366505 matches found
CVE-2026-44815
CVE-2026-44815 is a stack-based buffer overflow in the Windows DHCP Client that enables remote code execution over the network. Affected component: Windows DHCP Client; root cause is a stack-based overflow. Consequences are remote code execution with high impact, as indicated by the CVSS vector (...
CVE-2026-44807
CVE-2026-44807 is a Windows vulnerability affecting the DWM Core Library, described as a use-after-free condition that enables local privilege escalation for an attacker with low privileges and no user interaction. The CVSS 3.1 base score is 7.8 (HIGH); vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H...
CVE-2026-44799
This CVE (CVE-2026-44799) describes a heap-based buffer overflow in the Remote Desktop Client that allows an unauthorized attacker to execute code remotely over a network . The connected records corroborate a network-based, remote code execution vulnerability affecting the Remote Desktop Client, ...
CVE-2026-44811
CVE-2026-44811 refers to a use-after-free in the Windows DWM Core Library that enables a locally authenticated attacker to elevate privileges. Confirmed across multiple sources (NVD/MSRC/CVE listings). The vulnerability is described as a local, high-impact elevation of privilege with a CVSS v3.1 ...
CVE-2026-44808
Affects: Windows DWM Core Library. Issue: Use-after-free in DWM Core Library leading to local privilege escalation by an authorized attacker. Impact: CVSS 3.1 base score 7.8 (HIGH) with LOCAL exploit, low attack complexity, and privileges required. Root cause: use-after-free vulnerability. Exploi...
CVE-2026-42992
CVE-2026-42992 describes a heap-based buffer overflow in the Remote Desktop Client that could allow an unauthenticated attacker to execute code over the network. The vulnerability affects the Remote Desktop Client as described across multiple sources (NVD, CVE listings, and Microsoft’s advisory)....
CVE-2026-44805
CVE-2026-44805: Use-after-free in Windows Network Controller (NC) Host Agent enables an authorized local attacker to cause denial of service. Affected component is the Windows Network Controller Host Agent; underlying cause is use-after-free. CVSSv3.1 base score 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I...
CVE-2026-44810
CVE-2026-44810: Improper authentication in Windows Cryptographic Services allows a local attacker to elevate privileges. Affected: Windows Cryptographic Services. Impact: HIGH (CVSS 3.1 base 8.4) with local attack, no user interaction required; confidentiality, integrity, and availability are HIG...
CVE-2026-42989
Winlogon Elevation of Privilege (CVE-2026-42989) is caused by improper link resolution before file access ("link following"). This vulnerability allows an authorized, local attacker to gain higher privileges. Affected: Winlogon component on Windows; impact is local privilege escalation with a CVS...
CVE-2026-44809
The vulnerability CVE-2026-44809 involves use-after-free in the Windows Common Log File System (CLFS) Driver. An authorized local attacker can elevate privileges. The data provided does not specify affected Windows versions, patch details, or remediation steps. No exploit specifics are documented...
CVE-2026-42979
CVE-2026-42979 describes a race condition in Windows Push Notifications due to improper synchronization on a shared resource, enabling a locally authenticated attacker to elevate privileges. The vulnerability is characterized by local access, high impact on confidentiality, integrity, and availab...
CVE-2026-42991
CVE-2026-42991 describes a race condition in Windows Push Notifications arising from improper synchronization of a shared resource. This yields local privilege escalation for an authorized attacker. The CVSS v3.1 metrics indicate local attack vector, high impact on confidentiality, integrity, and...
CVE-2026-42977
CVE-2026-42977 describes a race condition in Windows Push Notifications caused by improper synchronization of a shared resource. This vulnerability enables an authorized, local attacker to elevate privileges. The CVSS 3.1 base score is 7.8 (HIGH) with Local attack vector, high complexity, and req...
CVE-2026-42978
CVE-2026-42978: A race condition due to improper synchronization in Windows Push Notifications leads to local privilege escalation for an authorized attacker. The CVSSv3.1 base score is 7.8 (LOCAL, HIGH impact on confidentiality, integrity, and availability) with HIGH attack complexity and LOW pr...
CVE-2026-42986
CVE-2026-42986 describes a use-after-free in the Microsoft Graphics Component that allows an authorized attacker to elevate privileges locally. Affected: Microsoft Graphics Component; vulnerability class: use-after-free leading to local privilege escalation. Root cause as stated: after-free condi...
CVE-2026-42981
The provided documents identify CVE-2026-42981 as a Windows Performance Monitor remote code execution vulnerability caused by an integer underflow (wrap/wraparound). The issue is exploitable over the network without user interaction and with no privileges required (AV:N/PR:N/UI:N), as indicated b...
