM] CWE-843 CVE-2025-54104: Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service a
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-54101MEDIUMCVSS 4.8≥ 10.0.10240.0, < 10.0.10240.211282025-09-09
CVE-2025-54101 [MEDIUM] CWE-416 CVE-2025-54101: Use after free in Windows SMBv3 Client allows an authorized attacker to execute code over a network.
Use after free in Windows SMBv3 Client allows an authorized attacker to execute code over a network.
cvelistv5nvd
CVE-2025-54917MEDIUMCVSS 4.3≥ 10.0.10240.0, < 10.0.10240.211282025-09-09
CVE-2025-54917 [MEDIUM] CWE-693 CVE-2025-54917: Protection mechanism failure in Windows MapUrlToZone allows an unauthorized attacker to bypass a sec
Protection mechanism failure in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
cvelistv5nvd
CVE-2025-54094MEDIUMCVSS 6.7≥ 10.0.10240.0, < 10.0.10240.211282025-09-09
CVE-2025-54094 [MEDIUM] CWE-843 CVE-2025-54094: Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service a
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-55226MEDIUMCVSS 6.7≥ 10.0.10240.0, < 10.0.10240.211282025-09-09
CVE-2025-55226 [MEDIUM] CWE-362 CVE-2025-55226: Concurrent execution using shared resource with improper synchronization ('race condition') in Graph
Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to execute code locally.
cvelistv5nvd
CVE-2025-55230HIGHCVSS 7.8≥ 10.0.10240.0, < 10.0.10240.210732025-08-21
CVE-2025-55230 [HIGH] CWE-822 CVE-2025-55230: Untrusted pointer dereference in Windows MBT Transport driver allows an authorized attacker to eleva
Untrusted pointer dereference in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-55229MEDIUMCVSS 5.3≥ 10.0.10240.0, < 10.0.10240.210142025-08-21
CVE-2025-55229 [MEDIUM] CWE-347 CVE-2025-55229: Improper verification of cryptographic signature in Windows Certificates allows an unauthorized atta
Improper verification of cryptographic signature in Windows Certificates allows an unauthorized attacker to perform spoofing over a network.
cvelistv5nvd
CVE-2025-53766CRITICALCVSS 9.8≥ 10.0.10240.0, < 10.0.10240.211002025-08-12
CVE-2025-53766 [CRITICAL] CWE-122 CVE-2025-53766: Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a ne
Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.
cvelistv5nvd
CVE-2025-53145HIGHCVSS 8.8≥ 10.0.10240.0, < 10.0.10240.211002025-08-12
CVE-2025-53145 [HIGH] CWE-843 CVE-2025-53145: Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an a
Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.
cvelistv5nvd
CVE-2025-53789HIGHCVSS 7.8≥ 10.0.10240.0, < 10.0.10240.210732025-08-12
CVE-2025-53789 [HIGH] CWE-306 CVE-2025-53789: Missing authentication for critical function in Windows StateRepository API allows an authorized att
Missing authentication for critical function in Windows StateRepository API allows an authorized attacker to elevate privileges locally.
cvelistv5nvd