325 matches found
CVE-2026-58544
Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally...
CVE-2026-58544
CVE-2026-58544 (Windows Management Services) is a use-after-free vulnerability that enables local privilege escalation by an authorized user. Public references in the initial data indicate an elevated-privilege impact (CVE-2026-58544) with a CVSS v3.1 base score of 7.0 (LOCAL, HIGH impact to conf...
CVE-2026-7539
A potential security vulnerability has been identified in the HP Accessory WMI Provider installer for some HP Docking Stations, which might allow escalation of privilege and/or arbitrary code execution. HP is releasing software updates to mitigate the potential vulnerability...
CVE-2026-7539
Technical details about CVE-2026-7539 are not publicly available in the provided documents. Monitor for updates from HP and CVE records for affected products, affected components, and fixes.
PT-2026-52085
Name of the Vulnerable Software and Affected Versions HP Accessory WMI Provider installer affected versions not specified Description A security issue exists in the HP Accessory WMI Provider installer used for certain HP Docking Stations. This flaw could allow an attacker to achieve escalation of...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication via the windowsMDMManagement endpoint. An attacker can gain unauthorized access to management functionality by bypassing authentication mechanisms. Remediation Upgrade github.com/fleetdm/fleet/server/service to...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication via the windowsMDMManagement endpoint. An attacker can gain unauthorized access to management functionality by bypassing authentication mechanisms. Remediation Upgrade...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication via the windowsMDMManagement endpoint. An attacker can gain unauthorized access to management functionality by bypassing authentication mechanisms. Remediation Upgrade...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication via the windowsMDMManagement endpoint. An attacker can gain unauthorized access to management functionality by bypassing authentication mechanisms. Remediation Upgrade github.com/fleetdm/fleet/v4/server/service t...
CVE-2026-24899 Fleet Windows MDM Azure AD JWT Authentication Bypass
Fleet is open source device management software. Prior to version 4.82.0, a vulnerability in Fleet's Windows MDM enrollment flow allows authentication tokens from any Azure AD tenant to be accepted. Because Fleet validates JWT signatures using Microsoft's multi-tenant JWKS endpoint but does not...
CVE-2026-23998
CVE-2026-23998 affects Fleet open-source device management software, specifically the Windows MDM management endpoint. A vulnerability in the endpoint could allow requests without proper client certificate validation to be processed as trusted, enabling an attacker who knows a valid enrolled devi...
CVE-2026-23998 Fleet has a Windows MDM management endpoint authentication bypass
Fleet is open source device management software. Prior to version 4.81.0, a vulnerability in Fleet’s Windows MDM management endpoint could allow requests to be processed without proper client certificate validation. In certain circumstances, this could allow an attacker to impersonate an enrolled...
Fleet has a Windows MDM management endpoint authentication bypass
Summary A vulnerability in Fleet’s Windows MDM management endpoint could allow requests to be processed without proper client certificate validation. In certain circumstances, this could allow an attacker to impersonate an enrolled Windows device and retrieve sensitive configuration data. Impact...
[SECURITY] Fedora 44 Update: kf6-kwindowsystem-6.25.0-1.fc44
KDE Frameworks Tier 1 integration module that provides classes for managing a nd working with windows...
CVE-2026-20930
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Management Services allows an authorized attacker to elevate privileges locally...
EUVD-2026-22353
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Management Services allows an authorized attacker to elevate privileges locally...
CVE-2026-20930
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Management Services allows an authorized attacker to elevate privileges locally...
CVE-2026-20930
CVE-2026-20930 – Windows Management Services Elevation of Privilege is a confirmed issue: a race condition due to improper synchronization in Windows Management Services can allow an authorized local attacker to elevate privileges. The concurrent-execution flaw affects Windows Management Services...
CVE-2026-20930 Windows Management Services Elevation of Privilege Vulnerability
...
CVE-2026-20930 Windows Management Services Elevation of Privilege Vulnerability
...