Lucene search
+L

1176 matches found

CVE
CVE
added 2023/10/10 5:7 p.m.655 views

CVE-2023-36584

CVE-2023-36584 concerns a Windows Mark of the Web (MOTW) security feature bypass vulnerability. The MOTW bypass can cause a limited loss of integrity and availability of security features, as described by CISA KEV entries. The vulnerability is listed among known exploited vulnerabilities catalog ...

5.4CVSS7.3AI score0.03055EPSS
In wild
CVE
CVE
added 2023/03/14 4:55 p.m.608 views

CVE-2023-23415

CVE-2023-23415 is described via connected sources as an ICMP-based Remote Code Execution affecting Windows. The referenced material states that exploitation could involve sending a malicious fragmented ICMP packet to a vulnerable host bound to a raw socket, potentially enabling arbitrary code exe...

9.8CVSS9.7AI score0.03479EPSS
CVE
CVE
added 2024/08/08 1:59 a.m.605 views

CVE-2024-21302

Microsoft has fixed CVE-2024-21302 for Windows systems with Virtualization-Based Security (VBS). The elevation-of-privilege vulnerability allowed an administrator to replace current Windows system files with older versions, potentially reintroducing mitigated VBS vulnerabilities and exfiltrating ...

6.7CVSS5.8AI score0.01559EPSS
CVE
CVE
added 2025/09/09 5:1 p.m.584 views

CVE-2025-53799

CVE-2025-53799 affects the Windows Imaging Component. The vulnerability arises from use of an uninitialized resource in Imaging Component code, enabling local attackers to disclose information. The NCSC entry confirms the impact as Access to sensitive data with a CVSS-like rating around 5.5 (Medi...

5.5CVSS6.1AI score0.0073EPSS
CVE
CVE
added 2024/05/14 4:57 p.m.580 views

CVE-2024-30051

CVE-2024-30051 is an Elevation of Privilege in the Windows Desktop Window Manager (DWM) core library dwmcore.dll. The root cause is a heap-based buffer overflow in CCommandBuffer::Initialize caused by a size miscalculation (integer division) that can overflow the heap during a heap spray, allowin...

7.8CVSS6.4AI score0.05687EPSS
In wild
CVE
CVE
added 2025/09/09 5:1 p.m.572 views

CVE-2025-53803

CVE-2025-53803 affects the Windows Kernel. Reported as: error message generation could disclose sensitive information to an authorized local attacker. According to the available connected sources, the vulnerability is categorized under Windows Kernel with a documented impact of accessing sensitiv...

5.5CVSS5.9AI score0.00606EPSS
CVE
CVE
added 2024/06/11 4:59 p.m.564 views

CVE-2024-30088

CVE-2024-30088 is a Windows Kernel TOCTOU race condition that can lead to local privilege escalation via AuthzBasepCopyoutInternalSecurityAttributes. Publicly discussed exploits and PoCs exist (Windows kernel LPE PoCs and Metasploit module), and CISA lists it as a known-exploited vulnerability; a...

7CVSS6.9AI score0.68202EPSS
In wild
CVE
CVE
added 2024/11/12 5:54 p.m.564 views

CVE-2024-38203

Technical details for CVE-2024-38203 are not publicly available in the supplied documents. No specifics on affected products, root cause, or remediation are provided here; monitor the feeds for updates from Microsoft and vulnerability trackers.

6.2CVSS5.8AI score0.00677EPSS
CVE
CVE
added 2024/03/12 4:58 p.m.563 views

CVE-2024-26169

CVE-2024-26169 is a Windows Error Reporting Service Elevation of Privilege vulnerability (improper privilege management) that allows a local attacker with user permissions to gain SYSTEM privileges. Public exploits exist; the vulnerability has been added to CISA’s Known Exploited Vulnerabilities ...

7.8CVSS7.9AI score0.04014EPSS
In wild
CVE
CVE
added 2023/07/11 5:2 p.m.538 views

CVE-2023-32046

CVE-2023-32046 is a Windows MSHTML Platform Elevation of Privilege vulnerability. The MSHTML engine (used by Windows, Office, Outlook, etc.) contains a flaw that enables local privilege escalation when a user opens a specially crafted file delivered via email or web page. Exploitation requires us...

