35253 matches found
CVE-2026-50656
Technical details about CVE-2026-50656 (affected components, root cause, impact specifics, remedies) are not publicly available in the provided documents. Monitor official advisories for updates.
CVE-2026-50656 Microsoft Defender Elevation of Privilege Vulnerability
...
Microsoft Defender Elevation of Privilege Vulnerability
Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as "RoguePlanet "...
CVE-2026-47190
A flaw was found in the Cluster API Provider Metal3 IP Address Manager IPAM controller. The controller's ClusterRole granted excessive permissions, allowing full create, read, update, and delete CRUD access to core/v1 Secrets. If the controller pod were compromised, an attacker could leverage the...
EUVD-2026-37023
Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user with permission to create or modify a shared SSH entry to execute arbitrary commands on a remote SSH host using stored elevation credentials via a crafted alterna...
PT-2026-49549
Name of the Vulnerable Software and Affected Versions Devolutions Remote Desktop Manager version 2026.2.7 Description Improper input validation in the SSH Elevate Shell feature allows an authenticated user with permissions to create or modify a shared SSH entry to execute arbitrary commands on a...
CVE-2026-53821
OpenClaw is affected: prior to 2026.5.18, WebSocket control UI accepts client-declared operator scopes before server-approved pairing/trusted-proxy binding. This enables unpaired/restricted trusted-proxy Control UI clients to obtain cached operator.admin authority on live WebSocket connections an...
CVE-2026-53821 OpenClaw < 2026.5.18 - Scope Elevation in trusted-proxy Control UI WebSocket
OpenClaw before 2026.5.18 accepts WebSocket client-declared operator scopes before binding to server-approved pairing or trusted-proxy authorization baseline. Unpaired or restricted trusted-proxy Control UI clients can obtain cached operator.admin authority on live WebSocket connections to execut...
CVE-2026-40639
Dell Client Platform BIOS contains a Weak Encoding for Password vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of Privileges...
CVE-2026-48565
Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally...
CVE-2026-45653
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally...
CVE-2026-45603
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...
CVE-2026-45596
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...
CVE-2026-45484
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network...
CVE-2026-45504
Server-side request forgery ssrf in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network...
CVE-2026-44810
Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate privileges locally...
CVE-2026-42991
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Push Notifications allows an authorized attacker to elevate privileges locally...
CVE-2026-42989
Improper link resolution before file access 'link following' in Winlogon allows an authorized attacker to elevate privileges locally...
CVE-2026-42912
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Telephony Service allows an authorized attacker to elevate privileges locally...
CVE-2026-42905
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally...