Microsoft
Monthly
Windows SMB Server's authentication mechanism can be bypassed by local authenticated users to gain elevated privileges on affected systems. This high-severity vulnerability (CVSS 7.8) impacts confidentiality, integrity, and availability, though no patch is currently available. Organizations should implement compensating controls and monitor for exploitation attempts targeting this authentication weakness.
Azure IoT Explorer is vulnerable to server-side request forgery that enables unauthenticated network-based attackers to perform spoofing attacks and access sensitive information. The vulnerability requires no user interaction and can be exploited remotely with low attack complexity, affecting the confidentiality of exposed data. No patch is currently available.
Authenticated users can exploit a server-side request forgery vulnerability in Azure MCP Server to escalate their privileges across the network, potentially gaining unauthorized access to sensitive resources. The vulnerability affects Microsoft Azure environments and requires only low attack complexity with no user interaction, making it a significant risk for organizations using this service. No patch is currently available, leaving affected systems exposed to exploitation.
Privilege escalation in Microsoft Azure Connected Machine Agent on Windows allows local authenticated users to bypass authentication mechanisms and gain elevated system privileges. An attacker with existing local access can exploit alternate authentication paths to escalate their permissions without user interaction. No patch is currently available for this vulnerability affecting Arc Enabled Servers.
Remote code execution in Microsoft SharePoint Server through unsafe deserialization of untrusted data allows authenticated attackers to execute arbitrary code with high privileges over the network. The vulnerability requires valid user credentials but no user interaction, making it exploitable by any authorized account. No patch is currently available, leaving affected systems vulnerable until Microsoft releases a fix.
Unsafe pointer dereference in Microsoft Office, SharePoint Server, and 365 Apps enables local code execution with high privileges on affected systems. An attacker with local access can exploit this memory safety flaw to achieve complete system compromise including data theft and modification. No patch is currently available, leaving users vulnerable until Microsoft releases a security update.
Microsoft Excel and Office products are vulnerable to local code execution through unsafe pointer dereferencing, requiring user interaction to trigger. An attacker with local access can exploit this flaw to achieve arbitrary code execution with full system privileges. No patch is currently available, leaving users of affected Office versions at risk.
Remote code execution in Windows RRAS across Server 2016, 2022, and 2025 via an integer overflow vulnerability allows authenticated attackers to execute arbitrary code over the network with high privileges. Public exploit code exists for this vulnerability, and no patch is currently available. Authenticated users with network access can trigger the vulnerability through a simple interaction to gain complete system compromise.
Local code execution in Microsoft Office and 365 Apps stems from a type confusion vulnerability in memory handling that allows unauthenticated attackers to execute arbitrary code with system privileges. The vulnerability affects Office Long Term Servicing Channel deployments and requires only local access with no user interaction to trigger. No patch is currently available, making this a critical risk for organizations running affected Office versions.
Arbitrary code execution in Microsoft Office Excel and related products (Office Online Server, 365 Apps) via out-of-bounds memory read allows local attackers to achieve complete system compromise without requiring user interaction or elevated privileges. This high-severity vulnerability affects multiple Microsoft Office components and currently lacks a security patch. An attacker with local access can exploit memory corruption to execute malicious code with full system permissions.
Heap buffer overflow in Microsoft Office Excel enables local code execution with high integrity and confidentiality impact affecting Office, Office Online Server, and 365 Apps. An attacker with user interaction can achieve arbitrary code execution in the context of the affected application. No patch is currently available for this vulnerability.
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. [CVSS 7.8 HIGH]
Remote code execution in Microsoft SharePoint Server allows authenticated users to bypass input validation and execute arbitrary code across the network. This high-severity vulnerability (CVSS 8.8) affects authorized attackers who can leverage improper validation controls to achieve full system compromise. No patch is currently available, making immediate mitigation and access controls critical for affected organizations.
Microsoft SharePoint Server contains a reflected cross-site scripting vulnerability that allows remote attackers to execute arbitrary scripts in users' browsers through malicious links, enabling spoofing attacks and credential theft. The vulnerability requires user interaction to trigger and affects all SharePoint deployments with no available patch. With a CVSS score of 8.1, this poses a significant risk to organizations relying on SharePoint for collaboration.
Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally. [CVSS 7.8 HIGH]
Privilege escalation in Windows DWM Core Library affects Windows 10 versions 21H2 and 1809 through a use-after-free memory corruption vulnerability that allows authenticated local attackers to gain system-level privileges. The vulnerability requires local access and valid user credentials but no user interaction, creating a significant risk for multi-user systems. No patch is currently available.
Privilege escalation in Windows Telephony Service through heap buffer overflow affects Windows 10 1607, Windows 11 25h2, and Windows Server 2012, allowing adjacent network attackers to gain elevated system access without authentication. The vulnerability has a high CVSS score of 8.8 but currently lacks a patch, creating significant risk for exposed systems. Exploitation requires network proximity but no user interaction.
Windows Winlogon's failure to properly validate symbolic links before file access enables local privilege escalation on affected Windows Server and Windows 10/11 systems. An authenticated attacker can exploit this vulnerability to gain elevated system privileges without user interaction. No patch is currently available for this high-severity issue affecting multiple Windows versions including Server 2025 and Windows 11 26h1.
Unauthorized disclosure of sensitive information in Windows Accessibility Infrastructure (ATBroker.exe) affects Windows Server 2019, 2025, Windows 10 22h2, and Windows 11 25h2, allowing local authenticated attackers to read confidential data. The vulnerability requires user privileges and local access but poses no risk to system integrity or availability. No patch is currently available for this issue.
Windows Shell Link Processing leaks sensitive information over the network in Windows Server 2012, 2019, and 2022, enabling remote spoofing attacks without authentication or user interaction. An unauthenticated attacker can exploit this information disclosure to conduct spoofing attacks against affected systems. No patch is currently available.
Information disclosure in Windows GDI+ affects Windows 11 (24h2, 25h2) and Windows Server 2012/2016, allowing unauthenticated attackers to read sensitive data remotely through an out-of-bounds memory access vulnerability. The flaw requires no user interaction and can be exploited over the network to compromise confidentiality without modifying system data or availability. No patch is currently available for this high-severity vulnerability.
