CVE-2026-21525

Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally...

CVE-2026-21508

Improper authentication in Windows Storage allows an authorized attacker to elevate privileges locally...

CVE-2026-21245

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally...

CVE-2026-21241

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

CVE-2026-21239

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally...

CVE-2026-21234

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally...

CVE-2026-21246

Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally...

CVE-2025-35998

Missing protection mechanism for alternate hardware interface in the IntelR Quick Assist Technology for some IntelR Platforms within Ring 0: Kernel may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation of...

CVE-2025-31944

Race condition for some TDX Module before version tdx1.5 within Ring 0: Hypervisor may allow a denial of service. Authorized adversary with a privileged user combined with a high complexity attack may enable denial of service. This result may potentially occur via local access when attack...

CVE-2025-35998

The CVE-2025-35998 entry concerns Intel’s Quick Assist Technology. A missing protection mechanism for an alternate hardware interface in Intel Quick Assist on certain Intel platforms can allow a local, privilege escalation from Ring 0. The attack would require a privileged user, low complexity, n...

CVE-2025-25210

Improper input validation for some Server Firmware Update UtilitySysFwUpdt before version 16.0.12 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation of privilege. This...

CVE-2025-15572

A vulnerability has been found in wasm3 up to 0.5.0. The affected element is the function NewCodePage. The manipulation leads to memory leak. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. Unfortunately, the project has no active maintainer a...

CVE-2025-15572

A vulnerability has been found in wasm3 up to 0.5.0. The affected element is the function NewCodePage. The manipulation leads to memory leak. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. Unfortunately, the project has no active maintainer a...

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

Windows NTLM Spoofing Vulnerability

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally...

Windows Subsystem for Linux Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally...

Windows Graphics Component Elevation of Privilege Vulnerability

Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally...

CVE-2025-15572

wasm3 up to 0.5.0 contains a local vulnerability in the NewCodePage function that leads to a memory leak. The issue is exploitable locally, with an exploit publicly disclosed. There is currently no active maintainer for the project. The provided metrics indicate partial availability impact and lo...

CVE-2025-15571 ckolivas lrzip stream.c ucompthread null pointer dereference

A security vulnerability has been detected in ckolivas lrzip up to 0.651. This vulnerability affects the function ucompthread of the file stream.c. Such manipulation leads to null pointer dereference. The attack can only be performed from a local environment. The exploit has been disclosed public...

CVE-2025-15570

A vulnerability was found in ckolivas lrzip up to 0.651. This impacts the function lzmadecompressbuf of the file stream.c. Performing a manipulation results in use after free. Attacking locally is a requirement. The exploit has been made public and could be used. The project was informed of the...