Lucene search
+L
MicrosoftWindows 10

2974 matches found

CVE
CVE
added 2018/12/12 12:0 a.m.324 views

CVE-2018-8641

CVE-2018-8641 is a Windows Win32k kernel-mode privilege-escalation vulnerability. The Win32k component fails to properly handle objects in memory, enabling local privilege escalation. Affected products include multiple Windows versions (Windows 7, Windows 8.1, Windows 10 and corresponding Server ...

7.8CVSS8.5AI score0.01116EPSS
In wild
CVE
CVE
added 2022/09/13 6:41 p.m.323 views

CVE-2022-30170

Technical details about CVE-2022-30170 are not provided in the supplied documents. The connected sources reference related Credential Roaming issues and general Windows security updates, but no specific vulnerability details, affected products, or fixes are disclosed here. Monitor for updates.

7.3CVSS8.3AI score0.01512EPSS
In wild
CVE
CVE
added 2020/07/29 5:45 p.m.322 views

CVE-2020-15705

GRUB2 ≤ 2.04 fails to validate kernel signatures when booting directly without shim, allowing Secure Boot bypass if the kernel signing certificate is in the Secure Boot DB. The issue affects GRUB2 2.04 and earlier; upgrades to patched grub2/shim combinations are advised (e.g., 2.06+ and related s...

6.4CVSS7.1AI score0.01434EPSS
CVE
CVE
added 2019/08/14 8:55 p.m.317 views

CVE-2019-1182

CVE-2019-1182 is a remote code execution vulnerability in Microsoft Windows Remote Desktop Services (RDS) caused by a heap overflow in the server’s dynamic channel handling when processing RDP requests. The flaw is pre-authentication and exploitable by an unauthenticated attacker who connects to ...

10CVSS9.2AI score0.12934EPSS
In wild
CVE
CVE
added 2022/07/12 10:37 p.m.315 views

CVE-2022-22049

CVE-2022-22049 is a Windows CSRSS (Client Server Run-time Subsystem) Elevation of Privilege vulnerability. The entry lists a CVSS v2 base score of 7.2 (HIGH) and CVSS v3.1 base score of 7.8 (HIGH), with LOCAL attack vector, LOW attack complexity, and privileges required as LOW; no user interactio...

7.8CVSS8.2AI score0.01055EPSS
In wild
CVE
CVE
added 2019/07/15 6:56 p.m.314 views

CVE-2019-1006

CVE-2019-1006 corresponds to an authentication bypass vulnerability in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF) that allows signing SAML tokens with arbitrary symmetric keys. The connected Nessus entries reiterate this issue as part of Microsoft SharePoint serv...

7.5CVSS7.8AI score0.06024EPSS
CVE
CVE
added 2022/05/10 8:33 p.m.313 views

CVE-2022-21972

CVE-2022-21972 is a Windows PPTP VPN component remote code execution vulnerability caused by use-after-free handling of PPTP packets. The connected advisory states a remote code execution vulnerability exists in Windows VPN due to improper PPTP packet handling, i.e., PPTP protocol use after free....

9.3CVSS9AI score0.80933EPSS
CVE
CVE
added 2022/03/09 5:8 p.m.311 views

CVE-2022-24505

CVE-2022-24505 is a Windows ALPC Elevation of Privilege vulnerability. The connected sources confirm a local privilege escalation in the Windows ALPC mechanism, enabling an attacker with local access to obtain high/ SYSTEM-like privileges. The NVD/CVSS data show a CVSS 3.1 base score of 7.0 (HIGH...

7CVSS7.6AI score0.00345EPSS
CVE
CVE
added 2022/04/15 7:3 p.m.307 views

CVE-2022-24500

CVE-2022-24500 is a Windows SMB Remote Code Execution vulnerability. Connected exploit posts provide concrete steps and code to launch a Windows SMB-based RCE, requiring the target to interact with a malicious server/share over SMB (port 445). The GitHub exploits illustrate an end-to-end chain (d...

