5024 matches found
CVE-2026-25176
Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...
CVE-2026-25171
Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...
CVE-2026-24295
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Device Association Service allows an authorized attacker to elevate privileges locally...
CVE-2026-24291
Incorrect permission assignment for critical resource in Windows Accessibility Infrastructure ATBroker.exe allows an authorized attacker to elevate privileges locally...
CVE-2026-23671
CVE-2026-23671 is a Windows Bluetooth RFCOM Protocol Driver elevation of privilege vulnerability. A locally exposed issue could allow an attacker with low privileges and no user interaction to escalate privileges via the Bluetooth stack’s RFCOM Protocol Driver; exploitation maturity is UNPROVEN. ...
Windows Graphics Component Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization 'race condition' in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally...
Windows DWM Core Library Elevation of Privilege Vulnerability
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally...
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...
Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability
Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally...
.NET Elevation of Privilege Vulnerability
Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally...
Azure MCP Server has Server-Side Request Forgery issue that allows authorized attacker to elevate privileges over a network
Server-Side Request Forgery SSRF in Azure MCP Server allows an authorized attacker to elevate privileges over a network...
PT-2026-24303
Уязвимость драйвера Windows Ancillary Function Driver for WinSock операционных систем Windows связана с недостатками разграничения доступа. Эксплуатация уязвимости может позволить нарушителю повысить свои привилегии...
PT-2026-24272
Name of the Vulnerable Software and Affected Versions Microsoft Windows affected versions not specified Description A race condition exists in the Microsoft Graphics Component due to improper synchronization when handling concurrent execution with shared resources. This allows a local attacker to...
PT-2026-24288
Name of the Vulnerable Software and Affected Versions Windows versions affected versions not specified Description A flaw in the Windows SMB Server authentication process can allow an authorized attacker to elevate privileges locally. The issue relates to deficiencies in the authentication...
PT-2026-24290
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Device Association Service allows an authorized attacker to elevate privileges locally...
PT-2026-24304
Name of the Vulnerable Software and Affected Versions Active Directory Domain Services affected versions not specified Description An improper restriction of names for files and other resources exists in Active Directory Domain Services, potentially allowing an authorized attacker to elevate...
KB5079466: Windows 11 Version 26H1 Security Update (March 2026)
The remote Windows host is missing security update 5079466. It is, therefore, affected by multiple vulnerabilities - Use after free in Broadcast DVR allows an authorized attacker to elevate privileges locally. CVE-2026-23667 - Use after free in Windows Print Spooler Components allows an authorize...
Unspecified Vulnerability in Google Android (CNVD-2026-14652)
Google Android is a Linux-based open source operating system from Google. A security vulnerability exists in Google Android, which originates from a logic error in the onStart function of CompanionDeviceManagerService.java, which can be exploited by an attacker to cause a local elevation of...
Microsoft Payment Orchestrator Service Access Control Error Vulnerability
Microsoft Payment Orchestrator Service is a Microsoft feature that provides cloud-native payment process automation and orchestration for the financial services industry. An Access Control Error vulnerability exists in Microsoft Payment Orchestrator Service, which stems from improper authenticati...
Google Android elevation of privilege vulnerability (CNVD-2026-13149)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that originates from a logic error in multiple functions of KeyguardViewMediator.java, which can be exploited by an attacker to gain elevated privileges on...