Lucene search
K

327 matches found

CVE
CVE
added 2026/06/09 5:6 p.m.472 views

CVE-2026-44815

CVE-2026-44815 is a stack-based buffer overflow in the Windows DHCP Client that enables remote code execution over the network. Affected component: Windows DHCP Client; root cause is a stack-based overflow. Consequences are remote code execution with high impact, as indicated by the CVSS vector (...

9.8CVSS6AI score0.011EPSS
CVE
CVE
added 2026/06/09 5:4 p.m.342 views

CVE-2026-45657

CVE-2026-45657 is a use-after-free in the Windows Kernel that enables a remote attacker to execute code over a network without user interaction. The formal CVSSv3.1 base score is 9.8 (CRITICAL), with network attack vector, low attack complexity, no privileges required, and high impact to confiden...

9.8CVSS5.7AI score0.15478EPSS
CVE
CVE
added 2026/06/09 5:4 p.m.277 views

CVE-2026-47291

The CVE-2026-47291 entry describes an integer overflow/ wraparound in Windows HTTP.sys that enables a remote attacker to execute code over the network. Affected software component: Windows HTTP.sys. Root cause: integer overflow/wraparound in the HTTP.sys processing path. Impact: unauthenticated n...

9.8CVSS5.7AI score0.21506EPSS
CVE
CVE
added 2026/04/14 4:58 p.m.269 views

CVE-2026-33824

CVE-2026-33824 is a Windows IKE Extension (ikeext) remote code execution vulnerability caused by a double-free in IKEEXT. ZDI notes it is wormable and affects systems with IKE enabled; exploitation can occur over UDP/500-4500 and may enable lateral movement from inside networks. Microsoft has iss...

9.8CVSS5.9AI score0.5585EPSS
CVE
CVE
added 2026/06/09 5:5 p.m.237 views

CVE-2026-42904

CVE-2026-42904 is a Windows TCP/IP heap-based buffer overflow vulnerability that allows an unauthenticated attacker on an adjacent network to elevate privileges. The issue affects the Windows TCP/IP stack and is identified as a 9.6 (CRITICAL) CVSSv3.1 Base Score with attacker-friendly characteris...

9.6CVSS5.8AI score0.00438EPSS
CVE
CVE
added 2026/06/09 5:5 p.m.177 views

CVE-2026-45602

Technical details (affected product versions, root cause, exploit specifics, and remediation) are not publicly available in the provided documents. Monitor for updates from NVD and CVE List for CVE-2026-45602.

9.1CVSS5.4AI score0.00366EPSS
CVE
CVE
added 2026/06/09 5:6 p.m.174 views

CVE-2026-42992

CVE-2026-42992 describes a heap-based buffer overflow in the Remote Desktop Client that could allow an unauthenticated attacker to execute code over the network. The vulnerability affects the Remote Desktop Client as described across multiple sources (NVD, CVE listings, and Microsoft’s advisory)....

7.5CVSS6AI score0.00461EPSS
CVE
CVE
added 2026/06/09 5:5 p.m.171 views

CVE-2026-45586

Technical details (affected product/component, root cause, impact, versions, or exploit information) are not publicly available in the provided documents. Monitor for updates.

7.8CVSS5.4AI score0.03028EPSS
CVE
CVE
added 2026/05/19 11:30 p.m.165 views

CVE-2026-45585

CVE-2026-45585 concerns a Windows security feature bypass publicly referred to as “YellowKey.” The CVE entry notes a mitigation path provided by Microsoft to protect against the vulnerability until an update is released. The CVSSv3.1 metrics indicate a MEDIUM base score (6.8) with physical attack...

6.8CVSS5.9AI score0.01249EPSS
CVE
CVE
added 2026/06/09 5:5 p.m.163 views

CVE-2026-48576

CVE-2026-48576 is a Windows Secure Boot vulnerability described as a protection mechanism failure enabling a local attacker with high privileges to bypass a security feature. The available documents specify a local attack vector with low complexity and no user interaction, and a base CVSS 3.1 sco...