7.8CVSS8.7AI score0.11867EPSS
In wild
CVE
CVE
added 2023/09/12 4:58 p.m.522 views

CVE-2023-38144

CVE-2023-38144 is a Windows elevation-of-privilege flaw in the Common Log File System (CLFS) driver . The provided description confirms a local, privilege-escalation condition affecting the Windows CLFS driver, with a CVSS v3.1 base score 7.8 (LOCAL, LOW attack complexity, LOW privileges required...

7.8CVSS7.8AI score0.05356EPSS
CVE
CVE
added 2024/12/10 5:49 p.m.517 views

CVE-2024-49138

Summary (CVE-2024-49138): A heap-based buffer overflow in the Windows Common Log File System Driver (CLFS.sys) enables local Elevation of Privilege on Windows 11/23h2 (and other supported builds). Public PoCs and exploits exist (GitHub PoC repos and exploits referenced in multiple sources), with ...

7.8CVSS7.5AI score0.25414EPSS
In wild
CVE
CVE
added 2025/10/14 5:1 p.m.515 views

CVE-2025-59230

CVE-2025-59230 describes an improper access control flaw in the Windows Remote Access Connection Manager (RasMan). The vulnerability allows an authenticated local user to elevate privileges to SYSTEM by manipulating RasMan’s IPC handling/ACLs, as reported in multiple sources. Exploitation activit...

7.8CVSS6.5AI score0.02675EPSS
In wild
CVE
CVE
added 2023/04/11 7:13 p.m.512 views

CVE-2023-28229

CVE-2023-28229 is a Windows vulnerability in the Cryptographic Next Generation (CNG) Key Isolation Service described as a privilege-escalation flaw. The CVE entry is linked to active exploitation in practice (CISA KEV) and is categorized with a high impact vector (local access, total impact on co...

7CVSS7AI score0.01872EPSS
In wild
CVE
CVE
added 2023/08/08 5:2 p.m.509 views

CVE-2023-20569

CVE-2023-20569 concerns a side-channel vulnerability in some AMD CPUs where an attacker may influence the return-address predictor, enabling speculative execution at attacker-controlled addresses and potential information disclosure. The vulnerability is discussed across multiple connected source...

4.7CVSS6.6AI score0.0616EPSS
CVE
CVE
added 2025/02/11 5:58 p.m.507 views

CVE-2025-21391

CVE-2025-21391 (Windows Storage Elevation of Privilege) describes a local privilege escalation in Windows Storage. The vulnerability allows an attacker with low privileges and no user interaction to elevate to SYSTEM by exploiting a link-following flaw in Windows Storage (root cause described as ...

7.1CVSS7.7AI score0.02258EPSS
In wild
CVE
CVE
added 2024/09/10 4:53 p.m.497 views

CVE-2024-38014

CVE-2024-38014 is a Windows Installer privilege-escalation vulnerability (local, CVSSv3.1: 7.8) that could allow an attacker with low privileges to gain SYSTEM-level access. The issue targets the Windows Installer component and is described in sources as an improper privilege-management flaw. Pub...

7.8CVSS8.7AI score0.06008EPSS
In wild
CVE
CVE
added 2025/03/11 4:59 p.m.495 views

CVE-2025-24071

CVE-2025-24071 affects Windows File Explorer via the .library-ms mechanism. When a user opens or extracts ZIP/RAR contents containing a crafted .library-ms, Explorer can trigger an SMB authentication to a remote server, leaking the user’s NTLM hash. No user interaction beyond extraction is requir...

6.5CVSS7.3AI score0.25068EPSS
CVE
CVE
added 2023/09/12 4:58 p.m.488 views

CVE-2023-38161

Technical details for CVE-2023-38161 are not publicly provided in the supplied documents; no confirmed affected product/version/impact/root cause/fix are stated here. Monitor for official advisories.