8.8CVSS9.4AI score0.38049EPSS
CVE
CVE
added 2019/04/09 8:15 p.m.306 views

CVE-2019-0685

CVE-2019-0685 is a Windows Win32k Elevation of Privilege vulnerability. The Win32k component fails to properly handle objects in memory, enabling a local attacker to escalate to kernel mode and execute code with high impact. Documented alongside related CVEs (CVE-2019-0803, CVE-2019-0859) and ref...

7.8CVSS8.2AI score0.01649EPSS
In wild
CVE
CVE
added 2023/01/10 12:0 a.m.306 views

CVE-2023-21746

CVE-2023-21746 is a Windows NTLM elevation of privilege vulnerability. A GitHub exploit module for LocalPotato CVE-2023-21746 suggests a Windows-based target, with hints of buffer overflow/memory corruption as the likely root cause and that the exploit may be invoked via an exploit.py script in a...

7.8CVSS7.7AI score0.02537EPSS
CVE
CVE
added 2018/08/15 5:0 p.m.305 views

CVE-2018-0952

CVE-2018-0952 is a local Elevation of Privilege vulnerability in Diagnostics Hub Standard Collector (used by Windows Diagnostics Hub and Visual Studio components). The root cause, as documented, is the ability to create arbitrary files due to lack of proper client impersonation in DiagnosticsHub....

7.8CVSS7.9AI score0.06232EPSS
In wild
CVE
CVE
added 2018/05/09 7:0 p.m.300 views

CVE-2018-8124

CVE-2018-8124 is a Win32k privilege-escalation vulnerability in Windows where the Win32k component fails to properly handle objects in memory. Affected: Windows 7, Windows Server 2008/2008 R2, Windows 8.1, Windows 10 and corresponding Server editions listed in the description; root cause is impro...

7CVSS7.4AI score0.01248EPSS
In wild
CVE
CVE
added 2021/09/15 11:23 a.m.299 views

CVE-2021-38633

CVE-2021-38633 affects Windows CLFS driver (Common Log File System). Connected sources provide concrete technical detail: the vulnerability is a local privilege escalation in clfs.sys, related to CLFS container/file creation paths and privilege checks (e.g., CClfsBaseFilePersisted::CreateContaine...

7.8CVSS8AI score0.00887EPSS
In wild
CVE
CVE
added 2021/08/12 6:11 p.m.298 views

CVE-2021-26424

The CVE-2021-26424 issue is a Windows TCP/IP remote code execution vulnerability. According to the NCSC advisory, it can be remotely triggered by a malicious IPv6 ping from a Hyper‑V guest to the Hyper‑V host, with exploitation achieved by sending a specially crafted TCP/IP packet to the host usi...

9.9CVSS8.8AI score0.58898EPSS
CVE
CVE
added 2020/09/11 5:8 p.m.296 views

CVE-2020-1013

Technical details specific to CVE-2020-1013 are not provided in the supplied documents. The connected KB articles reference other updates and vulnerabilities but do not reveal CVE-2020-1013 specifics. Monitor for updates.

9.3CVSS7.5AI score0.06405EPSS
CVE
CVE
added 2020/05/21 10:52 p.m.295 views

CVE-2020-1048

CVE-2020-1048 is a Windows Print Spooler elevation of privilege vulnerability. It arises from improper handling that allows arbitrary writing to the file system, enabling local privilege escalation. Public exploits/public PoCs exist (notably PrintDemon) and have been discussed alongside patch cir...

7.8CVSS7.7AI score0.16502EPSS
In wild
CVE
CVE
added 2021/09/15 11:23 a.m.295 views

CVE-2021-36963

Technical details about CVE-2021-36963 are not provided in the supplied documents. Public disclosures among the connected items do not specify affected products, root cause, impact, or fixes beyond the general vendor advisory; monitor for official updates.

7.8CVSS8AI score0.00977EPSS
In wild
CVE
CVE
added 2022/04/15 7:3 p.m.293 views

CVE-2022-24491

CVE-2022-24491 is a Remote Code Execution flaw in Windows Network File System (NFS) that is exploitable only on systems with the NFS role enabled. Affected component is the Windows NFS protocol handling; the root cause is remote code execution via specially crafted NFS network messages. Public pa...

