327 matches found
CVE-2026-44815
CVE-2026-44815 is a stack-based buffer overflow in the Windows DHCP Client that enables remote code execution over the network. Affected component: Windows DHCP Client; root cause is a stack-based overflow. Consequences are remote code execution with high impact, as indicated by the CVSS vector (...
CVE-2026-45657
CVE-2026-45657 is a use-after-free in the Windows Kernel that enables a remote attacker to execute code over a network without user interaction. The formal CVSSv3.1 base score is 9.8 (CRITICAL), with network attack vector, low attack complexity, no privileges required, and high impact to confiden...
CVE-2026-47291
The CVE-2026-47291 entry describes an integer overflow/ wraparound in Windows HTTP.sys that enables a remote attacker to execute code over the network. Affected software component: Windows HTTP.sys. Root cause: integer overflow/wraparound in the HTTP.sys processing path. Impact: unauthenticated n...
CVE-2026-33824
CVE-2026-33824 is a Windows IKE Extension (ikeext) remote code execution vulnerability caused by a double-free in IKEEXT. ZDI notes it is wormable and affects systems with IKE enabled; exploitation can occur over UDP/500-4500 and may enable lateral movement from inside networks. Microsoft has iss...
CVE-2026-42904
CVE-2026-42904 is a Windows TCP/IP heap-based buffer overflow vulnerability that allows an unauthenticated attacker on an adjacent network to elevate privileges. The issue affects the Windows TCP/IP stack and is identified as a 9.6 (CRITICAL) CVSSv3.1 Base Score with attacker-friendly characteris...
CVE-2026-45602
Technical details (affected product versions, root cause, exploit specifics, and remediation) are not publicly available in the provided documents. Monitor for updates from NVD and CVE List for CVE-2026-45602.
CVE-2026-42992
CVE-2026-42992 describes a heap-based buffer overflow in the Remote Desktop Client that could allow an unauthenticated attacker to execute code over the network. The vulnerability affects the Remote Desktop Client as described across multiple sources (NVD, CVE listings, and Microsoft’s advisory)....
CVE-2026-45586
Technical details (affected product/component, root cause, impact, versions, or exploit information) are not publicly available in the provided documents. Monitor for updates.
CVE-2026-45585
CVE-2026-45585 concerns a Windows security feature bypass publicly referred to as “YellowKey.” The CVE entry notes a mitigation path provided by Microsoft to protect against the vulnerability until an update is released. The CVSSv3.1 metrics indicate a MEDIUM base score (6.8) with physical attack...
CVE-2026-48576
CVE-2026-48576 is a Windows Secure Boot vulnerability described as a protection mechanism failure enabling a local attacker with high privileges to bypass a security feature. The available documents specify a local attack vector with low complexity and no user interaction, and a base CVSS 3.1 sco...
CVE-2026-33829
CVE-2026-33829 concerns the Windows Snipping Tool and is assigned a CVSSv3.1 base score of 4.3 (Medium). The vulnerability is described with a network attack vector but requires user interaction and does not affect integrity or availability, with confidentiality impact listed as Low. The metric i...
CVE-2026-40369
CVE-2026-40369 is a Windows Kernel elevation of privilege vulnerability described as an untrusted pointer dereference that could allow an authorized, local attacker to elevate privileges. Connected documents confirm this is affecting Windows kernel components across Windows 11 (versions in 25H2/2...
CVE-2026-45597
The CVE-2026-45597 issue affects Windows UI Automation Manager (uiamanager.dll). A race condition arises from concurrent execution with improper synchronization on a shared resource, enabling a local, authorized attacker to elevate privileges. Documents confirm the vulnerability type and impact (...
CVE-2026-33828
CVE-2026-33828 affects Windows Device Health Attestation (DHA). The vulnerability is a trust boundary violation in Windows Attestation that allows an authorized local attacker to elevate privileges. CVSS v3.1 base metrics indicate high impact to confidentiality, integrity, and availability with l...
CVE-2026-45604
CVE-2026-45604 is an out-of-bounds read vulnerability in the Windows AppID (Windows Application Identity) Subsystem that can allow an authorized local attacker to disclose information. The affected component is described as the AppID Subsystem; the root cause is an out-of-bounds read leading to i...
CVE-2026-26128
CVE-2026-26128 concerns an elevation-of-privilege flaw in Windows SMB Server caused by improper authentication. The vulnerability affects Windows SMB Server and is described in connected sources as allowing an authorized local attacker to obtain higher privileges. Evidence from the connected docu...
