1844 matches found
CVE-2024-38217
CVE-2024-38217 is a security feature bypass in Microsoft Windows Mark of the Web (MOTW). The vulnerability allows bypassing MOTW protections when opening booby-trapped Office files, as discussed in multiple sources. Exploitation details are not fully disclosed in the provided documents, but the C...
CVE-2024-21437
CVE-2024-21437 is a Windows Graphics Component elevation-of-privilege vulnerability (local access, low attack complexity) affecting Windows OS. Public references corroborate it as a Windows Graphics Component issue discussed among Patch Tuesday updates, highlighting it among elevated-risk vulnera...
CVE-2024-30073
CVE-2024-30073 is a Windows Security Zone Mapping security feature bypass vulnerability. The public records show a CVSS v3.1 base score of 7.8 (High) with Local attack vector, low attack complexity, no privileges required, but user interaction required, and impact to confidentiality, integrity, a...
CVE-2023-36424
CVE-2023-36424 is documented as a Windows kernel-level out-of-bounds read vulnerability in the Common Log File System Driver (clfs.sys) that enables privilege escalation. Connected sources describe a pool overflow/record-validation flaw in clfs.sys (Windows Kernel pool management) exploited via c...
CVE-2025-21181
Technical details (affected products/versions, root cause, exploitability, fixes) for CVE-2025-21181 are not provided in the supplied documents. Please monitor official advisories for concrete technical information.
CVE-2024-21427
CVE-2024-21427 is a Windows Kerberos Security Feature Bypass vulnerability. The CVSSv3.1 base score is 7.5 (High): Vector AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating network exploitation with high impact to confidentiality, integrity, and availability. The attack vector is network, requiring ...
CVE-2024-29056
CVE-2024-29056 is a Windows authentication elevation-of-privilege issue. Public data shows a CVSSv3.1 base score of 4.3 (Medium) with a network attack vector, low attack complexity, and requiring low privileges with no user interaction. The vulnerability’s impact is listed as obtaining increased ...
CVE-2025-24984
CVE-2025-24984 is an NTFS information-disclosure vulnerability in Windows NTFS caused by insertion of sensitive data into a log file, potentially leaking heap memory when a physical medium is mounted or accessed. CVSS v3.1 vector: AV=Physical/AC=L/PR=None/UI=None/S=Unchanged/C=High/I=None/A=None;...
CVE-2024-20659
CVE-2024-20659 is a Windows Hyper-V security feature bypass vulnerability. The connected records place this CVE under Windows Hyper-V with an impact described as “Circumvention of security measure” and a base assessment around High severity, indicating an attacker could bypass security features i...
CVE-2024-30085
CVE-2024-30085 affects Windows Cloud Files Mini Filter Driver (cldflt.sys). The root cause is a heap-based buffer overflow (CWE-122) enabling Elevation of Privilege to SYSTEM. Public PoCs/exploit code and a private TyphoonPWN 2024 exploit chain have been reported, with exploitation demonstrations...
CVE-2024-21372
Technical details for CVE-2024-21372 are not publicly available in the provided documents. The connected items only reference the CVE among broader Windows vulnerability listings; no affected product/version, root cause, impact, or fixes are stated.
CVE-2024-26166
Technical details about CVE-2024-26166 (affected software, root cause, impact, or fixes) are not provided in the connected documents. Please monitor for official advisories from Microsoft and CVE records for updates.
CVE-2024-38107
CVE-2024-38107 is a Windows Privilege Escalation vulnerability in the Power Dependency Coordinator. Affected component: Windows Power Dependency Coordinator. Impact: local attacker with low privileges can obtain SYSTEM privileges (vector: local, no user interaction). Root cause details are not pr...
CVE-2024-38118
Technical details (affected component, root cause, exploit info, patch status) for CVE-2024-38118 are not provided in the connected documents. The initial description notes LSA server information disclosure but lacks concrete specifics; monitor for updates.
CVE-2024-21433
Technical details for CVE-2024-21433 are not publicly available in the provided documents. No affected products, root cause, or remediation are specified here. Monitor for updates.
CVE-2025-24991
CVE-2025-24991 is an NTFS out-of-bounds read vulnerability in Windows that can disclose local information after mounting a malicious VHD. Exploitation requires local access and user interaction (per CVSS) or mounting a crafted disk image (per patch-cycle reporting). Microsoft has issued updates; ...
