1735 matches found
CVE-2024-30078
Technical details about CVE-2024-30078 are not publicly available in the provided documents. No specifics on affected driver, root cause, or remediation are present; monitor for updates from vendor/security advisories.
CVE-2021-34527
CVE-2021-34527, known as PrintNightmare, is a Windows Print Spooler remote code execution vulnerability. The flaw allows an authenticated attacker to execute arbitrary code with SYSTEM privileges by abusing privileged file operations in the Print Spooler, enabling installation of programs, data a...
CVE-2022-30190
Technical details beyond the MSDT/Follina description are not provided in the connected documents. Public specifics (affected versions, exploit paths, patches) are not available here; monitor for updates.
CVE-2021-1675
CVE-2021-1675 is the Windows Print Spooler vulnerability known as “PrintNightmare.” Public documents describe a remote code execution path via the Print Spooler service, exploitable by an authenticated attacker through RPC/Printer driver operations (e.g., RpcAddPrinterDriverEx) to execute code wi...
CVE-2021-36942
CVE-2021-36942 corresponds to Windows LSA Spoofing vulnerability (LSARPC) that can coerce a domain controller to authenticate to an attacker host via NTLM. In August 2021 Microsoft Patch Tuesday released fixes (KB5005413) and mitigations; multiple sources note patching as a priority. CISA’s KEV c...
CVE-2021-42278
CVE-2021-42278 is an Active Directory Domain Services privilege-escalation vulnerability in Microsoft Windows. The connected documents describe exploits/frameworks (e.g., Pachine, sam-the-admin, noPac) that impersonate a Domain Administrator from a standard domain user using Kerberos delegation t...
CVE-2021-40444
CVE-2021-40444 is a Microsoft MSHTML remote-code-execution vulnerability exploited via specially crafted Word documents containing malicious ActiveX controls. Public details confirm an exploit chain: a Word doc opens, a relationship in document.xml.rels points to a malicious HTML, IE Preview load...
CVE-2022-24521
CVE-2022-24521 is a Windows Windows Common Log File System Driver Privilege Escalation vulnerability. The CVE entry reports an elevation-of-privilege flaw in the CLFS driver; CVSS scores shown include a 2.0/2.0 base (MEDIUM) on NVD and a 3.1-based HIGH score from Microsoft, both indicating local ...
CVE-2021-40449
CVE-2021-40449 is a Win32k use-after-free local privilege escalation in GreResetDCInternal. The vulnerability arises when a user‑mode callback hook on the driver’s PDEV path (DrvEnablePDEV) can trigger a subsequent ResetDC call, freeing the original device context and causing a kernel‑mode use‑af...
CVE-2023-36884
CVE-2023-36884 is a Windows/Office RCE via Windows Search (.search-ms) triggered by specially crafted OOXML documents; active exploitation was noted (Storm-0978 campaign) and Microsoft released a patch/Defense in Depth mitigations in August 2023 to break the exploitation chain. Public PoCs/exploi...
CVE-2022-21882
CVE-2022-21882 is a Windows Win32k local privilege-escalation vulnerability. It arises when an incomplete patch for CVE-2021-1732 leaves a bypass path that lets attackers trigger the vulnerability via a manipulated user-callback flow in Win32k, enabling a full compromise of the affected process. ...
CVE-2021-42287
CVE-2021-42287 is an Active Directory Domain Services privilege-escalation vulnerability. Connected documents corroborate it as part of a vulnerability family targeting domain controllers (CVE-2021-42278/42287) and describe exploitation via impersonation from a standard domain user to a DA, inclu...
CVE-2022-21971
CVE-2022-21971 is a Windows Runtime Remote Code Execution vulnerability. The CVE entry references a Windows Runtime flaw with high severity, and connected sources corroborate that patches exist (MSRC/update guides and CISA-kev). Malwarebytes’ 2022 article notes Microsoft patches for CVE-2022-2197...
CVE-2022-22718
CVE-2022-22718 is a Windows Print Spooler elevation of privilege vulnerability. Connected sources confirm an exploit exists (e.g., SpoolFool PoC) and that it has been tracked in exploit catalogs; Microsoft/MSRC guidance and CISA KEV catalog list it among known issues. Affected component: Windows ...
CVE-2022-21999
Technical details about CVE-2022-21999 are not publicly provided in the supplied connected documents. Based on the materials, we cannot specify affected software, root cause, or remediation. Monitor for updates from official advisories and vendor disclosures.
CVE-2022-26925
CVE-2022-26925 is a Windows Local Security Authority (LSA) spoofing vulnerability. The issue allows an unauthenticated attacker to coerce a domain controller to authenticate to the attacker using NTLM by calling a method on the LSARPC interface, enabling potential credential exposure in an NTLM-r...
CVE-2021-41379
CVE-2021-41379 is a Windows Installer Elevation of Privilege vulnerability affecting Windows Installer across Windows 10/11 and Windows Server. Public details in connected sources describe the issue as a Windows Installer privilege-escalation flaw, with references to InstallerFileTakeOver as the ...