CVE-2026-33841
CVE-2026-33841 is a heap-based buffer overflow in the Windows kernel that allows an authorized, local attacker to elevate privileges. Public docs consistently describe the vulnerability as a local privilege escalation in Windows Kernel. The CVE has accompanying CVSSv3.1 metrics indicating local a...
CVE-2026-44803
CVE-2026-44803 describes an integer overflow/wraparound in Windows Win32K - GRFX that can allow a local attacker to execute code. The vulnerability is identified across multiple sources (NVD, CVE listing, and MSRC update page) and is classified with a high impact: local code execution, requiring ...
CVE-2026-42978
CVE-2026-42978: A race condition due to improper synchronization in Windows Push Notifications leads to local privilege escalation for an authorized attacker. The CVSSv3.1 base score is 7.8 (LOCAL, HIGH impact on confidentiality, integrity, and availability) with HIGH attack complexity and LOW pr...
CVE-2026-42985
CVE-2026-42985 is described in connected sources as a heap-based buffer overflow in the Remote Desktop Client that allows an unauthenticated attacker to execute code over the network. The initial and connected docs provide the vulnerability description and a high CVSS score (8.8, HIGH) with netwo...
CVE-2026-40403
CVE-2026-40403 describes a heap-based buffer overflow in Windows Win32K GRFX that could allow a locally authenticated attacker to execute code. Affected component is Windows graphics subsystem (Win32K GRFX); cause is a heap-based overflow. Impact per available data is local code execution with hi...
CVE-2026-40404
CVE-2026-40404 concerns a Windows Universal Disk Format (UDFS) File System Driver Elevation of Privilege. The vulnerability affects the UDFS component, with a local attack vector, requiring low privileges and no user interaction, and yields high impact to confidentiality, integrity, and availabil...
CVE-2026-23673
Technical details are not publicly provided in the supplied documents. Monitor for updates.
CVE-2026-26179
Technical details about CVE-2026-26179 are not provided in the available documents; no product/version specifics or exploit information are disclosed. Monitor for updates.
CVE-2026-33834
Technical details are not publicly available in the provided documents. No affected products/versions or remediation specifics are included here. Monitor for updates from official CVE/NVD entries to obtain concrete exploit info, mitigations, and fixes.
CVE-2026-49160
The CVE-2026-49160 entry concerns HTTP.sys with an HTTP/2 resource consumption flaw leading to unauthenticated denial of service over the network. Exploitation details, affected versions or specific component paths aren’t provided in the connected documents. The NVD/MSRC entries confirm an uncont...
CVE-2026-26151
CVE-2026-26151 describes insufficient UI warnings in Windows Remote Desktop that can enable a network attacker to spoof a remote session. The NVD entry lists a CVSS v3.1 base score of 7.1 (HIGH) with network access, no privileges required, user interaction required, and impact to confidentiality ...
CVE-2026-35421
CVE-2026-35421 describes a heap-based buffer overflow in Windows GDI that permits a local attacker to execute arbitrary code. The entry lists a CVSS v3.1 base score of 7.8 (HIGH) with LOCAL attack vector, LOW attack complexity, NO privileges required, user interaction required, and impacts to con...
CVE-2026-33838
Technical details about CVE-2026-33838 are not publicly available in the provided documents. Monitor for updates from vendors and advisories before assessing impact or remediation.
CVE-2026-34339
Technical details about CVE-2026-34339 (Windows LDAP denial of service) are not publicly available in the provided connected documents. Monitor for updates from Microsoft/NVD for affected products, vectors, and fixes.
CVE-2026-25177
CVE-2026-25177 is an elevation-of-privilege vulnerability in Active Directory Domain Services. The CVE affects AD DS and permits an authorized attacker to elevate privileges over the network (CVSS v3.1: 8.8, Network, Privileges Required: Low, User Interaction: None, Confidentiality/Integrity/Avai...
CVE-2026-34342
CVE-2026-34342 describes a race condition in Windows Print Spooler Components enabling local privilege escalation for an authenticated attacker. The vulnerability arises from improper synchronization on a shared resource, leading to concurrent execution issues. Impact is local elevation of privil...
CVE-2026-33840
CVE-2026-33840 is a Windows Win32K use-after-free vulnerability in the ICOMP component that enables a locally authenticated attacker to elevate privileges. The root cause is a use-after-free in Win32K/ICOMP; impact is local privilege escalation with high severity per CVSS: AV:L/AC:L/PR:L/UI:N/S:U...