CVE-2026-42974
CVE-2026-42974 affects Windows Performance Monitor. The issue is an Integer underflow (wrap/wraparound) in a component used by Performance Monitor, enabling a remote attacker to execute code over a network. Exploitation details are not provided in the documents; the CVSS base score is 8.1 (Networ...
CVE-2026-42973
Technical details (affected software, conditions, exploitability, and remediation) are not publicly available in the provided documents; monitor for updates.
CVE-2026-42984
CVE-2026-42984 relates to a use-after-free in the Windows Kernel enabling an authorized local attacker to elevate privileges. Affected component: Windows Kernel. Underlying cause: use-after-free (exact technical details not provided here). Impact: local privilege elevation with high confidentiali...
CVE-2026-42971
CVE-2026-42971 involves a use of an uninitialized resource in Windows Push Notifications, enabling a locally authenticated attacker to disclose information. Affected component: Windows Push Notifications. Root cause: use of an uninitialized resource. Impact: local information disclosure with Conf...
CVE-2026-42970
CVE-2026-42970 involves Windows Push Notifications and is caused by the use of an uninitialized resource , enabling an authorized attacker to locally disclose information. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) yields a base score of 5.5 (Medium) with high confidentiality impac...
CVE-2026-42972
CVE-2026-42972 describes a Windows Hyper-V information disclosure vulnerability. The issue allows a locally authenticated attacker (low privileges) to disclose sensitive information due to exposure of information to an unauthorized actor. CVSS 3.1/Local, Low complexity, Privileges Low, Confidenti...
CVE-2026-42969
Technical details about CVE-2026-42969 are not publicly available in the provided documents. Monitor for updates.
CVE-2026-42968
CVE-2026-42968 describes an out-of-bounds read vulnerability in Windows Telephony Service that allows an authorized, local attacker to disclose information. Root cause: bound-checking deficiency in the Telephony Service component. Impact: confidentiality impact high with local access and no user ...
CVE-2026-42914
Technical details are not publicly available in the provided documents. Monitor for updates from official sources.
CVE-2026-42915
CVE-2026-42915 affects Windows TCP/IP. The issue arises from an incorrect calculation of a buffer size in the TCP/IP stack, enabling an authenticated attacker on an adjacent network to cause a denial of service. In the supplied documents, the description clearly states the root cause and the impa...
CVE-2026-42912
The CVE-2026-42912 entry concerns a race condition in the Windows Telephony Service caused by improper synchronization. A local, low-privilege attacker could exploit this vulnerability to elevate privileges on the host (CVSSv3.1: 7.0, HIGH). Affected component: Windows Telephony Service. Root cau...
CVE-2026-42913
The CVE-2026-42913 entry describes a heap-based buffer overflow in the Remote Desktop Client leading to remote code execution over a network with High severity (CVSS 3.1: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). Affected component is the Remote Desktop Client; underlying cause is a heap-based overfl...
CVE-2026-42911
CVE-2026-42911 describes a use-after-free vulnerability in the Windows Ancillary Function Driver for WinSock. The issue permits an authorized local attacker to elevate privileges. The documented impact is local privilege elevation with high severity (CVSSv3.1: AV=L/AC=H/PR=L/UI=N/S=U/C=H/I=H/A=H,...
CVE-2026-42916
The CVE-2026-42916 entry describes an Integer underflow in the Windows NT OS Kernel that enables local privilege escalation for an authorized attacker. Affected: Windows NT OS Kernel (kernel-level component). Root cause: wrap/underflow during arithmetic in the kernel. Impact: high across confiden...
CVE-2026-42909
CVE-2026-42909 involves a heap-based buffer overflow in the Remote Desktop Client that enables a remote attacker to execute code over the network. The vulnerability arises from improper handling of data during remote desktop operations, leading to memory corruption. The CVSS-3.1 vector (AV:N/AC:H...
CVE-2026-42980
The CVE-2026-42980 entry describes an integer underflow (wrap or wraparound) in the Windows NT OS Kernel that allows an authorized, local attacker to elevate privileges. Affected component: Windows NT OS Kernel; root cause: numeric underflow leading to improper bounds/flow control, enabling privi...
CVE-2026-42908
The CVE-2026-42908 entry describes an Out-of-bounds read in Windows Remote Desktop Protocol (RDP) that enables an unauthenticated attacker to disclose information over the network. Affected component is Windows RDP; the underlying fault is an out-of-bounds read, leading to information disclosure....
CVE-2026-42907
Technical details (affected software, component, root cause, impact and remediation) are not publicly available in the provided documents. Monitor for updates.
