21711 matches found
Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization 'race condition' in Capability Access Management Service camsvc allows an authorized attacker to elevate privileges locally...
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Free of memory not on the heap in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...
Win32k Elevation of Privilege Vulnerability
Access of resource using incompatible type 'type confusion' in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally...
Windows Hello Tampering Vulnerability
Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally...
Windows Admin Center Elevation of Privilege Vulnerability
Improper verification of cryptographic signature in Windows Admin Center allows an authorized attacker to elevate privileges locally...
Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability
Improper access control in Windows Routing and Remote Access Service RRAS allows an authorized attacker to elevate privileges locally...
Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization 'race condition' in Capability Access Management Service camsvc allows an authorized attacker to elevate privileges locally...
Microsoft Excel Remote Code Execution Vulnerability
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally...
Microsoft Office Click-To-Run Remote Code Execution Vulnerability
Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally...
Windows Management Services Elevation of Privilege Vulnerability
Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally...
Windows NTFS Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally...
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Untrusted pointer dereference in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally...
Microsoft Windows File Explorer Spoofing Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to perform spoofing over a network...
Windows Kernel Information Disclosure Vulnerability
Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally...
Windows Kerberos Information Disclosure Vulnerability
Use of a broken or risky cryptographic algorithm in Windows Kerberos allows an authorized attacker to disclose information locally...
Windows Remote Assistance Security Feature Bypass Vulnerability
Protection mechanism failure in Windows Remote Assistance allows an unauthorized attacker to bypass a security feature locally...
Windows Installer Elevation of Privilege Vulnerability
Time-of-check time-of-use toctou race condition in Windows Installer allows an authorized attacker to elevate privileges locally...
Windows Kernel Memory Elevation of Privilege Vulnerability
Time-of-check time-of-use toctou race condition in Windows Kernel Memory allows an authorized attacker to elevate privileges locally...
Windows File Explorer Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization 'race condition' in Printer Association Object allows an authorized attacker to elevate privileges locally...
Microsoft SQL Server Elevation of Privilege Vulnerability
Missing authentication for critical function in SQL Server allows an authorized attacker to elevate privileges over a network...
Secure Boot Certificate Expiration Security Feature Bypass Vulnerability
Windows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. These original certificates are approaching expiration, and devices containing affected certificate versions must update them to maintain Secure Boot functionality and avoid compromising security by losing security fixes...
Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure Vulnerability
Concurrent execution using shared resource with improper synchronization 'race condition' in Tablet Windows User Interface TWINUI Subsystem allows an authorized attacker to elevate privileges locally...
filelock Time-of-Check-Time-of-Use (TOCTOU) Symlink Vulnerability in SoftFileLock
...
virtualenv Has TOCTOU Vulnerabilities in Directory Creation
...
mptcp: Initialise rcv_mss before calling tcp_send_active_reset() in mptcp_do_fastclose().
...
Null Pointer Dereference in SubtableUnicodesCache::create leading to DoS
...
media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar
...
Wget2: gnu wget2: memory corruption and crash via filename sanitization logic with attacker-controlled urls
...
Wget2: arbitrary file write via metalink path traversal in gnu wget2
...
CoreDNS gRPC/HTTPS/HTTP3 servers lack resource limits, enabling DoS via unbounded connections and oversized messages
...
hv_netvsc: Fix panic during namespace deletion with VF
...
benet: fix BUG when creating VFs
...
Chromium: CVE-2026-0628 Insufficient policy enforcement in WebView tag
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium
...
urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)
...
bearer token leak on cross-protocol redirect
...
broken TLS options for threaded LDAPS
...
CVE-2025-13151
...
smb: client: fix use-after-free in crypt_message when using async crypto
...
Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
User interface ui misrepresentation of critical information in Microsoft Edge for Android allows an authorized attacker to perform spoofing over a network...
block: Use RCU in blk_mq_[un]quiesce_tagset() instead of set->tag_list_lock
...
backlight: led-bl: Add devlink to supplier LEDs
...
drm/vgem-fence: Fix potential deadlock on release
...
crypto: starfive - Correctly handle return of sg_nents_for_len
...
irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc()
...
wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring()
...
ALSA: firewire-motu: add bounds check in put_user loop for DSP events
...
mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add()
...
staging: most: remove broken i2c driver
...