Microsoft Graphics Component contains an out-of-bounds read vulnerability affecting Windows 10 1607, Windows Server 2019, and 2022, enabling local attackers to read sensitive information from memory. The vulnerability requires user interaction and local access, posing a confidentiality risk without offering a currently available patch. Attack complexity is low, making it a practical concern for systems running affected Office and Windows versions.
Windows Ancillary Function Driver for WinSock in Windows Server 2025, 2022, and Windows 10 1809 contains insufficient input validation that allows authenticated local users to escalate privileges. An attacker with local access and valid credentials can exploit this vulnerability to gain elevated system permissions, though no patch is currently available. This HIGH severity vulnerability affects multiple Windows Server and client versions with no active exploit mitigation path.
Windows Ancillary Function Driver for WinSock (AFD) in Windows 11 versions 24h2 and 26h1 contains a use-after-free vulnerability (CWE-416) that allows authenticated local attackers to escalate privileges through memory corruption. An attacker with local access could exploit this flaw to gain elevated system permissions, though no official patch is currently available.
Privilege escalation in Windows Active Directory Domain Services (AD DS) across Windows 11, Windows 10, and Windows Server platforms allows authenticated network attackers to gain elevated privileges by exploiting improper validation of resource naming restrictions. An attacker with valid domain credentials can leverage this vulnerability to escalate their access level without user interaction. Currently, no patch is available, leaving all affected Windows versions vulnerable.
Windows Ancillary Function Driver for WinSock in Windows 10 (all versions) and Windows 11 contains an access control weakness that enables authenticated local attackers to escalate privileges to system level. An attacker with standard user credentials can exploit this flaw to gain elevated rights on affected systems. No patch is currently available for this vulnerability.
Out-of-bounds read in Windows NTFS allows an authorized attacker to elevate privileges locally. [CVSS 7.8 HIGH]
Windows Extensible File Allocation (exFAT) contains an out-of-bounds read vulnerability affecting Windows Server 2022, Windows 10 1607, and Windows 11 versions 23h2/25h2, enabling authenticated local users to escalate privileges with high impact on confidentiality, integrity, and availability. The vulnerability requires local access and user-level privileges to exploit, with no patch currently available. This flaw carries a CVSS score of 7.8 and affects multiple supported Windows versions across server and client platforms.
Remote code execution in Windows RRAS affects Windows 10 1607 and Windows Server 2022 23h2 through an integer overflow vulnerability exploitable by authenticated network attackers. Public exploit code exists for this vulnerability, enabling authenticated users to execute arbitrary code with high integrity and confidentiality impact. No patch is currently available, making this a critical exposure for affected Windows environments.
Remote code execution in Windows Routing and Remote Access Service (RRAS) across Windows Server 2012, 2022, and 2022 23h2 stems from an integer overflow vulnerability that authenticated network attackers can exploit with user interaction. Public exploit code exists for this vulnerability, enabling attackers to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. No patch is currently available.
Privilege escalation in Windows Authentication Methods (Windows 10 22H2, Windows 11 26H1) stems from a use-after-free memory vulnerability that allows authenticated local attackers to gain elevated system privileges. The flaw requires low user privileges and manual interaction but provides complete system compromise through code execution. No patch is currently available for this high-severity vulnerability.
Use after free in Windows Hyper-V allows an authorized attacker to elevate privileges locally. [CVSS 7.0 HIGH]
A division by zero flaw in the Microsoft Graphics Component on Windows 10 and Windows 11 systems enables local attackers to trigger a denial of service condition without requiring special privileges or user interaction. The vulnerability affects multiple Windows versions including Windows 10 1607, 22h2 and Windows 11 25h2, 26h1, with no patch currently available.
Microsoft Graphics Component on Windows 10 21H2, Windows Server 2016, and Windows 11 25H2 is vulnerable to a null pointer dereference that enables local denial of service attacks. An attacker with local access can trigger the vulnerability without requiring elevated privileges or user interaction to crash the graphics component and render the system unavailable. No patch is currently available for this medium-severity vulnerability.
Privilege escalation in Microsoft's Brokering File System on Windows 11 (24h2 and 25h2) stems from a use-after-free vulnerability that allows local attackers to gain elevated system privileges. An attacker with local access can exploit memory corruption to execute arbitrary code with higher privileges, potentially compromising system integrity. No patch is currently available for this vulnerability.
Local code execution in Windows System Image Manager (Windows 11 23h2, Windows Server 2019/2022) through unsafe deserialization of untrusted data. An authenticated local attacker can exploit this vulnerability to execute arbitrary code with elevated privileges. No patch is currently available.
Privilege escalation in Windows Performance Counters via null pointer dereference affects Windows Server 2019 and Windows 11 systems, enabling authenticated local attackers to gain elevated privileges. The vulnerability impacts systems where users have standard account access, allowing them to escalate to higher privilege levels on affected machines. No patch is currently available.
Windows Kerberos authentication in Server 2012 and Windows 10 (versions 1607, 1809) contains a race condition that enables unauthenticated remote attackers to circumvent security feature protections. The synchronization flaw in concurrent resource access allows attackers to bypass intended security controls without user interaction over the network. No patch is currently available for this vulnerability.
Privilege escalation in Windows Device Association Service (Windows 10 versions 1607, 1809, and 21H2) stems from improper synchronization of shared resources, enabling local authenticated users to gain elevated system privileges. The vulnerability requires high attack complexity and no user interaction, making it exploitable by insiders or compromised local accounts. No patch is currently available.
Privilege escalation in Windows Device Association Service across Windows 10, 11, and Server 2022 stems from improper synchronization of shared resources, enabling local authenticated users to gain elevated system privileges. The vulnerability requires local access and specific timing conditions but poses high risk due to its impact on confidentiality, integrity, and availability. No patch is currently available.
Windows SMB Server authentication bypass across multiple versions (Windows 10 1607, Windows 11 23h2, Windows Server 2012/2025) permits authenticated local users to escalate privileges with high impact to confidentiality, integrity, and availability. The vulnerability stems from improper authentication validation in the SMB service, allowing a local attacker to gain system-level access without user interaction. No patch is currently available, leaving affected systems vulnerable to privilege escalation attacks from any authenticated user.
