Skip to main content

Windows Server 2019

4241 CVEs product

Monthly

CVE-2026-25172 HIGH POC PATCH This Week

Remote code execution in Windows Routing and Remote Access Service (RRAS) across Windows Server 2012, 2022, and 2022 23h2 stems from an integer overflow vulnerability that authenticated network attackers can exploit with user interaction. Public exploit code exists for this vulnerability, enabling attackers to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. No patch is currently available.

Microsoft Buffer Overflow Heap Overflow Windows Server 2022 Windows Server 2012 +5
NVD VulDB GitHub
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-25171 HIGH PATCH This Week

Privilege escalation in Windows Authentication Methods (Windows 10 22H2, Windows 11 26H1) stems from a use-after-free memory vulnerability that allows authenticated local attackers to gain elevated system privileges. The flaw requires low user privileges and manual interaction but provides complete system compromise through code execution. No patch is currently available for this high-severity vulnerability.

Use After Free Microsoft Denial Of Service Memory Corruption Windows 10 22h2 +14
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-25169 MEDIUM PATCH This Month

A division by zero flaw in the Microsoft Graphics Component on Windows 10 and Windows 11 systems enables local attackers to trigger a denial of service condition without requiring special privileges or user interaction. The vulnerability affects multiple Windows versions including Windows 10 1607, 22h2 and Windows 11 25h2, 26h1, with no patch currently available.

Microsoft Authentication Bypass Windows 10 1607 Windows 11 25h2 Windows 11 26h1 +11
NVD VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-25168 MEDIUM PATCH This Month

Microsoft Graphics Component on Windows 10 21H2, Windows Server 2016, and Windows 11 25H2 is vulnerable to a null pointer dereference that enables local denial of service attacks. An attacker with local access can trigger the vulnerability without requiring elevated privileges or user interaction to crash the graphics component and render the system unavailable. No patch is currently available for this medium-severity vulnerability.

Microsoft Null Pointer Dereference Denial Of Service Windows 10 21h2 Windows Server 2016 +12
NVD VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-25166 HIGH PATCH This Week

Local code execution in Windows System Image Manager (Windows 11 23h2, Windows Server 2019/2022) through unsafe deserialization of untrusted data. An authenticated local attacker can exploit this vulnerability to execute arbitrary code with elevated privileges. No patch is currently available.

Deserialization Microsoft Windows 11 23h2 Windows Server 2019 Windows Server 2022 23h2 +10
NVD VulDB
CVSS 3.1
7.8
EPSS
0.6%
CVE-2026-25165 HIGH PATCH This Week

Privilege escalation in Windows Performance Counters via null pointer dereference affects Windows Server 2019 and Windows 11 systems, enabling authenticated local attackers to gain elevated privileges. The vulnerability impacts systems where users have standard account access, allowing them to escalate to higher privilege levels on affected machines. No patch is currently available.

Null Pointer Dereference Microsoft Denial Of Service Windows Server 2019 Windows 11 26h1 +13
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-24297 MEDIUM PATCH This Month

Windows Kerberos authentication in Server 2012 and Windows 10 (versions 1607, 1809) contains a race condition that enables unauthenticated remote attackers to circumvent security feature protections. The synchronization flaw in concurrent resource access allows attackers to bypass intended security controls without user interaction over the network. No patch is currently available for this vulnerability.

Race Condition Microsoft Authentication Bypass Windows Server 2012 Windows 10 1607 +6
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-24296 HIGH PATCH This Week

Privilege escalation in Windows Device Association Service (Windows 10 versions 1607, 1809, and 21H2) stems from improper synchronization of shared resources, enabling local authenticated users to gain elevated system privileges. The vulnerability requires high attack complexity and no user interaction, making it exploitable by insiders or compromised local accounts. No patch is currently available.

Race Condition Microsoft Information Disclosure Windows Server 2022 23h2 Windows Server 2019 +13
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-24295 HIGH PATCH This Week

Privilege escalation in Windows Device Association Service across Windows 10, 11, and Server 2022 stems from improper synchronization of shared resources, enabling local authenticated users to gain elevated system privileges. The vulnerability requires local access and specific timing conditions but poses high risk due to its impact on confidentiality, integrity, and availability. No patch is currently available.