CVE-2021-31956
CVE-2021-31956 is a Windows NTFS local privilege-escalation vulnerability that Microsoft and security researchers have shown can be exploited via manipulation of the Windows kernel’s WNF/NTFS interaction and pool-heap exploitation techniques to obtain SYSTEM-level access. Public materials describ...
CVE-2021-34484
CVE-2021-34484 is a Windows User Profile Service local privilege escalation caused by a race condition in CreateDirectoryJunction() that allowed a logged-on user to influence profile handling and load a malicious DLL with SYSTEM privileges. The vulnerability was initially patched but later bypass...
CVE-2021-33742
CVE-2021-33742 is a memory-corruption remote code execution vulnerability in Microsoft Windows MSHTML/Internet Explorer. The IE/MSHTML bugchain included a use-after-free (user-controlled callback between two actions) and a buffer overflow in MSHTML, enabling arbitrary code execution. In-the-wild ...
CVE-2021-36948
Technical details are not publicly provided in the available documents. The CVE is described as Windows Update Medic Service EoP, with some sources noting exploitation in the wild, but there is no concrete root cause, affected versions, or fix details here.
CVE-2021-31201
CVE-2021-31201 is a Windows privilege-escalation vulnerability affecting the Enhanced Cryptographic Provider . The available documents confirm it enables local privilege escalation (local access required) and classify the impact as elevation of privileges; exact root-cause details are not provide...
CVE-2021-31979
CVE-2021-31979 is a Windows kernel elevation-of-privilege vulnerability that affects multiple kernel components, with confirmed in-the-wild activity. Affected areas include NTOS kernel, Win32k, and ntfs.sys, indicating local privilege escalation via kernel-level flaws. Public documentation in the...
CVE-2021-34448
CVE-2021-34448 is a memory corruption vulnerability in the Microsoft Windows Scripting Engine (IE/JavaScript). Exploitation can be remote via a crafted web page or email, enabling code execution at the logged-on user level. Public analyses reference exploitation in the wild and Microsoft Patch Tu...
CVE-2021-31199
CVE-2021-31199 is a Windows Elevation of Privilege vulnerability in the Microsoft Enhanced Cryptographic Provider. The CVE affects Windows components and is driven by local exploitation (local access required) with low privileges needed, and no user interaction, but yields high impact on confiden...
CVE-2021-31955
CVE-2021-31955 is a Windows kernel information-disclosure vulnerability in ntoskrnl.exe related to the SuperFetch feature. By sending a SystemSuperfetchInformation query via NtQuerySystemInformation, an attacker can obtain the kernel address of the current process’s EPROCESS, which also contains ...
CVE-2022-21919
CVE-2022-21919 is a Windows User Profile Service elevation-of-privilege bug. Connected docs describe the root cause as improper validation in profext.dll’s CreateDirectoryJunction, enabling a directory junction attack to escalate to SYSTEM by abusing UI/UX (Narrator/consent.exe) and UAC. Some sou...
CVE-2021-33771
CVE-2021-33771 is a Windows Kernel Elevation of Privilege vulnerability affecting Windows kernels; multiple sources classify it as a local, low-complexity EoP with high impact. Several connected documents reference active exploitation in the wild or near-wild activity, including reports of target...
CVE-2021-36955
CVE-2021-36955 is a Windows privilege-escalation flaw in the Common Log File System (CLFS) driver. The vulnerability stems from the CLFS driver (clfs.sys) and enables local privilege escalation to SYSTEM when exploited. Connected guidance and threat intel cite this CVE alongside Windows CLFS-rela...
CVE-2022-26923
CVE-2022-26923 affects Microsoft Active Directory Domain Services with AD CS involvement. The vulnerability stems from certificates issued by AD CS where an attacker who manages computer accounts can modify the dNSHostName attribute to impersonate a Domain Controller in a certificate, enabling pr...
CVE-2023-38545
CVE-2023-38545 is a heap-based buffer overflow in curl/libcurl during SOCKS5 proxy hostname handling. When a long host name (over 255 bytes) is passed for proxy resolution, curl may copy the full hostname into the target buffer due to a race in a slow handshake, enabling arbitrary code execution....
CVE-2022-26904
CVE-2022-26904 is a Windows User Profile Service Elevation of Privilege vulnerability. The issue is a race-condition–driven LPE in the User Profile Service, with attacker-controlled code execution at SYSTEM granted by bypasses and PoCs described in public sources. A Metasploit module exists for t...
CVE-2022-22047
CVE-2022-22047 is a Windows CSRSS Elevation of Privilege vulnerability. The CSRSS component may allow a local attacker who can execute code on the target to gain SYSTEM privileges. Public exploitation has been reported; Microsoft’s July 2022 Patch Tuesday addressed this family of issues (CSRSS Eo...
CVE-2021-40450
CVE-2021-40450 is a Win32k elevation-of-privilege vulnerability (local, privilege escalation) in Windows. The CVE is described as a Win32k Privilege Escalation issue with high impact (confidentiality, integrity, availability) per CVSS 3.1/3.1 vector; attack is local and requires no user interacti...