7.8CVSS7.8AI score0.0075EPSS
CVE
CVE
added 2023/11/14 5:57 p.m.485 views

CVE-2023-36036

CVE-2023-36036 is a Windows Elevation of Privilege in the Windows Cloud Files Mini Filter Driver. The flaw is a local, privilege-escalation bug (privileges required: low) that can grant SYSTEM-level access and has high impact on confidentiality, integrity, and availability. Public analyses report...

7.8CVSS8.7AI score0.1667EPSS
In wild
CVE
CVE
added 2023/09/12 4:58 p.m.483 views

CVE-2023-38149

CVE-2023-38149 is a Windows TCP/IP Denial of Service vulnerability. The CVE entry describes a network-based issue with impact limited to Availability (I:H) and no Confidentiality/Integrity impact (C:N, I:N) per CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, base score 7.5 (HIGH). Connected docume...

7.5CVSS7.9AI score0.04323EPSS
CVE
CVE
added 2024/10/08 5:35 p.m.482 views

CVE-2024-43573

CVE-2024-43573 is a Windows MSHTML Platform Spoofing vulnerability. Public sources confirm it affects MSHTML in Windows and that patches were released (Microsoft Update Guide). There is evidence of exploitation in the wild for MSHTML-related spoofing vulnerabilities, including references noting a...

8.1CVSS7.4AI score0.43679EPSS
In wild
CVE
CVE
added 2023/10/10 5:7 p.m.477 views

CVE-2023-35349

Technical details about CVE-2023-35349 are not publicly provided in the connected documents. The MSMQ RCE vulnerability specifics (affected products/versions, exploitability, and fixes) are not disclosed here; monitor official Microsoft advisories and CVE records for updates.

9.8CVSS9.6AI score0.02784EPSS
CVE
CVE
added 2025/10/14 5:1 p.m.476 views

CVE-2025-55695

CVE-2025-55695 describes an out-of-bounds read vulnerability in the Windows WLAN Auto Config Service that enables an authorized local attacker to disclose information. The description in the initial document confirms the root cause (out-of-bounds read) and the impact (local information disclosure...

5.5CVSS6.1AI score0.00381EPSS
CVE
CVE
added 2025/10/14 5:0 p.m.474 views

CVE-2025-59294

CVE-2025-59294 affects Windows Taskbar Live. The description indicates exposure of sensitive information to an unauthorized actor under physical access, enabling information disclosure. Connected documents provide limited details: the exact vulnerable component context and remediation are not spe...

4.6CVSS5.8AI score0.00586EPSS
CVE
CVE
added 2025/10/14 5:0 p.m.473 views

CVE-2025-59211

CVE-2025-59211 concerns exposure of sensitive information to an unauthorized actor in Windows Push Notification Core, enabling an attacker with local access to disclose information. The initial entry identifies a local attack vector with a medium base score (CVSS 3.1: AV=L, AC=L, PR=L, UI=N, S=U,...

5.5CVSS6.1AI score0.00567EPSS
CVE
CVE
added 2023/09/12 4:58 p.m.472 views

CVE-2023-36804

CVE-2023-36804 is a Windows GDI elevation-of-privilege vulnerability (local, low privileges required, no user interaction) with a CVSS v3.1 base score of 7.8 (HIGH). Affected component is Windows GDI; impact is high on confidentiality, integrity, and availability. Connected sources corroborate th...

7.8CVSS7.7AI score0.01229EPSS
CVE
CVE
added 2023/09/12 4:58 p.m.468 views

CVE-2023-38143

Technical details for CVE-2023-38143 are not publicly provided in the supplied documents. Affected product/version, root cause, exploitability, and remediation are not specified here; monitor for official disclosures and vendor advisory updates.

7.8CVSS7.8AI score0.04373EPSS
CVE
CVE
added 2023/09/12 4:58 p.m.462 views

CVE-2023-38139

CVE-2023-38139 is a Windows kernel vulnerability tied to registry hive refcount handling, contributing to hive memory corruption. The connected docs note refcount overflow risks in CM_KEY_SECURITY descriptors (and related loader logic), describing how overflow can trigger use-after-free and enabl...