CVE-2024-26162
CVE-2024-26162 corresponds to a remote code execution vulnerability in the Microsoft ODBC Driver. The CVSS 3.1 base metrics indicate: Network attack vector, low attack complexity, no privileges required, user interaction is required, and there is a High impact to confidentiality, integrity, and a...
CVE-2025-30400
CVE-2025-30400 is a Windows DWM Core Library use-after-free vulnerability that enables local privilege escalation. Affected: Windows DWM Core Library components; exploit could grant SYSTEM-level privileges. CVSS v3.1 indicates high risk (local, user interaction none, privileges required low, conf...
CVE-2024-49113
CVE-2024-49113 is a Windows LDAP Denial-of-Service vulnerability affecting the LDAP client. Public PoCs exist (e.g., LDAPNightmare) and show proof-of-concept testing integrated with Metasploit and other repositories; multiple exploit/checker projects also reference testing for this CVE. The descr...
CVE-2025-30397
CVE-2025-30397 is a memory-corruption/Use-After-Free style vulnerability in the Microsoft Scripting Engine (jscript.dll) that enables remote code execution via specially crafted web content. The CVE’s affected component is the JScript/Windows Scripting Engine, with an attack vector over the netwo...
CVE-2024-21370
Public technical details for CVE-2024-21370 are not provided in the connected documents; the OpenVAS entries enumerate the CVE across multiple Microsoft KBs without product/version specifics. Monitor for updates.
CVE-2024-21420
Technical details about CVE-2024-21420 are not publicly provided in the supplied documents. The connected sources reference the CVE ID and Microsoft patches but do not disclose affected product specifics, root cause, impact, or remediation beyond generic update context. Monitor for updates.
CVE-2024-26234
CVE-2024-26234 is a locally exploitable proxy driver spoofing vulnerability in Windows. The issue is tied to the Windows Proxy Driver, with exploitation requiring high privileges and no user interaction, leading to potential confidentiality, integrity, and availability impacts as indicated by the...
CVE-2024-21350
CVE-2024-21350 corresponds to a Remote Code Execution vulnerability in the Microsoft WDAC OLE DB provider for SQL Server. The entry lists a CVSS v3.1 base score of 8.8 (HIGH), with attack vector NETWORK, privileges required NONE, user interaction REQUIRED, and both confidentiality, integrity, and...
CVE-2024-21358
Technical details about CVE-2024-21358 (Microsoft WDAC OLE DB provider for SQL Server remote code execution) are not provided in the supplied documents. Monitor for official updates from Microsoft and trusted security advisories for affected products, mitigations, and fixes.
CVE-2021-43226
CVE-2021-43226 pertains to the Windows Common Log File System (CLFS) Driver. The available documents identify a local privilege-escalation vulnerability in CLFS that could allow a privileged attacker on a Windows host to gain higher privileges. The CVE is listed in the KEV catalog as a Microsoft ...
CVE-2023-29363
CVE-2023-29363 is a Windows Pragmatic General Multicast (PGM) Remote Code Execution vulnerability. The issue affects Windows message queuing in PGM server scenarios, where a remote, unauthenticated attacker could send a crafted file over the network to achieve code execution if the message-queuin...
CVE-2024-26174
CVE-2024-26174 is a Windows Kernel Information Disclosure Vulnerability. The connected sources specify the issue as an out-of-bounds read of key node security in CmpValidateHiveSecurityDescriptors when loading corrupted registry hives, enabling potential leakage of kernel/registry data. Affected ...
CVE-2024-21352
Technical details for CVE-2024-21352 are not publicly available in the provided documents; monitor for updates.
CVE-2024-21369
Technical details for CVE-2024-21369 are not publicly provided in the supplied documents. Monitor for updates from Microsoft and vulnerability feeds.
CVE-2024-21359
Technical details for CVE-2024-21359 are not provided in the connected documents. The available data only references a WDAC OLE DB provider RCE vulnerability. Monitor for official advisories to learn affected products, impact, and remediation.
CVE-2024-21375
Technical details for CVE-2024-21375 are not publicly available in the provided documents. Monitor for updates as more information may be published.
CVE-2024-21349
Technical details for CVE-2024-21349 (Microsoft ActiveX Data Objects remote code execution) are not provided in the connected documents; no affected versions, root cause, impact, or remediation are cited. Monitor for updates.