Privilege escalation in Windows Ancillary Function Driver for WinSock affects Windows 11 24H2, Windows Server 2022, and Windows Server 2025, allowing authenticated local attackers to gain system-level access through null pointer dereference. The vulnerability requires valid user credentials and local access but no user interaction to exploit. No patch is currently available.
Privilege escalation in Windows Connected Devices Platform Service (Cdpsvc) exploits a use-after-free memory vulnerability, affecting Windows 10 22h2 and Windows 11 (25h2, 26h1). An authenticated local attacker can leverage this flaw to gain system-level privileges on vulnerable systems. No patch is currently available for this high-severity vulnerability.
Privilege escalation in Windows Accessibility Infrastructure (ATBroker.exe) across Windows 10, Windows 11, and Windows Server 2022 stems from improper permission assignments on a critical resource. A local authenticated attacker can exploit this misconfiguration to gain elevated privileges without user interaction. No patch is currently available for this vulnerability.
Windows Projected File System in Windows 11 and Server 2022 contains improper access control that enables authenticated local users to escalate privileges to system level. An attacker with valid credentials can exploit this vulnerability to gain elevated permissions without user interaction. Currently, no patch is available to address this issue.
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. [CVSS 7.8 HIGH]
Arbitrary code execution in Windows 10 (versions 21H2 and 22H2) via heap buffer overflow in Mobile Broadband functionality requires physical access to a target device. An attacker with direct hardware access can trigger memory corruption to achieve kernel-level code execution with full system privileges. No patch is currently available for this vulnerability.
Windows Kernel path traversal vulnerability in Server 2025, Server 2022, Windows 11 24h2, and Windows 10 22h2 enables authenticated local attackers to achieve full system compromise through privilege escalation. The flaw allows an authorized user to manipulate file name or path parameters, bypassing access controls and gaining kernel-level privileges. No patch is currently available.
Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally. [CVSS 7.0 HIGH]
Privilege escalation in Windows 11 (24h2, 26h1) and Windows Server 2022 (23h2) via heap overflow allows authenticated local users to gain system-level access. The vulnerability requires valid credentials but no user interaction, making it a direct path to complete system compromise. No patch is currently available.
Windows Push Message Routing Service contains an out-of-bounds read vulnerability that enables authenticated local users to access sensitive information on affected systems running Windows 10 and Windows 11. The vulnerability requires valid credentials to exploit and poses a confidentiality risk, though no patch is currently available. This affects multiple Windows versions including 21H2, 22H2, and 23H2 releases.
Windows MapUrlToZone security bypass in Windows 11 24H2, Windows 10 21H2, and Windows Server 2016/2025 allows unauthenticated remote attackers to circumvent zone-based security restrictions through improper path equivalence resolution. An attacker can exploit this network-accessible vulnerability without user interaction to bypass intended access controls. No patch is currently available for this high-severity vulnerability.
Windows ReFS contains an out-of-bounds read vulnerability affecting Server 2019, 2022, 2025, and Windows 11 26h1 that enables authenticated local users to escalate privileges with high impact to confidentiality, integrity, and availability. The vulnerability requires low attack complexity and no user interaction, making it exploitable by any authenticated user on the system. No patch is currently available for this HIGH severity issue.
Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability [CVSS 7.8 HIGH]
Privilege escalation in the Windows Bluetooth RFCOM Protocol Driver across Windows 11 26h1, Windows Server 2025, and Windows 10 1809 stems from improper synchronization of concurrent access to shared resources. An authenticated local attacker can exploit this race condition to gain elevated privileges on affected systems. No patch is currently available for this vulnerability.
Remote code execution in Microsoft Windows Print Spooler Components via use-after-free memory corruption enables authenticated network attackers to execute arbitrary code with high privileges. The vulnerability requires valid credentials but no user interaction, presenting a significant risk to organizations where print services are accessible to untrusted internal or remote users. No patch is currently available.
Local privilege escalation in Microsoft Graphics Component on Windows Server 2016 and Windows 11 23h2 stems from improper synchronization of shared resources, enabling authenticated attackers to gain elevated privileges. The race condition vulnerability requires local access and specific timing conditions but carries high impact potential across confidentiality, integrity, and availability. No patch is currently available for this vulnerability.
Use after free in Broadcast DVR allows an authorized attacker to elevate privileges locally. [CVSS 7.0 HIGH]
Privilege escalation in Azure Linux Virtual Machines results from a heap-based buffer overflow that authenticated local users can exploit to gain elevated system access. An attacker with valid credentials can trigger memory corruption to bypass privilege restrictions and assume administrative control of the affected virtual machine. No patch is currently available, making this a critical risk for organizations running Azure Linux infrastructure.
Windows Admin Center in Azure Portal contains an access control flaw that enables local authenticated users to escalate their privileges. An attacker with valid credentials can exploit this vulnerability to gain elevated permissions on the system. No patch is currently available for this issue.
Windows App Installer fails to adequately authenticate package data, enabling network-based attackers to conduct spoofing attacks without user interaction. This vulnerability affects Windows and Windows App installations, potentially allowing threat actors to deceive users into installing malicious or tampered applications. While no patch is currently available, the low EPSS score suggests exploitation is unlikely in the near term.
Medium severity vulnerability in ImageMagick. A 32-bit unsigned integer overflow in the XWD (X Windows) encoder can cause an undersized heap buffer allocation. When writing a extremely large image an out of bounds heap write can occur.
If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the two jail root directories is an ancestor of the other, jailed processes may nonetheless be able to access a shared directory via a nullfs mount, if the administrator has configured one. [CVSS 7.5 HIGH]
'.../...//' in Azure Compute Gallery allows an authorized attacker to elevate privileges locally. [CVSS 6.7 MEDIUM]
Unauthorized information disclosure in Azure Compute Gallery occurs due to insecure default initialization settings that authenticated users can exploit to access sensitive data remotely. An authorized attacker can leverage this vulnerability to read confidential information without requiring user interaction. No patch is currently available for Microsoft products and ACI Confidential Containers.
Privilege escalation in Azure Compute Gallery's regex validation enables high-privileged local users to gain unauthorized system access on affected Microsoft and ACI Confidential Containers systems. An authenticated attacker with elevated permissions can exploit the permissive pattern matching to bypass security controls and achieve full system compromise. No patch is currently available, making this a medium-severity risk for environments running vulnerable versions.