7.9CVSS7.1AI score0.01028EPSS
CVE
CVE
added 2026/04/14 4:58 p.m.160 views

CVE-2026-33829

CVE-2026-33829 concerns the Windows Snipping Tool and is assigned a CVSSv3.1 base score of 4.3 (Medium). The vulnerability is described with a network attack vector but requires user interaction and does not affect integrity or availability, with confidentiality impact listed as Low. The metric i...

4.3CVSS5.8AI score0.03447EPSS
Web
CVE
CVE
added 2026/05/12 4:59 p.m.132 views

CVE-2026-40369

CVE-2026-40369 is a Windows Kernel elevation of privilege vulnerability described as an untrusted pointer dereference that could allow an authorized, local attacker to elevate privileges. Connected documents confirm this is affecting Windows kernel components across Windows 11 (versions in 25H2/2...

7.8CVSS5.9AI score0.04725EPSS
CVE
CVE
added 2026/06/09 5:5 p.m.125 views

CVE-2026-45597

The CVE-2026-45597 issue affects Windows UI Automation Manager (uiamanager.dll). A race condition arises from concurrent execution with improper synchronization on a shared resource, enabling a local, authorized attacker to elevate privileges. Documents confirm the vulnerability type and impact (...

7CVSS5.6AI score0.00186EPSS
CVE
CVE
added 2026/06/09 5:4 p.m.118 views

CVE-2026-33828

CVE-2026-33828 affects Windows Device Health Attestation (DHA). The vulnerability is a trust boundary violation in Windows Attestation that allows an authorized local attacker to elevate privileges. CVSS v3.1 base metrics indicate high impact to confidentiality, integrity, and availability with l...

7.8CVSS5.4AI score0.0031EPSS
CVE
CVE
added 2026/06/09 5:5 p.m.104 views

CVE-2026-45604

CVE-2026-45604 is an out-of-bounds read vulnerability in the Windows AppID (Windows Application Identity) Subsystem that can allow an authorized local attacker to disclose information. The affected component is described as the AppID Subsystem; the root cause is an out-of-bounds read leading to i...

5.5CVSS5.4AI score0.00341EPSS
CVE
CVE
added 2026/03/10 5:5 p.m.103 views

CVE-2026-26128

CVE-2026-26128 concerns an elevation-of-privilege flaw in Windows SMB Server caused by improper authentication. The vulnerability affects Windows SMB Server and is described in connected sources as allowing an authorized local attacker to obtain higher privileges. Evidence from the connected docu...

7.8CVSS5.8AI score0.00447EPSS
CVE
CVE
added 2026/05/12 4:58 p.m.103 views

CVE-2026-33841

CVE-2026-33841 is a heap-based buffer overflow in the Windows kernel that allows an authorized, local attacker to elevate privileges. Public docs consistently describe the vulnerability as a local privilege escalation in Windows Kernel. The CVE has accompanying CVSSv3.1 metrics indicating local a...

7.8CVSS6AI score0.0031EPSS
CVE
CVE
added 2026/06/09 5:6 p.m.103 views

CVE-2026-44803

CVE-2026-44803 describes an integer overflow/wraparound in Windows Win32K - GRFX that can allow a local attacker to execute code. The vulnerability is identified across multiple sources (NVD, CVE listing, and MSRC update page) and is classified with a high impact: local code execution, requiring ...

7.8CVSS5.7AI score0.00437EPSS
CVE
CVE
added 2026/06/09 5:6 p.m.95 views

CVE-2026-42978

CVE-2026-42978: A race condition due to improper synchronization in Windows Push Notifications leads to local privilege escalation for an authorized attacker. The CVSSv3.1 base score is 7.8 (LOCAL, HIGH impact on confidentiality, integrity, and availability) with HIGH attack complexity and LOW pr...

7.8CVSS5.6AI score0.00204EPSS
CVE
CVE
added 2026/06/09 5:6 p.m.94 views

CVE-2026-42985

CVE-2026-42985 is described in connected sources as a heap-based buffer overflow in the Remote Desktop Client that allows an unauthenticated attacker to execute code over the network. The initial and connected docs provide the vulnerability description and a high CVSS score (8.8, HIGH) with netwo...

