Microsoft Windows App vulnerabilities

9 known vulnerabilities affecting microsoft/windows_app.

Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH7MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2026-23656MEDIUMCVSS 5.9fixed in 2.0.964.02026-03-10
CVE-2026-23656 [MEDIUM] CWE-345 CVE-2026-23656: Insufficient verification of data authenticity in Windows App Installer allows an unauthorized attac Insufficient verification of data authenticity in Windows App Installer allows an unauthorized attacker to perform spoofing over a network.
nvd
CVE-2026-21517HIGHCVSS 7.0fixed in 11.3.22026-02-10
CVE-2026-21517 [MEDIUM] CWE-59 CVE-2026-21517: Improper link resolution before file access ('link following') in Windows App for Mac allows an auth Improper link resolution before file access ('link following') in Windows App for Mac allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-58718HIGHCVSS 8.8fixed in 2.0.706.02025-10-14
CVE-2025-58718 [HIGH] CWE-416 CVE-2025-58718: Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a netwo Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
nvd
CVE-2025-48817HIGHCVSS 8.8fixed in 2.0.559.02025-07-08
CVE-2025-48817 [HIGH] CWE-23 CVE-2025-48817: Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code ove Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
nvd
CVE-2025-32715MEDIUMCVSS 6.5fixed in 2.0.505.02025-06-10
CVE-2025-32715 [MEDIUM] CWE-125 CVE-2025-32715: Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network.
nvd
CVE-2025-29966HIGHCVSS 8.8fixed in 2.0.4202025-05-13
CVE-2025-29966 [HIGH] CWE-122 CVE-2025-29966: Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network.
nvd
CVE-2025-27487HIGHCVSS 8.0fixed in 2.0.379.02025-04-08
CVE-2025-27487 [HIGH] CWE-122 CVE-2025-27487: Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code ov Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network.
nvd
CVE-2025-26645HIGHCVSS 8.8fixed in 2.0.365.02025-03-11
CVE-2025-26645 [HIGH] CWE-23 CVE-2025-26645: Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code ove Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
nvd
CVE-2024-49105HIGHCVSS 8.4fixed in 2.0.327.02024-12-12
CVE-2024-49105 [HIGH] CWE-284 CVE-2024-49105: Remote Desktop Client Remote Code Execution Vulnerability Remote Desktop Client Remote Code Execution Vulnerability
nvd