39 matches found
CVE-2026-44470
The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. Prior to 1.3834.0, the CoworkVMService component in Claude Desktop for Windows ran as SYSTEM and did not validate whether the VM bundle directory was a real directory or an NT...
Docker Desktop for Windows Incorrect Permission Assignment Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop for Windows. User interaction on the part of an administrator is required to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from...
Docker Desktop for Windows Incorrect Permission Assignment Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop for Windows. User interaction on the part of an administrator is required to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from...
CVE-2025-14740 Docker Desktop for Windows Incorrect Permission Assignment Privilege Escalation Vulnerabilities
Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in the installer's handling of the C:\ProgramData\DockerDesktop directory. The installer creates this directory without proper ownership verification, creating two exploitation scenarios: Scenario 1...
CVE-2025-14740 Docker Desktop for Windows Incorrect Permission Assignment Privilege Escalation Vulnerabilities
Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in the installer's handling of the C:\ProgramData\DockerDesktop directory. The installer creates this directory without proper ownership verification, creating two exploitation scenarios: Scenario 1...
PT-2026-5881
Name of the Vulnerable Software and Affected Versions Docker Desktop for Windows affected versions not specified Description Docker Desktop for Windows has permission assignment issues in the installer’s handling of the C:ProgramDataDockerDesktop directory. The installer does not properly verify...
CVE-2026-20871 Desktop Window Manager Elevation of Privilege Vulnerability
...
Desktop Window Manager Elevation of Privilege Vulnerability
Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally...
Docker Desktop for Windows < 4.49.0 Privilege Escalation (CVE-2025-9164)
The version of Docker Desktop for Windows installed on the remote host is prior to 4.49.0. It is, therefore, affected by a privilege escalation vulnerability: - Docker Desktop Installer.exe is vulnerable to DLL hijacking due to insecure DLL search order. The installer searches for required DLLs i...
CVE-2025-55681 Desktop Window Manager Elevation of Privilege Vulnerability
...
CVE-2025-55681 Desktop Window Manager Elevation of Privilege Vulnerability
...
CVE-2025-56803
Figma Desktop for Windows version 125.6.5 contains a command injection vulnerability in the local plugin loader. An attacker can execute arbitrary OS commands by setting a crafted build field in the plugin's manifest.json. This field is passed to childprocess.exec without validation, leading to...
PT-2025-35802
Name of the Vulnerable Software and Affected Versions: Figma Desktop versions 125.6.5 Description: Figma Desktop for Windows version 125.6.5 contains a command injection issue in the local plugin loader. An attacker can execute arbitrary OS commands by setting a crafted build field in the plugin'...
Exploit for CVE-2025-9074
CVE-2025-9074 – Docker Desktop Windows Container→Host Write...
May 13, 2025—KB5058385 (OS Build 20348.3692)
May 13, 2025—KB5058385 OS Build 20348.3692 For information about Windows update terminology, see types of Windows updates and the monthly quality update types. To find an overview of Windows Server 2022, see its update history page. Be sure to follow @WindowsUpdate to find out when new content is...
CVE-2025-50153
Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally...
CVE-2025-53152 Desktop Windows Manager Remote Code Execution Vulnerability
...
CVE-2025-53152
CVE-2025-53152 is a local-use-after-free vulnerability in the Desktop Window Manager (DWM) of Windows that enables an authenticated attacker to execute code locally. The CVSS v3.1 score indicates local access with low privileges and no user interaction, but high impact to confidentiality, integri...
CVE-2025-50153 Desktop Window Manager Elevation of Privilege Vulnerability
...
PT-2025-32817 · Microsoft · Desktop Windows Manager +1
Name of the Vulnerable Software and Affected Versions: Desktop Windows Manager affected versions not specified Description: A use after free issue exists in Desktop Windows Manager that could allow an authorized attacker to execute code locally. Recommendations: At the moment, there is no...