247 matches found
EUVD-2026-10637
Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...
CVE-2026-25171
Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...
CVE-2026-25171
Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...
CVE-2026-25171
Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...
Windows Authentication Elevation of Privilege Vulnerability
Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...
PT-2026-24298
Уязвимость компонента Windows Authentication операционных систем Windows связана с использованием памяти после её освобождения. Эксплуатация уязвимости может позволить нарушителю повысить свои привилегии...
Where Multi-Factor Authentication Stops and Credential Abuse Starts
Organizations typically roll out multi-factor authentication MFA and assume stolen passwords are no longer enough to access systems. In Windows environments, that assumption is often wrong. Attackers still compromise networks every day using valid credentials. The issue is not MFA itself, but...
Changing IDExpert Windows Logon Agent 安全漏洞
Changing IDExpert Windows Logon Agent is an identity authentication client software developed by Changing, a company based in Taiwan, China. This software is designed to enhance security during Windows login processes. Changing IDExpert Windows Logon Agent contains a security vulnerability that...
CVE-2026-21249
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally...
CVE-2026-21249
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally...
CVE-2026-21249
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally...
Microsoft NTLM 安全漏洞
Microsoft NTLM is an authentication protocol used by Microsoft on networks that include systems running the Windows operating system, as well as standalone systems. There are security vulnerabilities in Microsoft NTLM. Attackers exploit these vulnerabilities to carry out phishing attacks. The...
CVE-2026-25228
Signal K Server is a server application that runs on a central hub in a boat. Prior to 2.20.3, a path traversal vulnerability in SignalK Server's applicationData API allows authenticated users on Windows systems to read, write, and list arbitrary files and directories on the filesystem. The...
CVE-2026-20872
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-20925
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-20925
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-20872
CVE-2026-20872 affects Windows NTLM: external control of a file name or path allows an attacker to spoof authentication over the network. The description states this vulnerability and related references indicate a Windows NTLM spoofing risk. The connected Nessus/NCSC/EUVD/NVD entries confirm the ...
CVE-2021-22048
The vCenter Server contains a privilege escalation vulnerability in the IWA Integrated Windows Authentication authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group...
CVE-2025-59775
Server-Side Request Forgery SSRF vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes...
CVE-2025-61940
NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the client application is restricted by a password authentication check in the client software but the underlying database connection always has access. The latest...