9.8CVSS9.6AI score0.33474EPSS
CVE
CVE
added 2022/04/15 7:3 p.m.293 views

CVE-2022-24528

CVE-2022-24528 is a Remote Code Execution vulnerability in Windows RPC Runtime. It is a network-exposed issue affecting the Windows RPC runtime, with a high-severity impact (C/H/I/A: high) per CVSS v3.1 (8.8) and a medium base score (6.8) in CVSS v2. The CVSS v3.1 vector indicates network access,...

8.8CVSS9.4AI score0.02435EPSS
CVE
CVE
added 2022/05/10 8:33 p.m.293 views

CVE-2022-26931

CVE-2022-26931 is a Windows Kerberos elevation-of-privilege issue tied to certificate-to-account mapping changes in Active Directory. Microsoft KBs and Citrix documents describe remediation via certificate-mapping updates (e.g., KB5014754 and related out‑of‑band mitigations) to address how certif...

7.5CVSS8.5AI score0.02434EPSS
In wild
CVE
CVE
added 2018/05/09 7:0 p.m.292 views

CVE-2018-8166

The CVE-2018-8166 entry is supported by connected documents describing a Win32k privilege-escalation vulnerability in Windows where the Win32k component mishandles objects in memory, allowing local kernel-mode code execution if exploited. Affected products span multiple Windows versions (e.g., Wi...

7CVSS7.4AI score0.01265EPSS
In wild
CVE
CVE
added 2019/06/12 1:49 p.m.292 views

CVE-2019-1040

CVE-2019-1040 describes a tampering vulnerability in Microsoft Windows NTLM MIC protection where a MITM attacker can alter NTLM flags in the NTLM exchange without invalidating the signature. The root cause is improper validation/tampering of MIC in NTLM AUTHENTICATE messages, enabling an attacker...

5.9CVSS6.7AI score0.48043EPSS
In wild
CVE
CVE
added 2020/08/17 7:12 p.m.292 views

CVE-2020-1337

CVE-2020-1337 is a local privilege-escalation vulnerability in the Windows Print Spooler. It results from a bypass of the CVE-2020-1048 patch via a Junction Directory, allowing an unprivileged user to achieve elevation by abusing how the spooler writes to the file system. The risk is local (no ne...

7.8CVSS8.2AI score0.14179EPSS
In wild
CVE
CVE
added 2019/04/09 8:15 p.m.288 views

CVE-2019-0796

Technical details for CVE-2019-0796 are not publicly provided in the supplied documents; no affected product/version or exploit specifics are confirmed here. Monitor for updates.

5.5CVSS6.7AI score0.0424EPSS
In wild
CVE
CVE
added 2020/01/14 11:11 p.m.288 views

CVE-2020-0611

CVE-2020-0611 is a remote code execution vulnerability in the Windows Remote Desktop Client. Connected documents confirm the flaw affects the RDP client when a user connects to a malicious server, enabling arbitrary code execution on the client. The Microsoft blogs and advisories describe pre-aut...

7.5CVSS8.8AI score0.0808EPSS
CVE
CVE
added 2022/03/09 5:6 p.m.288 views

CVE-2022-21977

Technical details about CVE-2022-21977 (Media Foundation Information Disclosure Vulnerability) are not provided in the supplied documents. No concrete affected products, versions, or remediation are stated here; monitor official sources for updates and disclosures.

4.3CVSS5.7AI score0.02352EPSS
CVE
CVE
added 2020/11/11 6:48 a.m.287 views

CVE-2020-1599

CVE-2020-1599 is referenced in connected material (notably Microsoft ZLoader defense-evasion coverage) as a vulnerability used to aid attacker techniques (e.g., signing/validating files to mask malice). The documents do not provide concrete technical details on the root cause, affected products/v...

5.5CVSS7.2AI score0.19124EPSS
In wild
CVE
CVE
added 2020/06/09 7:44 p.m.286 views

CVE-2020-1307

Technical details for CVE-2020-1307 are not publicly provided in the supplied documents. Monitor for updates from official sources for affected products, impact, and remediation if available.

