506 matches found
CVE-2026-50434
Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally...
CVE-2026-50430
Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally...
CVE-2026-50363
Heap-based buffer overflow in Windows Push Notifications allows an authorized attacker to elevate privileges locally...
CVE-2026-50339
Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally...
CVE-2026-50363
CVE-2026-50363 is a Windows Push Notifications elevation-of-privilege vulnerability characterized by a heap-based buffer overflow. An authorized, local attacker could escalate privileges. Microsoft has released updates addressing this (e.g., KB5095051 and MSRC/MSVC advisories) and recommends appl...
CVE-2026-50363 Windows Push Notifications Elevation of Privilege Vulnerability
...
CVE-2026-50363 Windows Push Notifications Elevation of Privilege Vulnerability
...
CVE-2026-44800 Windows Push Notifications Elevation of Privilege Vulnerability
...
CVE-2026-44800
CVE-2026-44800 concerns a race condition in Windows Push Notifications caused by improper synchronization of a shared resource. This vulnerability enables an authorized, local attacker to achieve privilege elevation. Documented impact is Local, with Confidentiality, Integrity, and Availability al...
CVE-2026-44800 Windows Push Notifications Elevation of Privilege Vulnerability
...
Windows Push Notifications Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Push Notifications allows an authorized attacker to elevate privileges locally...
Windows Push Notifications Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Push Notifications allows an authorized attacker to elevate privileges locally...
PT-2026-58346
Name of the Vulnerable Software and Affected Versions Windows Push Notifications affected versions not specified Description A heap-based buffer overflow exists in Windows Push Notifications. This flaw allows an authorized attacker to elevate privileges locally. A heap-based buffer overflow occur...
KLA91153 Multiple vulnerabilities in Microsoft Windows
Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code, gain privileges, obtain sensitive information, spoof user interface. Below is a complete list of...
PT-2026-58328
Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description Windows Push Notifications contain a flaw that allows an authorized attacker to locally disclose sensitive information. This issue results in the exposure of push-notification data to...
PT-2026-58126
Name of the Vulnerable Software and Affected Versions Windows Push Notifications affected versions not specified Description A race condition exists in Windows Push Notifications, where concurrent execution using a shared resource with improper synchronization allows an authorized attacker to...
CVE-2026-55762
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, the POST /api/v1/fingerprint REST endpoint enforces authentication authRequired: true but performs no authorization check. Any authenticated user —...
CVE-2026-55762 Rocket.Chat: Any Authenticated User Can Permanently Deregister Workspace from Rocket.Chat Cloud via Unprotected `/api/v1/fingerprint` Endpoint
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, the POST /api/v1/fingerprint REST endpoint enforces authentication authRequired: true but performs no authorization check. Any authenticated user —...
CVE-2026-55762
Rocket.Chat CVE-2026-55762 concerns an unauthenticated mis-authorization on POST /api/v1/fingerprint. Prior to fixed versions, authenticated users could call the endpoint with {"setDeploymentAs": "new-workspace"} to permanently deregister the workspace from Rocket.Chat Cloud, wiping cloud credent...
CVE-2026-55762 Rocket.Chat: Any Authenticated User Can Permanently Deregister Workspace from Rocket.Chat Cloud via Unprotected `/api/v1/fingerprint` Endpoint
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, the POST /api/v1/fingerprint REST endpoint enforces authentication authRequired: true but performs no authorization check. Any authenticated user —...