545 matches found
CVE-2026-26154
Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network...
EUVD-2026-22612
Use after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally...
EUVD-2026-22376
Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network...
CVE-2026-32224
Use after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally...
CVE-2026-32224 Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability
...
CVE-2026-32224 Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability
...
CVE-2026-26174
CVE-2026-26174 is a race-condition vulnerability in Windows Server Update Services (WSUS) that enables a locally authenticated attacker to achieve elevation of privileges. The issue is described as concurrent execution using a shared resource with improper synchronization. Multiple connected docu...
Exploit for Deserialization of Untrusted Data in Microsoft
CVE-2025-59287 — WSUS Unauthenticated RCE Purple team exercis...
January 17, 2026—KB5077792 (OS Build 25398.2096) Out-of-band
January 17, 2026—KB5077792 OS Build 25398.2096 Out-of-band This out-of-band update for Windows Server 23H2 KB5077792 is cumulative. It includes updates from previous security, along with an additional fix. To learn more about differences between security updates, optional non-security preview...
CVE-2026-20856
CVE-2026-20856 is a Windows Server Update Services (WSUS) remote code execution vulnerability caused by improper input validation. Exploitation is possible over a network with no user interaction; CVSSv3.1 base score 8.1 (High). Public references note this is addressed by January 2026 security up...
PT-2026-2701
Name of the Vulnerable Software and Affected Versions Windows Server Update Service affected versions not specified Description A flaw in input validation within Windows Server Update Service could allow a remote attacker to execute code on the network. This could lead to arbitrary code execution...
Exploit for Deserialization of Untrusted Data in Microsoft
CVE-2025-59287 ⚠ This tool is created solely for educatio...
Exploit for Deserialization of Untrusted Data in Microsoft
CVE-2025-59287 ⚠ This tool is created solely for education...
Exploit for Deserialization of Untrusted Data in Microsoft
🚨 ALERTA CRÍTICA DE CIBERSEGURIDAD: RCE en WSUS CVE-2025-5928...
Exploit for CVE-2025-59287
In this study, we will examine a critical vulnerability CVE-202...
📄 Microsoft Windows Server Update Services Remote Code Execution
This is a proof of concept exploit for Microsoft Windows Server Update Services that leverages an unsafe deserialization of untrusted data in WSUS's AuthorizationCookie handling. This file demonstrates payload generation in C. using System; using System.IO; using System.Security.Cryptography; usi...
CVE-2025-59287
Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network...
EUVD-2025-34268
Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network...
CVE-2025-59287
Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network...
CVE-2025-59287 Windows Server Update Service (WSUS) Remote Code Execution Vulnerability
...