RCE in Microsoft Devices Pricing Program.
Security vulnerability in RustDesk remote desktop client/server. One of 6+ critical CVEs affecting the open-source remote access platform.
RustDesk Server Pro through version 1.7.5 transmits sensitive address book credentials in cleartext over the network heartbeat synchronization API, enabling attackers to intercept and obtain authentication credentials without authentication. The vulnerability affects Windows, macOS, and Linux deployments where the address book sync functionality is enabled. No patch is currently available.
RustDesk Client through version 1.4.5 transmits sensitive preset address book credentials in cleartext during heartbeat synchronization, enabling network eavesdropping attacks across Windows, macOS, Linux, iOS, and Android platforms. An attacker positioned to intercept network traffic can capture authentication credentials by sniffing the unencrypted JSON payload. No patch is currently available for this high-severity vulnerability (CVSS 8.7).
Security vulnerability in RustDesk remote desktop client/server. One of 6+ critical CVEs affecting the open-source remote access platform.
Security vulnerability in RustDesk remote desktop client/server. One of 6+ critical CVEs affecting the open-source remote access platform.
Security vulnerability in RustDesk remote desktop client/server. One of 6+ critical CVEs affecting the open-source remote access platform.
Security vulnerability in RustDesk remote desktop client/server. One of 6+ critical CVEs affecting the open-source remote access platform.
Security vulnerability in RustDesk remote desktop client/server. One of 6+ critical CVEs affecting the open-source remote access platform.
RustDesk Client through version 1.4.5 on Windows, macOS, and Linux uses weak password hashing and improper object prototype handling in its password security and configuration encryption modules, allowing local authenticated attackers to extract embedded sensitive data including passwords and machine identifiers. The vulnerability affects critical cryptographic functions including symmetric_crypt() and decrypt_str_or_original(), enabling attackers with local access and valid credentials to compromise encrypted credentials and system identifiers. No patch is currently available.
Privilege escalation in RustDesk Client through version 1.4.5 on Windows, macOS, Linux, iOS, and Android allows unauthenticated remote attackers to abuse API sync and configuration management functions. The vulnerability in the rendezvous mediator and HTTP sync modules enables attackers to gain elevated privileges without user interaction. No patch is currently available for affected users.
RustDesk Server Pro through version 1.7.5 uses weak cryptographic algorithms in configuration string generation and web console export functions, enabling attackers to extract sensitive embedded data from exported configurations. This vulnerability affects Windows, macOS, and Linux deployments and requires no authentication or user interaction to exploit. No patch is currently available.
RustDesk Client through version 1.4.5 uses a broken cryptographic algorithm that allows attackers to retrieve sensitive embedded data during config import, URI scheme handling, or CLI operations across Windows, macOS, Linux, iOS, Android, and web clients. An unauthenticated remote attacker can exploit this vulnerability without user interaction to extract sensitive configuration information. No patch is currently available for this high-severity vulnerability.
In Microsoft Exchange versions up to 2019 is affected by cleartext transmission of sensitive information (CVSS 7.5).
Local denial of service in Windows CLFS.sys driver allows unprivileged users to crash the system through improper handling of special elements. Affected versions include Windows 11 2024 LTSC and Windows Server 2025 prior to the September 2025 cumulative update, while Windows 25H2 and later contain the patch. No public exploit code is currently available, and the vulnerability carries a CVSS score of 5.5 with zero estimated probability of exploitation.
ADB Explorer through version 0.9.26020 fails to validate user-supplied directory paths, enabling local attackers to trigger recursive deletion of arbitrary filesystem directories including critical system and user folders. An attacker can exploit this by crafting a malicious shortcut or script that launches the application with a sensitive path argument, causing permanent data loss when the application processes the ClearDrag() function at startup or exit. Any user tricked into launching ADB Explorer via a weaponized shortcut or batch file faces complete loss of targeted directories such as Documents or user profile folders.
Microsoft Teams contains an access control vulnerability that enables unauthenticated remote attackers to extract sensitive information without user interaction. The flaw affects Teams deployments and carries a high severity rating, though no patch is currently available. Exploitation requires only network access with no additional prerequisites, making this a significant risk for organizations using the platform.
Remote code execution in Microsoft Semantic Kernel Python SDK before 1.39.4. Code injection in the AI orchestration framework. Patch available.
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Validate sp before freeing associated memory System crash with the following signature [154563.214890] nvme nvme2: NVME-FC{1}: controller connect complete [154564.169363] qla2xxx [0000:b0:00.1]-3002:2: nvme: Sched: Set ZIO exchange threshold to 3.
Windows Admin Center's authentication mechanism can be bypassed by authenticated network users to gain elevated privileges on affected Windows systems. An attacker with valid credentials could exploit this weakness to escalate their access level without additional user interaction. A patch is available to remediate this high-severity vulnerability.
Microsoft Defender for Endpoint on Linux contains a code injection vulnerability that enables adjacent network attackers to execute arbitrary code without authentication. The flaw affects multiple platforms and carries high severity (CVSS 8.8) with no patch currently available. An attacker on the local network could achieve complete system compromise through this unauthenticated attack vector.
Windows Remote Desktop contains an improper privilege management vulnerability (CVE-2026-21533, CVSS 7.8) enabling authorized local attackers to escalate to SYSTEM. KEV-listed, this vulnerability in the RDP subsystem is particularly concerning in environments where Remote Desktop is widely used, as it can be chained with RDP session access for complete system compromise.
Microsoft Exchange Server is vulnerable to UI spoofing attacks that allow unauthenticated remote attackers to misrepresent critical information and deceive users. The vulnerability has a CVSS score of 6.5 and currently lacks an available patch, leaving affected systems exposed to social engineering and impersonation attacks. Organizations running Exchange Server should implement network-level protections and monitor for suspicious activity until a fix is released.
Windows Remote Access Connection Manager contains a null pointer dereference flaw affecting Windows 10 (versions 1809 and 21h2) and Windows 11 (version 23h2) that has been confirmed as actively exploited. A local attacker can trigger a denial of service condition without requiring authentication or user interaction. No patch is currently available for this vulnerability.