CVE-2021-34486
CVE-2021-34486 is a Windows Event Tracing Elevation of Privilege vulnerability. The referenced data identify ETW as the affected component with a local attack vector and privilege escalation impact (CVE severity up to HIGH in CVSS‑3.1). Microsoft and related catalogs describe this as a Windows ET...
CVE-2022-34713
CVE-2022-34713 (DogWalk) is a remote code execution vulnerability in Microsoft Windows MSDT that is triggered when MSDT is invoked via the URL protocol from a calling application (e.g., Word). The CVSS 3.1 entry indicates a local attack vector with low attack complexity, no privileges required, b...
CVE-2023-36802
CVE-2023-36802 is an Elevation of Privilege vulnerability in the Microsoft Streaming Service Proxy (MSKSSRV.SYS). The connected documents identify the root cause as an object type confusion in the Windows kernel-mode driver, enabling local privilege escalation to SYSTEM on vulnerable Windows 10/1...
CVE-2024-38063
CVE-2024-38063 is a Windows IPv6/tcpip.sys vulnerability involving improper handling of IPv6 extension headers and fragmentation. Technical material in connected docs shows an integer underflow in the IPv6 fragment reassembly path (Ipv6pReassemblyTimeout) and a risky code path where IppSendErrorL...
CVE-2025-21298
CVE-2025-21298 is a Windows OLE use-after-free memory corruption vulnerability in ole32.dll (UtOlePresStmToContentsStm) that enables remote code execution via specially crafted RTF, including zero-click scenarios when previews are shown in Outlook. The issue arises from a double-free of the CONTE...
CVE-2023-21674
CVE-2023-21674 affects Windows Advanced Local Procedure Call (ALPC). The documented root cause is an Elevation of Privilege in ALPC that could enable browser sandbox escape and gain SYSTEM privileges. Public exploits exist (Kaspersky notes exploitation in the wild; a GitHub PoC is referenced), in...
CVE-2022-37969
CVE-2022-37969 is a local privilege escalation in Windows CLFS (clfs.sys). The provided connected exploit discussion describes an out-of-bounds/memory-spraying chain that corrupts CLFS kernel structures (notably pContainer in a CLFS container) via crafted .blf files and memory spraying, enabling ...
CVE-2022-41128
CVE-2022-41128 is a Windows Scripting Languages Remote Code Execution vulnerability in the JScript9 scripting language. Reports consistently describe a network-exploitable RCE where visiting a malicious site can trigger memory corruption and arbitrary code execution on affected Windows systems. E...
CVE-2022-41033
CVE-2022-41033 is a Windows Privilege Escalation affecting the COM+ Event System Service. The root cause is an improper privilege handling in the service, enabling a local attacker with low privileges to obtain SYSTEM level access, compromising confidentiality, integrity, and availability. The CV...
CVE-2023-24880
CVE-2023-24880 is a Windows SmartScreen Security Feature Bypass vulnerability. The Connected sources describe MOTW bypass via crafted files that can defeat SmartScreen/Protected View, enabling execution of malicious code without proper MOTW checks. Exploitation in the wild is mentioned in multipl...
CVE-2022-41073
CVE-2022-41073 — Windows Print Spooler Elevation of Privilege affects Windows Print Spooler. Connected docs note exploitation in the wild and public patching via Microsoft updates (Nov 2022 Patch Tuesday). Remediation is to apply the Microsoft update for CVE-2022-41073 per MSRC/update guidance in...
CVE-2022-41091
CVE-2022-41091 is a Windows security feature bypass in Mark of the Web (MOTW). The vulnerability allows bypassing MOTW protections, with a CVSS v3.1 base score of 5.4 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L). Public sources note exploitation in the wild and patches are delivered via Microsoft’s upda...
CVE-2022-41049
CVE-2022-41049 refers to a Windows Mark of the Web (MotW) security feature bypass vulnerability. Affected: Windows MotW handling; Root cause: bypass of MotW checks that normally protect against untrusted content. Impact: limited loss of integrity and availability of security features; exploitatio...
CVE-2024-38124
CVE-2024-38124 is a Windows Netlogon Elevation of Privilege vulnerability. The provided exploitation context shows an attacker with network access on an AD domain can craft Netlogon messages to impersonate machines (including DCs), enabling privilege escalation and potential full AD compromise. A...
CVE-2022-41125
CVE-2022-41125 affects Windows CNG Key Isolation Service (Windows Cryptographic Next Generation). The underlying issue is an Elevation of Privilege in that service, enabling an authenticated attacker to gain SYSTEM privileges. Patch guidance is to install the Microsoft updates for this CVE (per M...
CVE-2023-36563
CVE-2023-36563 refers to a Microsoft WordPad Information Disclosure vulnerability. The connected materials confirm that exploitation could disclose NTLM hashes when a user opens a specially crafted file or if an attacker has access to the host, with signs of exploitation in the wild cited by Patc...