8.8CVSS7.3AI score0.00981EPSS
CVE
CVE
added 2026/05/12 4:59 p.m.83 views

CVE-2026-40403

CVE-2026-40403 describes a heap-based buffer overflow in Windows Win32K GRFX that could allow a locally authenticated attacker to execute code. Affected component is Windows graphics subsystem (Win32K GRFX); cause is a heap-based overflow. Impact per available data is local code execution with hi...

8.8CVSS6.1AI score0.00427EPSS
CVE
CVE
added 2026/06/09 5:4 p.m.81 views

CVE-2026-40404

CVE-2026-40404 concerns a Windows Universal Disk Format (UDFS) File System Driver Elevation of Privilege. The vulnerability affects the UDFS component, with a local attack vector, requiring low privileges and no user interaction, and yields high impact to confidentiality, integrity, and availabil...

7.8CVSS5.4AI score0.00339EPSS
CVE
CVE
added 2026/03/10 5:4 p.m.78 views

CVE-2026-23673

Technical details are not publicly provided in the supplied documents. Monitor for updates.

7.8CVSS5.8AI score0.00383EPSS
CVE
CVE
added 2026/06/09 5:5 p.m.77 views

CVE-2026-49160

The CVE-2026-49160 entry concerns HTTP.sys with an HTTP/2 resource consumption flaw leading to unauthenticated denial of service over the network. Exploitation details, affected versions or specific component paths aren’t provided in the connected documents. The NVD/MSRC entries confirm an uncont...

7.5CVSS5.4AI score0.48438EPSS
CVE
CVE
added 2026/04/14 4:57 p.m.76 views

CVE-2026-26179

Technical details about CVE-2026-26179 are not provided in the available documents; no product/version specifics or exploit information are disclosed. Monitor for updates.

7.8CVSS5.7AI score0.0044EPSS
CVE
CVE
added 2026/05/12 4:58 p.m.76 views

CVE-2026-33834

Technical details are not publicly available in the provided documents. No affected products/versions or remediation specifics are included here. Monitor for updates from official CVE/NVD entries to obtain concrete exploit info, mitigations, and fixes.

7.8CVSS5.8AI score0.00272EPSS
CVE
CVE
added 2026/04/14 4:56 p.m.75 views

CVE-2026-26151

CVE-2026-26151 describes insufficient UI warnings in Windows Remote Desktop that can enable a network attacker to spoof a remote session. The NVD entry lists a CVSS v3.1 base score of 7.1 (HIGH) with network access, no privileges required, user interaction required, and impact to confidentiality ...

7.1CVSS5.8AI score0.0083EPSS
CVE
CVE
added 2026/05/12 4:58 p.m.75 views

CVE-2026-35421

CVE-2026-35421 describes a heap-based buffer overflow in Windows GDI that permits a local attacker to execute arbitrary code. The entry lists a CVSS v3.1 base score of 7.8 (HIGH) with LOCAL attack vector, LOW attack complexity, NO privileges required, user interaction required, and impacts to con...

7.8CVSS6.1AI score0.00532EPSS
CVE
CVE
added 2026/05/12 4:59 p.m.73 views

CVE-2026-33838

Technical details about CVE-2026-33838 are not publicly available in the provided documents. Monitor for updates from vendors and advisories before assessing impact or remediation.

7.8CVSS7.1AI score0.00398EPSS
CVE
CVE
added 2026/05/12 4:59 p.m.71 views

CVE-2026-34339

Technical details about CVE-2026-34339 (Windows LDAP denial of service) are not publicly available in the provided connected documents. Monitor for updates from Microsoft/NVD for affected products, vectors, and fixes.

5.5CVSS5.8AI score0.00292EPSS
CVE
CVE
added 2026/03/10 5:4 p.m.70 views

CVE-2026-25177

CVE-2026-25177 is an elevation-of-privilege vulnerability in Active Directory Domain Services. The CVE affects AD DS and permits an authorized attacker to elevate privileges over the network (CVSS v3.1: 8.8, Network, Privileges Required: Low, User Interaction: None, Confidentiality/Integrity/Avai...

