1258584 matches found
CVE-2026-57968
The CVE-2026-57968 entry describes a Buffer over-read in Windows Subsystem for Linux (WSL2) that can enable local privilege escalation for an authorized attacker. Connected sources corroborate a kernel-level issue affecting WSL2; the base CVSS vector indicates LOCAL attack, LOW complexity, with H...
CVE-2026-57096
CVE-2026-57096 affects Windows Routing and Remote Access Service (RRAS). The issue is a heap-based buffer overflow in RRAS that allows an authorized attacker to elevate privileges locally. The CVSSv3.1 base score is 7.8 (HIGH). Exploitation details are not provided beyond local privilege escalati...
CVE-2026-57093
CVE-2026-57093 – Windows Ancillary Function Driver for WinSock is a reported use-after-free vulnerability in the WinSock ancillary function driver that can be exploited locally to achieve privilege escalation. The issue affects the specific Windows driver handling WinSock operations; successful e...
CVE-2026-57089
CVE-2026-57089 affects the Windows SMB Server Network Transport Driver (srvnet.sys). It is a use-after-free vulnerability in srvnet.sys that could allow an unauthenticated attacker to execute code remotely over a network (remote code execution). The CVSSv3.1 base score is 7.5 (HIGH) with Network ...
CVE-2026-57090
CVE-2026-57090 is a heap-based buffer overflow in Microsoft Windows Media Foundation that enables remote code execution by an unauthenticated attacker over a network. The NVD entry lists a high risk (CVSSv3.1: 8.8) with network attack vector and user interaction not required. Public sources in co...
CVE-2026-56648
CVE-2026-56648 is a Windows Network File System (NFS) server vulnerability described as a time-of-check time-of-use (TOCTOU) race condition that could allow an authorized attacker to elevate privileges over the network. Public sources identify the root cause as a TOCTOU race in NFS and classify t...
CVE-2026-56188
CVE-2026-56188: A race-condition in the Windows Server Network driver (concurrent access to a shared resource) can allow an unauthenticated attacker to execute code over the network. The vulnerability affects the Windows Server Network driver and is described as a remote code execution flaw with ...
CVE-2026-56186
CVE-2026-56186 is a Windows Schannel vulnerability described as an out-of-bounds read that enables an authorized attacker to disclose information over a network. The CVE affects the Windows Schannel security component and is rated with CVSS v3.1 base score 8.1 (High) and NETWORK attack vector wit...
CVE-2026-56184
CVE-2026-56184 describes a local information disclosure in Windows Win32K, enabling an authorized attacker to disclose sensitive information locally. The NVD entry notes a medium severity (CVSS v3.1: 5.5) with local access and low attack complexity but high confidentiality impact. Public details ...
CVE-2026-56183
CVE-2026-56183 is a use-after-free vulnerability in the Windows MIDI Service Module that permits a locally authenticated attacker to achieve elevation of privileges. Affected component: Windows MIDI Service Module (CVE-2026-56183) with local attack vector and high impact (CVE described as Elevati...
CVE-2026-56190
CVE-2026-56190 is a Windows Remote Desktop Protocol vulnerability described as a use of an uninitialized resource in Windows RDP that allows an unauthenticated attacker to execute code over the network. The CVE has a very high severity (CVSSv3.1 base score 9.8, CRITICAL) and is referenced in Micr...
CVE-2026-56182
CVE-2026-56182 is a Windows NTFS elevation-of-privilege vulnerability caused by an integer overflow/wraparound in NTFS operations that can be exploited by an authorized local attacker. Public sources in the connected data corroborate the root cause and the affected component is NTFS on Windows. T...
CVE-2026-56175
CVE-2026-56175 describes a heap-based buffer overflow in Windows NTFS that allows an authorized, local attacker to elevate privileges. Connected sources (Microsoft MSRC update, NVD, NTFS/CIRCL sightings) confirm the vulnerability is in Windows NTFS, with local-privilege-escalation potential and a...
CVE-2026-50359 Microsoft XML Core Services Elevation of Privilege Vulnerability
...
CVE-2026-56156
CVE-2026-56156 is a heap-based buffer overflow in Microsoft Office Excel that enables local code execution. The affected software is Microsoft Office Excel (component of Office). Root cause described as a heap-based buffer overflow allowing an attacker to run code locally; exploitation requires l...
CVE-2026-55947
CVE-2026-55947 is a Microsoft Excel vulnerability described as a heap-based buffer overflow in Microsoft Office Excel that enables local code execution. Affected product: Microsoft Office Excel (Office suite). Root cause: heap-based buffer overflow in Excel components, leading to arbitrary code e...
CVE-2026-55145
CVE-2026-55145 : Outlook Copilot is affected by a command-injection vulnerability due to improper neutralization of special elements in a command. An authorized attacker can tamper over a network, with network access, low privileges, and user interaction required; confidentiality impact is High, ...
CVE-2026-55142
Microsoft Word within Office is affected by CVE-2026-55142 due to a numeric truncation error that can disclose information locally. Exploitation is local with required user interaction; the advisory notes a security update from Microsoft as remediation. References to July 2026 Office advisories c...
CVE-2026-55140
CVE-2026-55140 is a Microsoft Office remote code execution vulnerability caused by a heap-based buffer overflow in Office components. An unauthorized attacker could exploit this locally to run arbitrary code on a vulnerable system, as described in multiple security sources. Connected documents co...
CVE-2026-55051
CVE-2026-55051 is a Server-Side Request Forgery (SSRF) vulnerability in Microsoft Office SharePoint that allows an authorized attacker to disclose information over a network. The CVE is documented with CVSS v3.1 base score 6.5 (MEDIUM), network attack vector, low attack complexity, privileges req...