Windows SMB Server's authentication mechanism can be bypassed by local authenticated users to gain elevated privileges on affected systems. This high-severity vulnerability (CVSS 7.8) impacts confidentiality, integrity, and availability, though no patch is currently available. Organizations should implement compensating controls and monitor for exploitation attempts targeting this authentication weakness.
Azure IoT Explorer is vulnerable to server-side request forgery that enables unauthenticated network-based attackers to perform spoofing attacks and access sensitive information. The vulnerability requires no user interaction and can be exploited remotely with low attack complexity, affecting the confidentiality of exposed data. No patch is currently available.
Authenticated users can exploit a server-side request forgery vulnerability in Azure MCP Server to escalate their privileges across the network, potentially gaining unauthorized access to sensitive resources. The vulnerability affects Microsoft Azure environments and requires only low attack complexity with no user interaction, making it a significant risk for organizations using this service. No patch is currently available, leaving affected systems exposed to exploitation.
Privilege escalation in Microsoft Azure Connected Machine Agent on Windows allows local authenticated users to bypass authentication mechanisms and gain elevated system privileges. An attacker with existing local access can exploit alternate authentication paths to escalate their permissions without user interaction. No patch is currently available for this vulnerability affecting Arc Enabled Servers.
Remote code execution in Microsoft SharePoint Server through unsafe deserialization of untrusted data allows authenticated attackers to execute arbitrary code with high privileges over the network. The vulnerability requires valid user credentials but no user interaction, making it exploitable by any authorized account. No patch is currently available, leaving affected systems vulnerable until Microsoft releases a fix.
Unsafe pointer dereference in Microsoft Office, SharePoint Server, and 365 Apps enables local code execution with high privileges on affected systems. An attacker with local access can exploit this memory safety flaw to achieve complete system compromise including data theft and modification. No patch is currently available, leaving users vulnerable until Microsoft releases a security update.
Microsoft Excel and Office products are vulnerable to local code execution through unsafe pointer dereferencing, requiring user interaction to trigger. An attacker with local access can exploit this flaw to achieve arbitrary code execution with full system privileges. No patch is currently available, leaving users of affected Office versions at risk.
Remote code execution in Windows RRAS across Server 2016, 2022, and 2025 via an integer overflow vulnerability allows authenticated attackers to execute arbitrary code over the network with high privileges. Public exploit code exists for this vulnerability, and no patch is currently available. Authenticated users with network access can trigger the vulnerability through a simple interaction to gain complete system compromise.
Local code execution in Microsoft Office and 365 Apps stems from a type confusion vulnerability in memory handling that allows unauthenticated attackers to execute arbitrary code with system privileges. The vulnerability affects Office Long Term Servicing Channel deployments and requires only local access with no user interaction to trigger. No patch is currently available, making this a critical risk for organizations running affected Office versions.
Arbitrary code execution in Microsoft Office Excel and related products (Office Online Server, 365 Apps) via out-of-bounds memory read allows local attackers to achieve complete system compromise without requiring user interaction or elevated privileges. This high-severity vulnerability affects multiple Microsoft Office components and currently lacks a security patch. An attacker with local access can exploit memory corruption to execute malicious code with full system permissions.
Heap buffer overflow in Microsoft Office Excel enables local code execution with high integrity and confidentiality impact affecting Office, Office Online Server, and 365 Apps. An attacker with user interaction can achieve arbitrary code execution in the context of the affected application. No patch is currently available for this vulnerability.
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. [CVSS 7.8 HIGH]
Remote code execution in Microsoft SharePoint Server allows authenticated users to bypass input validation and execute arbitrary code across the network. This high-severity vulnerability (CVSS 8.8) affects authorized attackers who can leverage improper validation controls to achieve full system compromise. No patch is currently available, making immediate mitigation and access controls critical for affected organizations.
Microsoft SharePoint Server contains a reflected cross-site scripting vulnerability that allows remote attackers to execute arbitrary scripts in users' browsers through malicious links, enabling spoofing attacks and credential theft. The vulnerability requires user interaction to trigger and affects all SharePoint deployments with no available patch. With a CVSS score of 8.1, this poses a significant risk to organizations relying on SharePoint for collaboration.
Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally. [CVSS 7.8 HIGH]
Privilege escalation in Windows DWM Core Library affects Windows 10 versions 21H2 and 1809 through a use-after-free memory corruption vulnerability that allows authenticated local attackers to gain system-level privileges. The vulnerability requires local access and valid user credentials but no user interaction, creating a significant risk for multi-user systems. No patch is currently available.
Privilege escalation in Windows Telephony Service through heap buffer overflow affects Windows 10 1607, Windows 11 25h2, and Windows Server 2012, allowing adjacent network attackers to gain elevated system access without authentication. The vulnerability has a high CVSS score of 8.8 but currently lacks a patch, creating significant risk for exposed systems. Exploitation requires network proximity but no user interaction.
Windows Winlogon's failure to properly validate symbolic links before file access enables local privilege escalation on affected Windows Server and Windows 10/11 systems. An authenticated attacker can exploit this vulnerability to gain elevated system privileges without user interaction. No patch is currently available for this high-severity issue affecting multiple Windows versions including Server 2025 and Windows 11 26h1.
Unauthorized disclosure of sensitive information in Windows Accessibility Infrastructure (ATBroker.exe) affects Windows Server 2019, 2025, Windows 10 22h2, and Windows 11 25h2, allowing local authenticated attackers to read confidential data. The vulnerability requires user privileges and local access but poses no risk to system integrity or availability. No patch is currently available for this issue.
Windows Shell Link Processing leaks sensitive information over the network in Windows Server 2012, 2019, and 2022, enabling remote spoofing attacks without authentication or user interaction. An unauthenticated attacker can exploit this information disclosure to conduct spoofing attacks against affected systems. No patch is currently available.
Information disclosure in Windows GDI+ affects Windows 11 (24h2, 25h2) and Windows Server 2012/2016, allowing unauthenticated attackers to read sensitive data remotely through an out-of-bounds memory access vulnerability. The flaw requires no user interaction and can be exploited over the network to compromise confidentiality without modifying system data or availability. No patch is currently available for this high-severity vulnerability.