Race Condition Microsoft Information Disclosure Windows Server 2022 23h2 Windows 11 24h2 +12
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-24294 HIGH PATCH This Week

Windows SMB Server authentication bypass across multiple versions (Windows 10 1607, Windows 11 23h2, Windows Server 2012/2025) permits authenticated local users to escalate privileges with high impact to confidentiality, integrity, and availability. The vulnerability stems from improper authentication validation in the SMB service, allowing a local attacker to gain system-level access without user interaction. No patch is currently available, leaving affected systems vulnerable to privilege escalation attacks from any authenticated user.

Microsoft Authentication Bypass Windows 10 1607 Windows 10 1809 Windows 10 21h2 +11
NVD VulDB GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-24292 HIGH PATCH This Week

Privilege escalation in Windows Connected Devices Platform Service (Cdpsvc) exploits a use-after-free memory vulnerability, affecting Windows 10 22h2 and Windows 11 (25h2, 26h1). An authenticated local attacker can leverage this flaw to gain system-level privileges on vulnerable systems. No patch is currently available for this high-severity vulnerability.

Use After Free Denial Of Service Memory Corruption Windows 10 22h2 Windows 11 25h2 +10
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-24291 HIGH PATCH This Week

Privilege escalation in Windows Accessibility Infrastructure (ATBroker.exe) across Windows 10, Windows 11, and Windows Server 2022 stems from improper permission assignments on a critical resource. A local authenticated attacker can exploit this misconfiguration to gain elevated privileges without user interaction. No patch is currently available for this vulnerability.

Information Disclosure Microsoft Windows Server 2022 Windows 11 25h2 Windows 11 23h2 +12
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-24290 HIGH PATCH This Week

Windows Projected File System in Windows 11 and Server 2022 contains improper access control that enables authenticated local users to escalate privileges to system level. An attacker with valid credentials can exploit this vulnerability to gain elevated permissions without user interaction. Currently, no patch is available to address this issue.

Microsoft Authentication Bypass Windows 11 24h2 Windows Server 2022 23h2 Windows 11 26h1 +9
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-24289 HIGH PATCH This Week

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. [CVSS 7.8 HIGH]

Use After Free Microsoft Denial Of Service Memory Corruption Windows 10 22h2 +13
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-24287 HIGH PATCH This Week

Windows Kernel path traversal vulnerability in Server 2025, Server 2022, Windows 11 24h2, and Windows 10 22h2 enables authenticated local attackers to achieve full system compromise through privilege escalation. The flaw allows an authorized user to manipulate file name or path parameters, bypassing access controls and gaining kernel-level privileges. No patch is currently available.

Information Disclosure Microsoft Windows Server 2025 Windows 11 24h2 Windows Server 2022 23h2 +9
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-23674 HIGH PATCH This Week

Windows MapUrlToZone security bypass in Windows 11 24H2, Windows 10 21H2, and Windows Server 2016/2025 allows unauthenticated remote attackers to circumvent zone-based security restrictions through improper path equivalence resolution. An attacker can exploit this network-accessible vulnerability without user interaction to bypass intended access controls. No patch is currently available for this high-severity vulnerability.

Microsoft Authentication Bypass Windows 11 24h2 Windows 10 21h2 Windows Server 2025 +12
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-23673 HIGH PATCH This Week

Windows ReFS contains an out-of-bounds read vulnerability affecting Server 2019, 2022, 2025, and Windows 11 26h1 that enables authenticated local users to escalate privileges with high impact to confidentiality, integrity, and availability. The vulnerability requires low attack complexity and no user interaction, making it exploitable by any authenticated user on the system. No patch is currently available for this HIGH severity issue.

Information Disclosure Microsoft Buffer Overflow Windows Server 2019 Windows Server 2025 +13
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-23672 HIGH PATCH This Week

Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability [CVSS 7.8 HIGH]

Information Disclosure Buffer Overflow Microsoft Windows 11 25h2 Windows Server 2019 +13
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23671 HIGH PATCH This Week

Privilege escalation in the Windows Bluetooth RFCOM Protocol Driver across Windows 11 26h1, Windows Server 2025, and Windows 10 1809 stems from improper synchronization of concurrent access to shared resources. An authenticated local attacker can exploit this race condition to gain elevated privileges on affected systems. No patch is currently available for this vulnerability.

Race Condition Information Disclosure Microsoft Windows 11 26h1 Windows Server 2025 +12
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-23668 HIGH PATCH This Week

Local privilege escalation in Microsoft Graphics Component on Windows Server 2016 and Windows 11 23h2 stems from improper synchronization of shared resources, enabling authenticated attackers to gain elevated privileges. The race condition vulnerability requires local access and specific timing conditions but carries high impact potential across confidentiality, integrity, and availability. No patch is currently available for this vulnerability.