9.3CVSS7.7AI score0.03763EPSS
In wild
CVE
CVE
added 2022/04/15 7:4 p.m.286 views

CVE-2022-24547

CVE-2022-24547 matches the Windows Digital Media Receiver Elevation of Privilege vulnerability. Connected CNVD-2022-65611 describes an elevation of privilege in Microsoft Windows Digital Media Receiver caused by an incorrect programmatic call to an advanced local procedure. The CVE entry lists th...

7.8CVSS8.6AI score0.06207EPSS
CVE
CVE
added 2018/05/09 7:0 p.m.285 views

CVE-2018-8164

CVE-2018-8164 is a Win32k privilege-escalation vulnerability in Windows where the Win32k component fails to properly handle objects in memory. Affected are multiple Windows releases (server and client SKUs listed in the CVE entry). The connected documents corroborate a kernel-mode elevation of pr...

7.8CVSS7.4AI score0.01541EPSS
In wild
CVE
CVE
added 2020/01/14 11:11 p.m.285 views

CVE-2020-0624

CVE-2020-0624 is a Win32k Elevation of Privilege vulnerability in Windows where the Win32k component fails to properly handle objects in memory. The NVD entry notes an affected Windows environment with local attacker access and a high-severity CVSS 3.1 score (7.8) indicating local, low-privilege,...

7.8CVSS7.7AI score0.01926EPSS
CVE
CVE
added 2021/05/11 7:11 p.m.285 views

CVE-2021-31167

CVE-2021-31167 is a Windows vulnerability in the Container Manager Service that enables Elevation of Privilege. It is a local, low-attack-complexity issue with high impact (confidentiality/ integrity/ availability), allowing an attacker with low privileges to escalate. Public exploits are noted f...

7.8CVSS7.6AI score0.01013EPSS
In wild
CVE
CVE
added 2022/04/15 7:4 p.m.282 views

CVE-2022-24545

Technical details about CVE-2022-24545 (affected product/versions/root cause/exploitability) are not provided in the supplied connected documents. Monitor for updates from official advisories for concrete information and remediation guidance.

8.1CVSS9AI score0.02134EPSS
CVE
CVE
added 2019/04/09 8:15 p.m.280 views

CVE-2019-0730

CVE-2019-0730 is a Windows local privilege escalation affecting the LUAFV driver (luafv.sys). The vulnerability arises from how LUAFV handles certain calls, enabling an attacker to obtain elevated privileges. Public exploitation exists per CIRCL/CVE-2019-0730 sightings, including Exploit-DB entry...

7.8CVSS6.7AI score0.04352EPSS
In wild
CVE
CVE
added 2019/08/14 8:55 p.m.280 views

CVE-2019-1226

CVE-2019-1226 is a pre-auth remote code execution vulnerability in Windows Remote Desktop Services (RDP Server). An unauthenticated attacker can send specially crafted RDP requests to a target and execute arbitrary code, potentially installing programs, modifying data, or creating user accounts w...

10CVSS9.2AI score0.07586EPSS
CVE
CVE
added 2019/04/09 2:27 a.m.279 views

CVE-2019-0821

CVE-2019-0821, CVE-2019-0703 and CVE-2019-0704 describe an information disclosure vulnerability in the Windows SMB Server related to how it handles certain requests. The connected documents consistently identify the SMB Server information-disclosure flaw as the core issue across these CVEs, affec...

6.5CVSS6.8AI score0.06219EPSS
In wild
CVE
CVE
added 2021/01/12 7:42 p.m.277 views

CVE-2021-1678

CVE-2021-1678 affects the Windows Print Spooler service and is described in Connected documents as an arbitrary code execution vulnerability. The available connected document provides a PoC exploit (Exploit for CVE-2021-1678) hosted on Gitee, contained in a Docker container with a Python script s...

8.8CVSS8AI score0.0938EPSS
CVE
CVE
added 2021/12/15 2:15 p.m.277 views

CVE-2021-43217

CVE-2021-43217 is a Windows Encrypting File System (EFS) remote code execution vulnerability. The connected exploit document documents a practical demonstration of an EFS bypass on Windows 10 and shows use of Kali Linux, Metasploit and reverse TCP payloads, indicating an attacker could achieve co...

