4818 matches found
CVE-2026-48583
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally...
CVE-2026-45476
Use after free in Linux MANA Driver allows an authorized attacker to elevate privileges locally...
CVE-2026-44811
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally...
CVE-2026-42902
Improper authorization in Microsoft PowerToys allows an authorized attacker to elevate privileges locally...
EUVD-2026-35761
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally...
CVE-2026-42983
CVE-2026-42983 is a Windows vulnerability described across multiple sources as a use-after-free in the DWM Core Library that allows an authorized, local attacker to elevate privileges. The issue is identified consistently in Microsoft’s MSRC page and NVD records; no public exploit details or defa...
CVE-2026-44811
CVE-2026-44811 refers to a use-after-free in the Windows DWM Core Library that enables a locally authenticated attacker to elevate privileges. Confirmed across multiple sources (NVD/MSRC/CVE listings). The vulnerability is described as a local, high-impact elevation of privilege with a CVSS v3.1 ...
CVE-2026-44805
CVE-2026-44805: Use-after-free in Windows Network Controller (NC) Host Agent enables an authorized local attacker to cause denial of service. Affected component is the Windows Network Controller Host Agent; underlying cause is use-after-free. CVSSv3.1 base score 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I...
CVE-2026-42977
CVE-2026-42977 describes a race condition in Windows Push Notifications caused by improper synchronization of a shared resource. This vulnerability enables an authorized, local attacker to elevate privileges. The CVSS 3.1 base score is 7.8 (HIGH) with Local attack vector, high complexity, and req...
CVE-2026-42916
The CVE-2026-42916 entry describes an Integer underflow in the Windows NT OS Kernel that enables local privilege escalation for an authorized attacker. Affected: Windows NT OS Kernel (kernel-level component). Root cause: wrap/underflow during arithmetic in the kernel. Impact: high across confiden...
EUVD-2026-35569
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally...
CVE-2026-45637
CVE-2026-45637 is a use-after-free vulnerability in Windows DWM Core Library that permits a locally authenticated attacker to achieve elevation of privileges. The underlying flaw is a use-after-free condition in the DWM Core Library, enabling an attacker with low privileges and no user interactio...
EUVD-2026-35561
Access of resource using incompatible type 'type confusion' in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally...
EUVD-2026-35547
Improper limitation of a pathname to a restricted directory 'path traversal' in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...
CVE-2026-47648
CVE-2026-47648 — Windows Storage contains an untrusted search path vulnerability that enables a locally authenticated attacker to perform privilege escalation. The issue arises from a trusted component loading an untrusted search path, potentially elevating privileges with high impact (C/H/I/H/A/...
CVE-2026-41092
CVE-2026-41092 describes an improper access control in Microsoft Kinect that enables a locally authenticated attacker to elevate privileges. The CVSS 3.1 vector is AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H with a base score of 7.8 (HIGH). Affected component: Kinect functionality; root cause is insuffic...
CVE-2026-45606
CVE-2026-45606 concerns an out-of-bounds read in the Microsoft UxTheme Library (uxtheme.dll) that allows an authorized, low-privilege user to cause a local denial of service. The NVD/NIST and CVE records concur on the impact as a local DoS; attack vector is LOCAL, with LOW prerequisites and NONE ...
CVE-2026-45490
CVE-2026-45490 : In .NET, improper authorization could allow an authorized local attacker to elevate privileges. Documents indicate a local attack with low privileges required and high impact on confidentiality, integrity, and availability. Exploitation details, affected versions, and a concrete ...
CVE-2026-34335
Use-after-free in the Windows Ancillary Function Driver for WinSock is the root cause of CVE-2026-34335. The vulnerability can allow an authenticated, local attacker to elevate privileges. The CVSSv3.1 score is 7.0 (High) with local attack vector, high complexity, and requires low privileges and ...
CVE-2026-46328
A flaw was found in the Linux kernel's AppArmor security module. The system's rlimit resource limit for POSIX Portable Operating System Interface CPU timers was not correctly enforced. This issue, stemming from an overlooked step in applying resource limits, could allow a local attacker to bypass...