Microsoft Graphics Component contains an out-of-bounds read vulnerability affecting Windows 10 1607, Windows Server 2019, and 2022, enabling local attackers to read sensitive information from memory. The vulnerability requires user interaction and local access, posing a confidentiality risk without offering a currently available patch. Attack complexity is low, making it a practical concern for systems running affected Office and Windows versions.
Windows Ancillary Function Driver for WinSock in Windows Server 2025, 2022, and Windows 10 1809 contains insufficient input validation that allows authenticated local users to escalate privileges. An attacker with local access and valid credentials can exploit this vulnerability to gain elevated system permissions, though no patch is currently available. This HIGH severity vulnerability affects multiple Windows Server and client versions with no active exploit mitigation path.
Windows Ancillary Function Driver for WinSock (AFD) in Windows 11 versions 24h2 and 26h1 contains a use-after-free vulnerability (CWE-416) that allows authenticated local attackers to escalate privileges through memory corruption. An attacker with local access could exploit this flaw to gain elevated system permissions, though no official patch is currently available.
Privilege escalation in Windows Active Directory Domain Services (AD DS) across Windows 11, Windows 10, and Windows Server platforms allows authenticated network attackers to gain elevated privileges by exploiting improper validation of resource naming restrictions. An attacker with valid domain credentials can leverage this vulnerability to escalate their access level without user interaction. Currently, no patch is available, leaving all affected Windows versions vulnerable.
Windows Ancillary Function Driver for WinSock in Windows 10 (all versions) and Windows 11 contains an access control weakness that enables authenticated local attackers to escalate privileges to system level. An attacker with standard user credentials can exploit this flaw to gain elevated rights on affected systems. No patch is currently available for this vulnerability.
Out-of-bounds read in Windows NTFS allows an authorized attacker to elevate privileges locally. [CVSS 7.8 HIGH]
Windows Extensible File Allocation (exFAT) contains an out-of-bounds read vulnerability affecting Windows Server 2022, Windows 10 1607, and Windows 11 versions 23h2/25h2, enabling authenticated local users to escalate privileges with high impact on confidentiality, integrity, and availability. The vulnerability requires local access and user-level privileges to exploit, with no patch currently available. This flaw carries a CVSS score of 7.8 and affects multiple supported Windows versions across server and client platforms.
Remote code execution in Windows RRAS affects Windows 10 1607 and Windows Server 2022 23h2 through an integer overflow vulnerability exploitable by authenticated network attackers. Public exploit code exists for this vulnerability, enabling authenticated users to execute arbitrary code with high integrity and confidentiality impact. No patch is currently available, making this a critical exposure for affected Windows environments.
Remote code execution in Windows Routing and Remote Access Service (RRAS) across Windows Server 2012, 2022, and 2022 23h2 stems from an integer overflow vulnerability that authenticated network attackers can exploit with user interaction. Public exploit code exists for this vulnerability, enabling attackers to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. No patch is currently available.
Privilege escalation in Windows Authentication Methods (Windows 10 22H2, Windows 11 26H1) stems from a use-after-free memory vulnerability that allows authenticated local attackers to gain elevated system privileges. The flaw requires low user privileges and manual interaction but provides complete system compromise through code execution. No patch is currently available for this high-severity vulnerability.
Use after free in Windows Hyper-V allows an authorized attacker to elevate privileges locally. [CVSS 7.0 HIGH]
A division by zero flaw in the Microsoft Graphics Component on Windows 10 and Windows 11 systems enables local attackers to trigger a denial of service condition without requiring special privileges or user interaction. The vulnerability affects multiple Windows versions including Windows 10 1607, 22h2 and Windows 11 25h2, 26h1, with no patch currently available.
Microsoft Graphics Component on Windows 10 21H2, Windows Server 2016, and Windows 11 25H2 is vulnerable to a null pointer dereference that enables local denial of service attacks. An attacker with local access can trigger the vulnerability without requiring elevated privileges or user interaction to crash the graphics component and render the system unavailable. No patch is currently available for this medium-severity vulnerability.
Privilege escalation in Microsoft's Brokering File System on Windows 11 (24h2 and 25h2) stems from a use-after-free vulnerability that allows local attackers to gain elevated system privileges. An attacker with local access can exploit memory corruption to execute arbitrary code with higher privileges, potentially compromising system integrity. No patch is currently available for this vulnerability.
Local code execution in Windows System Image Manager (Windows 11 23h2, Windows Server 2019/2022) through unsafe deserialization of untrusted data. An authenticated local attacker can exploit this vulnerability to execute arbitrary code with elevated privileges. No patch is currently available.
Privilege escalation in Windows Performance Counters via null pointer dereference affects Windows Server 2019 and Windows 11 systems, enabling authenticated local attackers to gain elevated privileges. The vulnerability impacts systems where users have standard account access, allowing them to escalate to higher privilege levels on affected machines. No patch is currently available.
Windows Kerberos authentication in Server 2012 and Windows 10 (versions 1607, 1809) contains a race condition that enables unauthenticated remote attackers to circumvent security feature protections. The synchronization flaw in concurrent resource access allows attackers to bypass intended security controls without user interaction over the network. No patch is currently available for this vulnerability.
Privilege escalation in Windows Device Association Service (Windows 10 versions 1607, 1809, and 21H2) stems from improper synchronization of shared resources, enabling local authenticated users to gain elevated system privileges. The vulnerability requires high attack complexity and no user interaction, making it exploitable by insiders or compromised local accounts. No patch is currently available.
Privilege escalation in Windows Device Association Service across Windows 10, 11, and Server 2022 stems from improper synchronization of shared resources, enabling local authenticated users to gain elevated system privileges. The vulnerability requires local access and specific timing conditions but poses high risk due to its impact on confidentiality, integrity, and availability. No patch is currently available.
Windows SMB Server authentication bypass across multiple versions (Windows 10 1607, Windows 11 23h2, Windows Server 2012/2025) permits authenticated local users to escalate privileges with high impact to confidentiality, integrity, and availability. The vulnerability stems from improper authentication validation in the SMB service, allowing a local attacker to gain system-level access without user interaction. No patch is currently available, leaving affected systems vulnerable to privilege escalation attacks from any authenticated user.