CVE-2026-42906
CVE-2026-42906 is a Windows Shell information-disclosure vulnerability. The Windows Shell component exposes sensitive information to an unauthorized actor via a local attack with low privileges required and no user interaction. The impact is confidentiality loss (C:H) while integrity/availability...
CVE-2026-42905
The CVE-2026-42905 entry describes a use-after-free vulnerability in the Windows DWM Core Library that allows an authorized attacker to escalate privileges locally. Affected component: Windows DWM Core Library. Root cause: use-after-free condition leading to local privilege escalation. Impact: el...
CVE-2026-42903
Windows Kerberos in Windows is affected by CVE-2026-42903, a null pointer dereference that can be exploited by an authorized attacker over the network to cause a denial of service. The CVSS data indicates network access with low attack complexity, low privileges required, no user interaction, and...
CVE-2026-42904
CVE-2026-42904 is a Windows TCP/IP heap-based buffer overflow vulnerability that allows an unauthenticated attacker on an adjacent network to elevate privileges. The issue affects the Windows TCP/IP stack and is identified as a 9.6 (CRITICAL) CVSSv3.1 Base Score with attacker-friendly characteris...
CVE-2026-42836
CVE-2026-42836: A race condition due to improper synchronization in the Windows Function Discovery Service (fdwsd.dll) enables a locally authenticated attacker to escalate privileges. The issue is described as a concurrency problem with a shared resource. Affected component: Function Discovery Se...
CVE-2026-42837
CVE-2026-42837 describes a buffer over-read in the Windows Projected File System Filter Driver that allows an authenticated local attacker to elevate privileges. The affected component is the Windows Projected File System Filter Driver; root cause is a buffer over-read within the filter driver. T...
CVE-2026-50507
CVE-2026-50507 concerns a Protection mechanism failure in Windows BitLocker that allows an unauthorized attacker to bypass a security feature via a physical attack . The connected documents corroborate a vulnerability affecting Windows BitLocker, with a CVSS v3.1 base score of 6.8 (Medium). The a...
CVE-2026-49160
The CVE-2026-49160 entry concerns HTTP.sys with an HTTP/2 resource consumption flaw leading to unauthenticated denial of service over the network. Exploitation details, affected versions or specific component paths aren’t provided in the connected documents. The NVD/MSRC entries confirm an uncont...
CVE-2026-48574
CVE-2026-48574 is a Windows Media vulnerability described as a heap-based buffer overflow that allows an unauthorized attacker to execute code locally. The cited CVSS 3.1 vector (LOCAL, HIGH impact on confidentiality, integrity, and availability; user interaction required; no privileges required)...
CVE-2026-48565
Windows Narrator Braille contains an untrusted search path vulnerability that can elevate privileges locally for an authorized user. Root cause is an untrusted search path in the Narrator Braille component, with an attacker able to exploit it without user interaction. CVSSv3.1 metrics indicate AV...
CVE-2026-48569
CVE-2026-48569 affects Visual Studio Code. It is caused by improper input validation in the editor, enabling a local attacker to bypass a security feature. CVSSv3.1: LOCAL attack vector, HIGH impact on confidentiality, LOW on integrity, NONE on availability; user interaction required. Details in ...
CVE-2026-48562
Summary: CVE-2026-48562 affects Microsoft Office SharePoint Server. It describes improper neutralization of input during web page generation, causing cross-site scripting that could enable an authorized attacker to perform spoofing over a network. The associated metrics assign a CVSS v3.1 base sc...
CVE-2026-47656
CVE-2026-47656 involves a vulnerability in Windows Boot Manager described as a protection mechanism failure that allows an authorized attacker to locally bypass a security feature. The associated CVSS 3.1 metrics indicate: Local attack vector, Low attack complexity, High privileges required, No u...
CVE-2026-48560
CVE-2026-48560 is documented as a cross-site scripting vulnerability in Microsoft Office SharePoint/SharePoint Server. The underlying issue is improper neutralization of input during web page generation, enabling an authorized attacker to spoof over a network. Affected product portions are ShareP...
CVE-2026-45484
This CVE involves deserialization of untrusted data in Microsoft Office SharePoint, enabling an authorized attacker to elevate privileges over a network. Affected component: SharePoint (deserialization vulnerability cited in multiple sources). Root cause: improper handling of deserialized input l...
CVE-2026-45481
CVE-2026-45481 is a cross-site scripting vulnerability in Microsoft Office SharePoint arising from improper input neutralization during web page generation. The issue can allow an authorized attacker to perform spoofing over a network. According to the available records, the affected component is...