7.8CVSS7.8AI score0.01021EPSS
CVE
CVE
added 2023/09/12 4:58 p.m.461 views

CVE-2023-38141

Technical details for CVE-2023-38141 are not provided in the connected documents. The sources discuss Windows Registry/VRegDriver context but do not specify affected products/versions, root cause, impact, or fixes for this CVE. Monitor for official disclosures.

7.8CVSS7.8AI score0.00632EPSS
CVE
CVE
added 2024/02/13 6:2 p.m.460 views

CVE-2024-21351

CVE-2024-21351 is a Windows SmartScreen Security Feature Bypass vulnerability. Public exploits exist; attackers could bypass SmartScreen and inject code, potentially gaining code execution, exposing data, or impacting availability. Relevant advisories note active exploitation and focus on applyin...

7.6CVSS8.5AI score0.30344EPSS
In wild
CVE
CVE
added 2025/09/09 5:1 p.m.454 views

CVE-2025-54917

CVE-2025-54917 is a network-exploitable issue in Windows MapUrlToZone that enables circumvention of a security mechanism. The CVSS v3.1 base score is 4.3 (NETWORK, LOW attack complexity, NONE privileges, UI required) with a LOW confidentiality impact. The Connected documents indicate this CVE map...

4.3CVSS6.3AI score0.00842EPSS
CVE
CVE
added 2024/06/11 4:59 p.m.453 views

CVE-2024-35250

CVE-2024-35250 is a Windows kernel‑mode driver LPE in ks.sys (Kernel Streaming core) caused by an untrusted pointer dereference. PoCs and exploits exist (e.g., PoCs on GitHub; KS driver) with active demonstrations, and exploitation has been observed in public material. Microsoft addressed the iss...

7.8CVSS7.7AI score0.25222EPSS
In wild
CVE
CVE
added 2024/03/12 4:57 p.m.445 views

CVE-2024-21429

The CVE-2024-21429 entry covers a remote code execution vulnerability in the Windows USB Hub Driver. According to the description, the issue affects the USB Hub Driver and could lead to arbitrary code execution with high impact on confidentiality, integrity, and availability. Exploitation details...

6.8CVSS7.2AI score0.00904EPSS
CVE
CVE
added 2024/11/12 5:54 p.m.443 views

CVE-2024-49039

CVE-2024-49039 is a Windows Task Scheduler privilege-escalation vulnerability. An authenticated local attacker can elevate privileges outside of AppContainer and access privileged RPC functions via the Task Scheduler, enabling local privilege escalation with high impact (CVE-2024-49039). There ar...

8.8CVSS8.6AI score0.13719EPSS
In wild
CVE
CVE
added 2023/10/10 5:7 p.m.441 views

CVE-2023-36577

CVE-2023-36577 concerns the Microsoft WDAC OLE DB provider for SQL Server. Public descriptions indicate a remote code execution vulnerability in this WDAC OLE DB provider, enabling an attacker to execute arbitrary code on a vulnerable system. The CVE is characterized with a Network attack vector,...

8.8CVSS9.5AI score0.01738EPSS
CVE
CVE
added 2024/02/13 6:2 p.m.436 views

CVE-2024-21340

Technical details for CVE-2024-21340 are not provided in the supplied documents. Monitor for updates.

4.6CVSS5.3AI score0.00752EPSS
CVE
CVE
added 2023/10/10 5:8 p.m.431 views

CVE-2023-38159

Technical details for CVE-2023-38159 are not provided in the connected documents. Public details (affected software, impact, and mitigations) should be consulted from the NVD/Microsoft advisory.

7CVSS8.1AI score0.05594EPSS
CVE
CVE
added 2023/10/10 5:7 p.m.420 views

CVE-2023-36722

Technical details (affected product/versions, root cause, exploitability, or fix) for CVE-2023-36722 are not provided in the supplied connected documents; monitor for updates.

4.4CVSS6.5AI score0.01238EPSS
CVE
CVE
added 2023/10/10 5:8 p.m.417 views

CVE-2023-36567

Technical details for CVE-2023-36567 are not publicly provided in the supplied documents. Monitor for updates from official advisories; current entries mention Windows Deployment Services information disclosure but lack specifics on affected components or fixes.