Privilege escalation in Windows Ancillary Function Driver for WinSock affects Windows 11 24H2, Windows Server 2022, and Windows Server 2025, allowing authenticated local attackers to gain system-level access through null pointer dereference. The vulnerability requires valid user credentials and local access but no user interaction to exploit. No patch is currently available.
Privilege escalation in Windows Connected Devices Platform Service (Cdpsvc) exploits a use-after-free memory vulnerability, affecting Windows 10 22h2 and Windows 11 (25h2, 26h1). An authenticated local attacker can leverage this flaw to gain system-level privileges on vulnerable systems. No patch is currently available for this high-severity vulnerability.
Privilege escalation in Windows Accessibility Infrastructure (ATBroker.exe) across Windows 10, Windows 11, and Windows Server 2022 stems from improper permission assignments on a critical resource. A local authenticated attacker can exploit this misconfiguration to gain elevated privileges without user interaction. No patch is currently available for this vulnerability.
Windows Projected File System in Windows 11 and Server 2022 contains improper access control that enables authenticated local users to escalate privileges to system level. An attacker with valid credentials can exploit this vulnerability to gain elevated permissions without user interaction. Currently, no patch is available to address this issue.
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. [CVSS 7.8 HIGH]
Arbitrary code execution in Windows 10 (versions 21H2 and 22H2) via heap buffer overflow in Mobile Broadband functionality requires physical access to a target device. An attacker with direct hardware access can trigger memory corruption to achieve kernel-level code execution with full system privileges. No patch is currently available for this vulnerability.
Windows Kernel path traversal vulnerability in Server 2025, Server 2022, Windows 11 24h2, and Windows 10 22h2 enables authenticated local attackers to achieve full system compromise through privilege escalation. The flaw allows an authorized user to manipulate file name or path parameters, bypassing access controls and gaining kernel-level privileges. No patch is currently available.
Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally. [CVSS 7.0 HIGH]
Privilege escalation in Windows 11 (24h2, 26h1) and Windows Server 2022 (23h2) via heap overflow allows authenticated local users to gain system-level access. The vulnerability requires valid credentials but no user interaction, making it a direct path to complete system compromise. No patch is currently available.
Windows Push Message Routing Service contains an out-of-bounds read vulnerability that enables authenticated local users to access sensitive information on affected systems running Windows 10 and Windows 11. The vulnerability requires valid credentials to exploit and poses a confidentiality risk, though no patch is currently available. This affects multiple Windows versions including 21H2, 22H2, and 23H2 releases.
Windows MapUrlToZone security bypass in Windows 11 24H2, Windows 10 21H2, and Windows Server 2016/2025 allows unauthenticated remote attackers to circumvent zone-based security restrictions through improper path equivalence resolution. An attacker can exploit this network-accessible vulnerability without user interaction to bypass intended access controls. No patch is currently available for this high-severity vulnerability.
Windows ReFS contains an out-of-bounds read vulnerability affecting Server 2019, 2022, 2025, and Windows 11 26h1 that enables authenticated local users to escalate privileges with high impact to confidentiality, integrity, and availability. The vulnerability requires low attack complexity and no user interaction, making it exploitable by any authenticated user on the system. No patch is currently available for this HIGH severity issue.
Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability [CVSS 7.8 HIGH]
Privilege escalation in the Windows Bluetooth RFCOM Protocol Driver across Windows 11 26h1, Windows Server 2025, and Windows 10 1809 stems from improper synchronization of concurrent access to shared resources. An authenticated local attacker can exploit this race condition to gain elevated privileges on affected systems. No patch is currently available for this vulnerability.
Remote code execution in Microsoft Windows Print Spooler Components via use-after-free memory corruption enables authenticated network attackers to execute arbitrary code with high privileges. The vulnerability requires valid credentials but no user interaction, presenting a significant risk to organizations where print services are accessible to untrusted internal or remote users. No patch is currently available.
Local privilege escalation in Microsoft Graphics Component on Windows Server 2016 and Windows 11 23h2 stems from improper synchronization of shared resources, enabling authenticated attackers to gain elevated privileges. The race condition vulnerability requires local access and specific timing conditions but carries high impact potential across confidentiality, integrity, and availability. No patch is currently available for this vulnerability.
Use after free in Broadcast DVR allows an authorized attacker to elevate privileges locally. [CVSS 7.0 HIGH]
Privilege escalation in Azure Linux Virtual Machines results from a heap-based buffer overflow that authenticated local users can exploit to gain elevated system access. An attacker with valid credentials can trigger memory corruption to bypass privilege restrictions and assume administrative control of the affected virtual machine. No patch is currently available, making this a critical risk for organizations running Azure Linux infrastructure.
Windows Admin Center in Azure Portal contains an access control flaw that enables local authenticated users to escalate their privileges. An attacker with valid credentials can exploit this vulnerability to gain elevated permissions on the system. No patch is currently available for this issue.
Windows App Installer fails to adequately authenticate package data, enabling network-based attackers to conduct spoofing attacks without user interaction. This vulnerability affects Windows and Windows App installations, potentially allowing threat actors to deceive users into installing malicious or tampered applications. While no patch is currently available, the low EPSS score suggests exploitation is unlikely in the near term.
Medium severity vulnerability in ImageMagick. A 32-bit unsigned integer overflow in the XWD (X Windows) encoder can cause an undersized heap buffer allocation. When writing a extremely large image an out of bounds heap write can occur.
If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the two jail root directories is an ancestor of the other, jailed processes may nonetheless be able to access a shared directory via a nullfs mount, if the administrator has configured one. [CVSS 7.5 HIGH]
'.../...//' in Azure Compute Gallery allows an authorized attacker to elevate privileges locally. [CVSS 6.7 MEDIUM]
Unauthorized information disclosure in Azure Compute Gallery occurs due to insecure default initialization settings that authenticated users can exploit to access sensitive data remotely. An authorized attacker can leverage this vulnerability to read confidential information without requiring user interaction. No patch is currently available for Microsoft products and ACI Confidential Containers.
Privilege escalation in Azure Compute Gallery's regex validation enables high-privileged local users to gain unauthorized system access on affected Microsoft and ACI Confidential Containers systems. An authenticated attacker with elevated permissions can exploit the permissive pattern matching to bypass security controls and achieve full system compromise. No patch is currently available, making this a medium-severity risk for environments running vulnerable versions.