CVE-2026-32073
CVE-2026-32073 refers to a Local Privilege Escalation in the Windows Ancillary Function Driver for WinSock. The advisory notes a local attack vector with high impact (C:H/I:H/A:H) and a low-privilege, no-user-interaction requirement, under CVSS 3.1: base score 7.0, attack vector Local, attack com...
CVE-2026-32183
CVE-2026-32183 is a Windows Snipping Tool vulnerability that allows local execution of arbitrary code due to improper neutralization of special elements in a command (command injection). Affected component: Snipping Tool on Windows. Impact per sources: Executing (remote) code with high confidenti...
CVE-2026-33827
CVE-2026-33827 is a Windows TCP/IP race-condition vulnerability in the IPv6/IPSec processing path (tcpip.sys) that enables remote code execution. Exploitation described in connected docs requires sending crafted IPv6 packets (with IPSec) to Windows hosts with IPSec enabled; no authentication or u...
CVE-2026-40405
Technical details about CVE-2026-40405 are not publicly provided in the connected documents. The materials reiterate a Windows TCP/IP null pointer dereference causing potential denial of service. Monitor for updates from official sources for impact, affected products, and fixes.
CVE-2026-42970
CVE-2026-42970 involves Windows Push Notifications and is caused by the use of an uninitialized resource , enabling an authorized attacker to locally disclose information. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) yields a base score of 5.5 (Medium) with high confidentiality impac...
CVE-2026-47652
The CVE-2026-47652 entry concerns a Windows Hyper-V component vulnerability described as an out-of-bounds read that can yield local code execution by an unauthorized attacker. Public sources indicate the flaw affects Windows Hyper-V, with an attack vector that is Local and requires High privilege...
CVE-2026-40415
Technical details (affected product, component, root cause, impact, remediation) are not publicly available in the provided documents. Monitor for updates from official advisories.
CVE-2026-33835
Technical details about CVE-2026-33835 are not publicly provided in the connected documents. The initial description notes a use-after-free in Windows Cloud Files Mini Filter Driver with local privilege elevation, but no vendor/product/version specifics or fix details are included here. Monitor f...
CVE-2026-50507
CVE-2026-50507 concerns a Protection mechanism failure in Windows BitLocker that allows an unauthorized attacker to bypass a security feature via a physical attack . The connected documents corroborate a vulnerability affecting Windows BitLocker, with a CVSS v3.1 base score of 6.8 (Medium). The a...
CVE-2026-33104
CVE-2026-33104 is a Windows Win32K - GRFX race condition vulnerability rated CVSS v3.1 7.0 (High) with local privilege escalation impact. The connected sources label this as a Win32K-GRFX issue enabling “Obtain increased privileges” and reference Microsoft Windows updates guidance, but the provid...
CVE-2026-34337
CVE-2026-34337 describes a local privilege escalation via a use-after-free in the Windows Cloud Files Mini Filter Driver. An authorized attacker could elevate privileges locally (CVSS v3.1: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H; base 7.8). The connected documents confirm the vulnerability descripti...
CVE-2026-42989
Winlogon Elevation of Privilege (CVE-2026-42989) is caused by improper link resolution before file access ("link following"). This vulnerability allows an authorized, local attacker to gain higher privileges. Affected: Winlogon component on Windows; impact is local privilege escalation with a CVS...
CVE-2026-32157
CVE-2026-32157 affects the Remote Desktop Client and enables remote code execution over the network. The CVSSv3.1 score is 8.8 (HIGH), with confidentiality, integrity, and availability all rated High. Attack requires network access and user interaction, with privilegesN/A and exploitation current...
CVE-2026-42825
CVE-2026-42825 describes a use-after-free in Windows Telephony Service that allows an authorized attacker to elevate privileges locally. The description clearly states local privilege escalation as the impact, but the connected documents do not provide specifics on affected product versions, root...
CVE-2026-21530
CVE-2026-21530 : A double-free vulnerability in Windows Rich Text Edit is described as enabling an authorized attacker to perform local privilege escalation. The connected documents confirm the affected component and the local-privilege-elevation impact but do not provide exploit details, specifi...
CVE-2026-25187
CVE-2026-25187 is a Winlogon elevation-of-privilege vulnerability described as improper link resolution before file access (link following). It is a local vulnerability in Windows Winlogon that could allow an authorized attacker to elevate privileges to SYSTEM with no user interaction required. T...
CVE-2026-23669
CVE-2026-23669 is a Windows Print Spooler remote code execution vulnerability with CVSS 3.1 base score 8.8 (Network, Low attack complexity, Low privileges required, No user interaction). It impacts confidentiality, integrity, and availability (all HIGH). Exploit code maturity is UNPROVEN. The Mic...