8.8CVSS5.8AI score0.01241EPSS
CVE
CVE
added 2026/05/12 4:58 p.m.70 views

CVE-2026-34342

CVE-2026-34342 describes a race condition in Windows Print Spooler Components enabling local privilege escalation for an authenticated attacker. The vulnerability arises from improper synchronization on a shared resource, leading to concurrent execution issues. Impact is local elevation of privil...

7CVSS5.9AI score0.0029EPSS
CVE
CVE
added 2026/05/12 4:58 p.m.69 views

CVE-2026-33840

CVE-2026-33840 is a Windows Win32K use-after-free vulnerability in the ICOMP component that enables a locally authenticated attacker to elevate privileges. The root cause is a use-after-free in Win32K/ICOMP; impact is local privilege escalation with high severity per CVSS: AV:L/AC:L/PR:L/UI:N/S:U...

7.8CVSS5.4AI score0.02014EPSS
CVE
CVE
added 2026/04/14 4:57 p.m.68 views

CVE-2026-32073

CVE-2026-32073 refers to a Local Privilege Escalation in the Windows Ancillary Function Driver for WinSock. The advisory notes a local attack vector with high impact (C:H/I:H/A:H) and a low-privilege, no-user-interaction requirement, under CVSS 3.1: base score 7.0, attack vector Local, attack com...

7CVSS5.7AI score0.00351EPSS
CVE
CVE
added 2026/04/14 4:57 p.m.68 views

CVE-2026-32183

CVE-2026-32183 is a Windows Snipping Tool vulnerability that allows local execution of arbitrary code due to improper neutralization of special elements in a command (command injection). Affected component: Snipping Tool on Windows. Impact per sources: Executing (remote) code with high confidenti...

7.8CVSS5.9AI score0.00618EPSS
CVE
CVE
added 2026/04/14 4:58 p.m.68 views

CVE-2026-33827

CVE-2026-33827 is a Windows TCP/IP race-condition vulnerability in the IPv6/IPSec processing path (tcpip.sys) that enables remote code execution. Exploitation described in connected docs requires sending crafted IPv6 packets (with IPSec) to Windows hosts with IPSec enabled; no authentication or u...

8.1CVSS6.1AI score0.00837EPSS
CVE
CVE
added 2026/05/12 4:58 p.m.67 views

CVE-2026-40405

Technical details about CVE-2026-40405 are not publicly provided in the connected documents. The materials reiterate a Windows TCP/IP null pointer dereference causing potential denial of service. Monitor for updates from official sources for impact, affected products, and fixes.

7.5CVSS5.8AI score0.01078EPSS
CVE
CVE
added 2026/06/09 5:6 p.m.67 views

CVE-2026-42970

CVE-2026-42970 involves Windows Push Notifications and is caused by the use of an uninitialized resource , enabling an authorized attacker to locally disclose information. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) yields a base score of 5.5 (Medium) with high confidentiality impac...

5.5CVSS6AI score0.00404EPSS
CVE
CVE
added 2026/06/09 5:5 p.m.66 views

CVE-2026-47652

The CVE-2026-47652 entry concerns a Windows Hyper-V component vulnerability described as an out-of-bounds read that can yield local code execution by an unauthorized attacker. Public sources indicate the flaw affects Windows Hyper-V, with an attack vector that is Local and requires High privilege...

8.2CVSS7.5AI score0.00341EPSS
CVE
CVE
added 2026/05/12 4:58 p.m.65 views

CVE-2026-40415

Technical details (affected product, component, root cause, impact, remediation) are not publicly available in the provided documents. Monitor for updates from official advisories.

8.1CVSS6AI score0.00789EPSS
CVE
CVE
added 2026/05/12 4:59 p.m.64 views

CVE-2026-33835

Technical details about CVE-2026-33835 are not publicly provided in the connected documents. The initial description notes a use-after-free in Windows Cloud Files Mini Filter Driver with local privilege elevation, but no vendor/product/version specifics or fix details are included here. Monitor f...