RCE in Microsoft Devices Pricing Program.
Security vulnerability in RustDesk remote desktop client/server. One of 6+ critical CVEs affecting the open-source remote access platform.
RustDesk Server Pro through version 1.7.5 transmits sensitive address book credentials in cleartext over the network heartbeat synchronization API, enabling attackers to intercept and obtain authentication credentials without authentication. The vulnerability affects Windows, macOS, and Linux deployments where the address book sync functionality is enabled. No patch is currently available.
RustDesk Client through version 1.4.5 transmits sensitive preset address book credentials in cleartext during heartbeat synchronization, enabling network eavesdropping attacks across Windows, macOS, Linux, iOS, and Android platforms. An attacker positioned to intercept network traffic can capture authentication credentials by sniffing the unencrypted JSON payload. No patch is currently available for this high-severity vulnerability (CVSS 8.7).
Security vulnerability in RustDesk remote desktop client/server. One of 6+ critical CVEs affecting the open-source remote access platform.
Security vulnerability in RustDesk remote desktop client/server. One of 6+ critical CVEs affecting the open-source remote access platform.
Security vulnerability in RustDesk remote desktop client/server. One of 6+ critical CVEs affecting the open-source remote access platform.
Security vulnerability in RustDesk remote desktop client/server. One of 6+ critical CVEs affecting the open-source remote access platform.
Security vulnerability in RustDesk remote desktop client/server. One of 6+ critical CVEs affecting the open-source remote access platform.
RustDesk Client through version 1.4.5 on Windows, macOS, and Linux uses weak password hashing and improper object prototype handling in its password security and configuration encryption modules, allowing local authenticated attackers to extract embedded sensitive data including passwords and machine identifiers. The vulnerability affects critical cryptographic functions including symmetric_crypt() and decrypt_str_or_original(), enabling attackers with local access and valid credentials to compromise encrypted credentials and system identifiers. No patch is currently available.
Privilege escalation in RustDesk Client through version 1.4.5 on Windows, macOS, Linux, iOS, and Android allows unauthenticated remote attackers to abuse API sync and configuration management functions. The vulnerability in the rendezvous mediator and HTTP sync modules enables attackers to gain elevated privileges without user interaction. No patch is currently available for affected users.
RustDesk Server Pro through version 1.7.5 uses weak cryptographic algorithms in configuration string generation and web console export functions, enabling attackers to extract sensitive embedded data from exported configurations. This vulnerability affects Windows, macOS, and Linux deployments and requires no authentication or user interaction to exploit. No patch is currently available.
RustDesk Client through version 1.4.5 uses a broken cryptographic algorithm that allows attackers to retrieve sensitive embedded data during config import, URI scheme handling, or CLI operations across Windows, macOS, Linux, iOS, Android, and web clients. An unauthenticated remote attacker can exploit this vulnerability without user interaction to extract sensitive configuration information. No patch is currently available for this high-severity vulnerability.
In Microsoft Exchange versions up to 2019 is affected by cleartext transmission of sensitive information (CVSS 7.5).
Local denial of service in Windows CLFS.sys driver allows unprivileged users to crash the system through improper handling of special elements. Affected versions include Windows 11 2024 LTSC and Windows Server 2025 prior to the September 2025 cumulative update, while Windows 25H2 and later contain the patch. No public exploit code is currently available, and the vulnerability carries a CVSS score of 5.5 with zero estimated probability of exploitation.
ADB Explorer through version 0.9.26020 fails to validate user-supplied directory paths, enabling local attackers to trigger recursive deletion of arbitrary filesystem directories including critical system and user folders. An attacker can exploit this by crafting a malicious shortcut or script that launches the application with a sensitive path argument, causing permanent data loss when the application processes the ClearDrag() function at startup or exit. Any user tricked into launching ADB Explorer via a weaponized shortcut or batch file faces complete loss of targeted directories such as Documents or user profile folders.
Microsoft Teams contains an access control vulnerability that enables unauthenticated remote attackers to extract sensitive information without user interaction. The flaw affects Teams deployments and carries a high severity rating, though no patch is currently available. Exploitation requires only network access with no additional prerequisites, making this a significant risk for organizations using the platform.
Remote code execution in Microsoft Semantic Kernel Python SDK before 1.39.4. Code injection in the AI orchestration framework. Patch available.
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Validate sp before freeing associated memory System crash with the following signature [154563.214890] nvme nvme2: NVME-FC{1}: controller connect complete [154564.169363] qla2xxx [0000:b0:00.1]-3002:2: nvme: Sched: Set ZIO exchange threshold to 3.
Windows Admin Center's authentication mechanism can be bypassed by authenticated network users to gain elevated privileges on affected Windows systems. An attacker with valid credentials could exploit this weakness to escalate their access level without additional user interaction. A patch is available to remediate this high-severity vulnerability.
Microsoft Defender for Endpoint on Linux contains a code injection vulnerability that enables adjacent network attackers to execute arbitrary code without authentication. The flaw affects multiple platforms and carries high severity (CVSS 8.8) with no patch currently available. An attacker on the local network could achieve complete system compromise through this unauthenticated attack vector.
Windows Remote Desktop contains an improper privilege management vulnerability (CVE-2026-21533, CVSS 7.8) enabling authorized local attackers to escalate to SYSTEM. KEV-listed, this vulnerability in the RDP subsystem is particularly concerning in environments where Remote Desktop is widely used, as it can be chained with RDP session access for complete system compromise.
Microsoft Exchange Server is vulnerable to UI spoofing attacks that allow unauthenticated remote attackers to misrepresent critical information and deceive users. The vulnerability has a CVSS score of 6.5 and currently lacks an available patch, leaving affected systems exposed to social engineering and impersonation attacks. Organizations running Exchange Server should implement network-level protections and monitor for suspicious activity until a fix is released.
Windows Remote Access Connection Manager contains a null pointer dereference flaw affecting Windows 10 (versions 1809 and 21h2) and Windows 11 (version 23h2) that has been confirmed as actively exploited. A local attacker can trigger a denial of service condition without requiring authentication or user interaction. No patch is currently available for this vulnerability.