4863 matches found
CVE-2026-42983
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally...
CVE-2026-42978
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Push Notifications allows an authorized attacker to elevate privileges locally...
dotnet: .NET: Local file tampering via link following vulnerability
A flaw was found in .NET's System.Formats.Tar library. When extracting a specially crafted TAR archive containing symbolic links, the TarFile.ExtractToDirectory method may incorrectly follow those links and write files outside the intended extraction directory. An attacker could exploit this issu...
CVE-2026-0268
Prisma Access Agent for Linux contains a local authentication bypass that enables a local attacker to route traffic outside the VPN tunnel. The issue is limited to Linux; Windows, macOS, iOS, Android, and ChromeOS variants are not affected. The CVE entry notes a local attack vector with low privi...
EUVD-2026-35527
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally...
EUVD-2026-35657
Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally...
CVE-2026-48583
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally...
CVE-2026-45476
Use after free in Linux MANA Driver allows an authorized attacker to elevate privileges locally...
CVE-2026-44811
Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally...
CVE-2026-42902
Improper authorization in Microsoft PowerToys allows an authorized attacker to elevate privileges locally...
EUVD-2026-35761
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally...
CVE-2026-42983
CVE-2026-42983 is a Windows vulnerability described across multiple sources as a use-after-free in the DWM Core Library that allows an authorized, local attacker to elevate privileges. The issue is identified consistently in Microsoft’s MSRC page and NVD records; no public exploit details or defa...
CVE-2026-44811
CVE-2026-44811 refers to a use-after-free in the Windows DWM Core Library that enables a locally authenticated attacker to elevate privileges. Confirmed across multiple sources (NVD/MSRC/CVE listings). The vulnerability is described as a local, high-impact elevation of privilege with a CVSS v3.1 ...
CVE-2026-44805
CVE-2026-44805: Use-after-free in Windows Network Controller (NC) Host Agent enables an authorized local attacker to cause denial of service. Affected component is the Windows Network Controller Host Agent; underlying cause is use-after-free. CVSSv3.1 base score 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I...
CVE-2026-42977
CVE-2026-42977 describes a race condition in Windows Push Notifications caused by improper synchronization of a shared resource. This vulnerability enables an authorized, local attacker to elevate privileges. The CVSS 3.1 base score is 7.8 (HIGH) with Local attack vector, high complexity, and req...
CVE-2026-42916
The CVE-2026-42916 entry describes an Integer underflow in the Windows NT OS Kernel that enables local privilege escalation for an authorized attacker. Affected: Windows NT OS Kernel (kernel-level component). Root cause: wrap/underflow during arithmetic in the kernel. Impact: high across confiden...
EUVD-2026-35569
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally...
CVE-2026-45637
CVE-2026-45637 is a use-after-free vulnerability in Windows DWM Core Library that permits a locally authenticated attacker to achieve elevation of privileges. The underlying flaw is a use-after-free condition in the DWM Core Library, enabling an attacker with low privileges and no user interactio...
EUVD-2026-35561
Access of resource using incompatible type 'type confusion' in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally...
EUVD-2026-35547
Improper limitation of a pathname to a restricted directory 'path traversal' in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...