26307 matches found
CVE-2026-50356
Concurrent execution using shared resource with improper synchronization 'race condition' in Microsoft Windows App Store allows an authorized attacker to elevate privileges locally...
CVE-2026-49807
Exposure of sensitive information to an unauthorized actor in Windows DirectX allows an unauthorized attacker to disclose information locally...
CVE-2026-50295
Improper privilege management in Microsoft Windows DNS allows an authorized attacker to bypass a security feature locally...
CVE-2026-49184
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally...
CVE-2026-49171
Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally...
CVE-2026-0515
The CVE-2026-0515 entry documents insufficient parameter validation in the SchedGet() system call of the QNX Neutrino kernel, potentially allowing a locally privileged attacker to crash the kernel. Affected products include QNX Software Development Platform and QNX OS for Safety, though no explic...
kernel: exit: prevent preemption of oopsing TASK_DEAD task
A flaw was found in the Linux kernel. During the exit process of a task that has encountered an error, the system can incorrectly allow the task to be interrupted. This can lead to improper management of the task's memory, potentially causing memory corruption. Such an issue could allow a local...
kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold
A flaw was found in the Linux kernel's Bluetooth SCO Synchronous Connection-Oriented protocol implementation. The scorecvframe function fails to properly hold a reference to a socket after releasing a lock. This oversight allows a concurrent operation to free the socket while it is still being...
kernel: xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete
A flaw was found in the Linux kernel's xfrm IPSec framework subsystem. This vulnerability, a use-after-free, occurs when the system incorrectly manages memory related to security policies, specifically during the deletion of xfrmstate lists. An attacker with local access could exploit this flaw b...
CVE-2026-50364
Technical details (affected product/version, root cause, and fixes) are not publicly available in the provided documents. Monitor for updates.
CVE-2026-50303
CVE-2026-50303 describes a vulnerability in Windows Key Guard where use of a cryptographic primitive with a risky implementation enables an authorized local attacker to bypass a security feature. Affected component: Windows Key Guard cryptographic handling; root cause: risky implementation of the...
CVE-2026-49808
The CVE-2026-49808 entry describes a race condition in the Windows kernel caused by concurrent execution on a shared resource with improper synchronization. An authorized local attacker can elevate privileges, as indicated by the description and CVSS vector (Local attack, High impact to confident...
CVE-2026-49798
CVE-2026-49798 is a Windows Kernel use-after-free vulnerability that enables local privilege escalation. The root cause is use-after-free in kernel code, allowing an unauthenticated attacker with local access to elevate privileges. Affected component details are limited in the provided documents;...
CVE-2026-56193
CVE-2026-56193 describes an out-of-bounds read in Microsoft Office that allows a local attacker to disclose information. The available records indicate a high-severity impact (Confidentiality and Availability) with local access and user interaction required, but no explicit details on affected Of...
CVE-2026-54997
Public technical details are not provided in the supplied documents for CVE-2026-54997. No specifics on affected products, versions, root cause, or remediation are available here. Monitor for updates from official sources.
CVE-2026-54996
CVE-2026-54996 describes a race condition in the Windows USB Print Driver caused by concurrent access to a shared resource with improper synchronization. An authorized local attacker could elevate privileges. The entry provides CVSS 3.1 base score 7.0 (High) with local attack vector, high impact ...
CVE-2026-55001
CVE-2026-55001 affects Windows Active Directory / Active Directory Domain Services. The root cause is improper certificate validation within AD, enabling an authorized attacker to achieve local privilege escalation. CVSS 3.1 base score 7.8 (Local, Low complexity, Privileges Required: Low; User In...
CVE-2026-54112
CVE-2026-54112 affects Windows Win32K. The issue is a race condition caused by concurrent execution on a shared resource due to improper synchronization, enabling a locally authenticated user to elevate privileges. The base score is 7.8 (HIGH) with LOCAL attack vector, requiring LOW privileges an...
Windows Subsystem for Linux (WSL2) Kernel Tampering Vulnerability
Time-of-check time-of-use toctou race condition in Windows Subsystem for Linux allows an authorized attacker to perform tampering locally...
Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Routing and Remote Access Service RRAS allows an authorized attacker to elevate privileges locally...