9.8CVSS9.1AI score0.06419EPSS
In wild
CVE
CVE
added 2022/04/15 7:3 p.m.277 views

CVE-2022-24497

CVE-2022-24497 is a Windows Network File System (NFS) Remote Code Execution vulnerability. Exploitation can occur remotely over the network if NFS is enabled; Microsoft rated it Critical (CVSS v3.1 9.8) with wormable characteristics discussed in Patch Tuesday coverage. There is a public exploit/t...

9.8CVSS9.6AI score0.34552EPSS
CVE
CVE
added 2021/05/11 7:11 p.m.275 views

CVE-2021-28476

CVE-2021-28476 is a Hyper-V vmswitch.sys vulnerability enabling guest-to-host access via an out-of-bounds read in VmsIfrInfoParams_OID_SWITCH_NIC_REQUEST when processing OID_SWITCH_NIC_REQUEST. Public PoC/exploit code exists (e.g., 0vercl0k and LaCeeKa repos) and prior reports describe guest-trig...

9.9CVSS9.7AI score0.38625EPSS
CVE
CVE
added 2022/03/09 5:6 p.m.275 views

CVE-2022-21967

Technical details about CVE-2022-21967 are not publicly provided in the supplied documents. Monitor for updates from official sources for affected products, impact, and remediation information.

7CVSS7.7AI score0.00658EPSS
CVE
CVE
added 2022/03/09 5:7 p.m.274 views

CVE-2022-23293

Technical details for CVE-2022-23293 are not publicly available in the provided Connected documents. Monitor for updates.

7.8CVSS8.1AI score0.00645EPSS
CVE
CVE
added 2022/03/09 5:7 p.m.273 views

CVE-2022-23284

Technical details for CVE-2022-23284 (affected product, root cause, impact, and fix) are not publicly available in the provided Connected documents. Monitor for updates from official sources.

9CVSS7.7AI score0.03062EPSS
CVE
CVE
added 2019/04/09 8:15 p.m.272 views

CVE-2019-0805

Technical details for CVE-2019-0805 are not publicly available in the provided documents. Monitor for updates.

7.8CVSS6.7AI score0.02785EPSS
In wild
CVE
CVE
added 2019/03/06 12:0 a.m.271 views

CVE-2019-0633

CVE-2019-0633 describes a remote code-execution vulnerability in the Microsoft Windows SMBv2 server. The SMBv2 service can be triggered by handling certain requests, enabling an attacker to execute arbitrary code on the target system. The CVE is distinct from CVE-2019-0630. Severity is high (NVD ...

9CVSS9.3AI score0.13039EPSS
CVE
CVE
added 2019/04/09 8:15 p.m.271 views

CVE-2019-0731

Technical details (affected product/version, root cause, impact, or fix) are not provided in the connected documents. Monitor for updates from CIRCL/CIRSA sources and exploit-db references for CVE-2019-0731.

7.8CVSS6.7AI score0.04352EPSS
In wild
CVE
CVE
added 2021/08/12 6:12 p.m.271 views

CVE-2021-34487

Technical details for CVE-2021-34487 are not publicly available in the provided connected documents. Monitor for updates from Microsoft and CVE records; no concrete affected products, root cause, or fixes are described here.

7.8CVSS7.6AI score0.0052EPSS
In wild
CVE
CVE
added 2019/04/08 11:40 p.m.270 views

CVE-2019-0704

CVE-2019-0703 is an information-disclosure vulnerability in Windows SMB Server handling of certain requests. Connected sources confirm the issue as a Windows SMB Information Disclosure vulnerability distinct from CVE-2019-0704 and CVE-2019-0821. FireEye Mandiant Threat Intelligence notes that CVE...

6.5CVSS6.8AI score0.05583EPSS
In wild
CVE
CVE
added 2021/08/12 6:11 p.m.270 views

CVE-2021-26432

CVE-2021-26432 is a remote code execution vulnerability in the Windows Services for NFS ONCRPC XDR Driver. The issue allows an attacker to execute arbitrary code on a vulnerable system via the ONCRPC XDR Driver component, with high impact (C/H/I/A = HIGH) and network access (CVSS scores reflect r...

9.8CVSS8.8AI score0.10326EPSS
Total number of security vulnerabilities2974