7.5CVSS8.2AI score0.02008EPSS
CVE
CVE
added 2023/10/10 5:7 p.m.417 views

CVE-2023-36702

CVE-2023-36702 affects Microsoft DirectMusic. Based on the CVSS 3.1 vector, the vulnerability is a LOCAL, low-complexity exploit that requires user interaction and yields HIGH impact to confidentiality, integrity, and availability. The provided documents identify the affected component only as Di...

7.8CVSS8.8AI score0.00955EPSS
CVE
CVE
added 2023/10/10 5:8 p.m.416 views

CVE-2023-36436

CVE-2023-36436 is a Windows MSHTML Platform Remote Code Execution vulnerability. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) yields a base score of 7.8 (HIGH) with a LOCAL attack vector, requiring user interaction and granting high impact on confidentiality, integrity, and availabil...

7.8CVSS8.8AI score0.01018EPSS
CVE
CVE
added 2023/10/10 5:7 p.m.416 views

CVE-2023-36711

Technical details about CVE-2023-36711 are not publicly provided in the supplied documents. Monitor for official advisories for affected products, impact, and fixes.

7.8CVSS8.6AI score0.00658EPSS
CVE
CVE
added 2023/10/10 5:7 p.m.413 views

CVE-2023-36576

CVE-2023-36576 is a Windows kernel registry/containerization vulnerability in VRegDriver that enabled a container escape via registry virtualization (VrpRegistryCallback) when using differencing/hive layering. The issue related to VrpBuildKeyPath and other path-resolution logic allowed an untrust...

5.5CVSS5.9AI score0.01025EPSS
CVE
CVE
added 2023/10/10 5:7 p.m.410 views

CVE-2023-36574

CVE-2023-36574 affects Microsoft Message Queuing (MSMQ) with a local, user-interaction–dependent remote code execution vulnerability (CVSS v3.1: AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H; base 7.3). Exploitation status and remediation details are not provided in the supplied connected documents.

7.3CVSS8.4AI score0.00967EPSS
CVE
CVE
added 2023/10/10 5:7 p.m.410 views

CVE-2023-41767

Technical details about CVE-2023-41767 are not publicly provided in the supplied documents. No concrete affected products, root cause, or remediation are specified. Monitor for updates from official sources.

8.1CVSS9AI score0.01256EPSS
CVE
CVE
added 2025/06/10 5:2 p.m.410 views

CVE-2025-33073

CVE-2025-33073 is a network-accessible elevation of privilege in the Windows SMB Client caused by improper access control in the SMB protocol stack. The initial description confirms privilege escalation with network access. Connected documents provide concrete exploit presence: PoCs and proof‑of‑...

8.8CVSS8.7AI score0.64987EPSS
In wild
CVE
CVE
added 2023/10/10 5:7 p.m.409 views

CVE-2023-36596

CVE-2023-36596 is described as a Remote Procedure Call Information Disclosure Vulnerability with CVSS v3.1 base score 7.5 (HIGH). It is labeled as network-based with low attack complexity and no privileges or user interaction required, and it has a high confidentiality impact. The provided docume...

7.5CVSS8.3AI score0.02038EPSS
CVE
CVE
added 2024/01/09 5:56 p.m.409 views

CVE-2024-20666

CVE-2024-20666 is a BitLocker security feature bypass related to the Windows Recovery Environment (WinRE). The connected MSRC/updates data confirm a BitLocker bypass vulnerability and note a Microsoft security update to mitigate it (KBs associated with January 2024 security updates, including Win...

6.6CVSS6.8AI score0.03104EPSS
In wild
CVE
CVE
added 2024/07/09 5:2 p.m.408 views

CVE-2024-38112

CVE-2024-38112 Windows MSHTML Platform Spoofing is a Windows/MSHTML vulnerability exploited in the wild by the Void Banshee group. The issue involves spoofing UI within the MSHTML/IE rendering path, enabling code execution when a user opens a crafted .url payload that references an embedded MHTML...

7.5CVSS8.8AI score0.84345EPSS
In wild
Total number of security vulnerabilities1176