7.8CVSS5.8AI score0.02117EPSS
CVE
CVE
added 2026/06/09 5:5 p.m.64 views

CVE-2026-50507

CVE-2026-50507 concerns a Protection mechanism failure in Windows BitLocker that allows an unauthorized attacker to bypass a security feature via a physical attack . The connected documents corroborate a vulnerability affecting Windows BitLocker, with a CVSS v3.1 base score of 6.8 (Medium). The a...

6.8CVSS7.3AI score0.05011EPSS
CVE
CVE
added 2026/04/14 4:58 p.m.62 views

CVE-2026-33104

CVE-2026-33104 is a Windows Win32K - GRFX race condition vulnerability rated CVSS v3.1 7.0 (High) with local privilege escalation impact. The connected sources label this as a Win32K-GRFX issue enabling “Obtain increased privileges” and reference Microsoft Windows updates guidance, but the provid...

7CVSS5.9AI score0.00207EPSS
CVE
CVE
added 2026/05/12 4:59 p.m.62 views

CVE-2026-34337

CVE-2026-34337 describes a local privilege escalation via a use-after-free in the Windows Cloud Files Mini Filter Driver. An authorized attacker could elevate privileges locally (CVSS v3.1: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H; base 7.8). The connected documents confirm the vulnerability descripti...

7.8CVSS5.8AI score0.00163EPSS
CVE
CVE
added 2026/05/12 4:59 p.m.61 views

CVE-2026-42825

CVE-2026-42825 describes a use-after-free in Windows Telephony Service that allows an authorized attacker to elevate privileges locally. The description clearly states local privilege escalation as the impact, but the connected documents do not provide specifics on affected product versions, root...

7CVSS5.8AI score0.00226EPSS
CVE
CVE
added 2026/06/09 5:6 p.m.61 views

CVE-2026-42989

Winlogon Elevation of Privilege (CVE-2026-42989) is caused by improper link resolution before file access ("link following"). This vulnerability allows an authorized, local attacker to gain higher privileges. Affected: Winlogon component on Windows; impact is local privilege escalation with a CVS...

7.8CVSS5.4AI score0.02282EPSS
CVE
CVE
added 2026/05/12 4:58 p.m.60 views

CVE-2026-21530

CVE-2026-21530 : A double-free vulnerability in Windows Rich Text Edit is described as enabling an authorized attacker to perform local privilege escalation. The connected documents confirm the affected component and the local-privilege-elevation impact but do not provide exploit details, specifi...

6.7CVSS5.8AI score0.00319EPSS
CVE
CVE
added 2026/03/10 5:4 p.m.60 views

CVE-2026-25187

CVE-2026-25187 is a Winlogon elevation-of-privilege vulnerability described as improper link resolution before file access (link following). It is a local vulnerability in Windows Winlogon that could allow an authorized attacker to elevate privileges to SYSTEM with no user interaction required. T...

7.8CVSS5.8AI score0.03178EPSS
In wildWeb
CVE
CVE
added 2026/03/10 5:4 p.m.59 views

CVE-2026-23669

CVE-2026-23669 is a Windows Print Spooler remote code execution vulnerability with CVSS 3.1 base score 8.8 (Network, Low attack complexity, Low privileges required, No user interaction). It impacts confidentiality, integrity, and availability (all HIGH). Exploit code maturity is UNPROVEN. The Mic...

8.8CVSS6AI score0.00912EPSS
CVE
CVE
added 2026/04/14 4:57 p.m.59 views

CVE-2026-32157

CVE-2026-32157 affects the Remote Desktop Client and enables remote code execution over the network. The CVSSv3.1 score is 8.8 (HIGH), with confidentiality, integrity, and availability all rated High. Attack requires network access and user interaction, with privilegesN/A and exploitation current...

8.8CVSS6AI score0.00778EPSS
Total number of security vulnerabilities327