CVE-2024-21361
Technical details for CVE-2024-21361 are not publicly provided in the supplied documents; monitor for updates.
CVE-2024-21344
CVE-2024-21344 is described as a Windows NAT Denial of Service vulnerability with CVSS v3.1 base score 5.9 (Network attack, High attack complexity, No privileges, No user interaction, Availability impact). The available connected documents do not specify affected products/versions, root cause det...
CVE-2024-21430
CVE-2024-21430 is a Windows vulnerability described as a Remote Code Execution via the Windows USB Attached SCSI (UAS) protocol. The UAS handling issue is the stated root cause, with impact described as high confidentiality, integrity, and availability (per NVD metrics: CVSS 3.1 base score 6.4; a...
CVE-2024-26173
Technical details about CVE-2024-26173 are not provided in the connected documents. The materials discuss Windows registry and kernel context at a high level without concrete affected components, root cause, impact specifics, or patches. Monitor updates for official disclosures.
CVE-2024-21365
CVE-2024-21365 affects the Microsoft WDAC OLE DB provider for SQL Server and is a Remote Code Execution vulnerability. It has a CVSS v3.1 base score of 8.8 (High) with Network attack vector, Low attack complexity, No privileges required, and User interaction required; impacts Confidentiality, Int...
CVE-2024-21405
CVE-2024-21405 is a Microsoft Message Queuing (MSMQ) elevation of privilege vulnerability listed among February 2024 Windows security updates (KB5034830/KB5034819/etc.). Affected component: MSMQ on Windows. Root cause and exact exploit mechanism are not detailed in the provided documents beyond t...
CVE-2025-21413
CVE-2025-21413 is a Windows Telephony Service remote code execution vulnerability. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) indicates network access, no privileges, user interaction required, with high impact to confidentiality, integrity, and availability. Connected sources conf...
CVE-2024-20696
CVE-2024-20696 affects Windows: a Remote Code Execution vulnerability in the libarchive component. The root cause is a heap-based buffer overflow in libarchive handling Windows inputs, enabling a local attacker with low privileges and user interaction to potentially execute code. The referenced m...
CVE-2024-21391
CVE-2024-21391 affects Microsoft WDAC OLE DB provider for SQL Server and is described as a Remote Code Execution vulnerability. The initial document provides a CVSS 3.1 base score of 8.8 (HIGH) with NETWORK attack vector, LOW attack complexity, and user interaction required. No specific remediati...
CVE-2024-21446
CVE-2024-21446 is an NTFS Elevation of Privilege vulnerability. The NVD entry indicates a local, low-attack-complexity flaw in NTFS that yields a high impact on confidentiality, integrity, and availability (C:H, I:H, A:H) with a base score of 7.8 (Microsoft-reported). Exploitation is listed as lo...
CVE-2024-21450
CVE-2024-21450 concerns the Microsoft WDAC OLE DB provider for SQL Server and is a remote code execution vulnerability. The CVSS 3.1 base score is 8.8 (HIGH) with NETWORK attack vector, LOW attack complexity, and requires user interaction. The impact is rated as high for confidentiality, integrit...
CVE-2024-21347
Technical details for CVE-2024-21347 are not provided in the connected documents. Monitor for updates and published fixes or advisories once available.
CVE-2024-21367
Technical details for CVE-2024-21367 are not provided in the connected documents. Public information about affected components, root cause, or fixes is not included here. Monitor for updates from the vendor/Microsoft and add any official advisories when available.
CVE-2024-21441
CVE-2024-21441 affects the Microsoft WDAC OLE DB provider for SQL Server and is a Remote Code Execution vulnerability. The NVD entry rates it High (CVSS 3.1: 8.8) with NETWORK vector, LOW attack complexity, NONE privileges, and user interaction required; impacts on confidentiality, integrity, and...
CVE-2024-21406
Technical details about CVE-2024-21406 are not publicly provided in the supplied documents. No affected product/version/impact specifics are given beyond the generic description. Monitor for updates from official advisories.
CVE-2024-26197
Technical details about CVE-2024-26197 are not publicly provided in the connected documents. Monitor for updates from official sources for affected products, versions, impact, and fixes.
CVE-2024-29050
CVE-2024-29050 is confirmed to affect Windows Cryptographic Services and is categorized as a Remote Code Execution (RCE) vulnerability. The connected documents identify the component and vulnerability name but do not provide explicit root-cause specifics, affected product versions, or remediation...