Microsoft Industrial Race Condition Windows Server 2016 Windows 11 23h2 +8
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-21519 HIGH KEV PATCH THREAT Act Now

Desktop Window Manager (DWM) in Windows contains a type confusion vulnerability (CVE-2026-21519, CVSS 7.8) that enables authorized local attackers to escalate privileges. KEV-listed, this kernel-level vulnerability in the Windows compositor allows any authenticated user to achieve SYSTEM-level access through exploitation of an incompatible type access in DWM's resource handling.

Buffer Overflow Windows 11 24h2 Windows 11 23h2 Windows 10 21h2 Windows Server 2022 23h2 +9
NVD VulDB
CVSS 3.1
7.8
EPSS
3.1%
CVE-2026-21510 HIGH POC KEV PATCH THREAT Act Now

Windows Shell contains a protection mechanism failure (CVE-2026-21510, CVSS 8.8) that allows unauthenticated remote attackers to bypass security features over a network. KEV-listed, this vulnerability in the core Windows Shell component enables remote code execution by circumventing security boundaries designed to prevent execution of untrusted content received from the network.

Windows Windows 11 23h2 Windows Server 2016 Windows 10 21h2 Windows Server 2025 +10
NVD VulDB GitHub
CVSS 3.1
8.8
EPSS
3.8%
CVE-2026-21508 HIGH PATCH This Week

Windows Storage component contains an authentication bypass that enables authenticated local users to escalate privileges on Windows 10, Windows 11, and Windows Server 2016/2019 systems. An attacker with valid local credentials can exploit this vulnerability to gain elevated system access without user interaction. No patch is currently available for this HIGH severity issue affecting multiple Windows versions.

Windows Windows 10 1809 Windows Server 2016 Windows 11 24h2 Windows 10 1607 +10
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-21255 HIGH PATCH This Week

Windows Hyper-V fails to properly enforce access controls, enabling local authenticated users to circumvent security features and gain unauthorized system access. This high-severity flaw affects Windows 10, Windows 11, Windows Server 2022, and Hyper-V implementations, allowing privileged attackers to escalate privileges across system boundaries. No patch is currently available for this vulnerability.

Windows Hyper-V Windows 10 1607 Windows 11 25h2 Windows Server 2022 +10
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-21251 HIGH PATCH This Week

Privilege escalation in Windows Cluster Client Failover exploits a use-after-free memory vulnerability, enabling authenticated local users to gain elevated system privileges. The flaw affects Windows Server 2016, 2019, and 2025 installations where an attacker with existing local access can trigger the vulnerability through the failover clustering component. No patch is currently available for this high-severity vulnerability.

Windows Use After Free Windows Server 2019 Windows Server 2025 Windows Server 2016 +3
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21248 HIGH POC PATCH This Week

Heap overflow in Windows Hyper-V enables authenticated local users to achieve arbitrary code execution with high privileges on affected Windows and Windows Server systems. An attacker with local access and user-level permissions can trigger memory corruption through user interaction to compromise system integrity and confidentiality. This vulnerability affects Windows 10 1809, Windows Server 2025, and related Hyper-V implementations with no patch currently available.

Windows Hyper-V Buffer Overflow Heap Overflow Windows Server 2025 +12
NVD Exploit-DB VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-21247 HIGH PATCH This Week

Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally. [CVSS 7.3 HIGH]

Windows Hyper-V Windows 11 24h2 Windows 10 22h2 Windows Server 2022 +10
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-21246 HIGH PATCH This Week

Privilege escalation in Microsoft Graphics Component on Windows 11 24H2 and Windows 10 21H2 exploits a heap buffer overflow to allow authenticated local attackers to gain system-level access. The vulnerability requires local access and user interaction is not required, presenting a significant risk in multi-user environments. No patch is currently available.

Microsoft Industrial Buffer Overflow Heap Overflow Windows 11 24h2 +12
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21244 HIGH POC PATCH This Week

Heap overflow in Windows Hyper-V enables authenticated local users to achieve arbitrary code execution with high privileges (CVSS 7.3). Exploitation requires user interaction and local system access, affecting Windows 10 1809 and Windows Server 2025. No patch is currently available.

Windows Hyper-V Buffer Overflow Heap Overflow Windows 10 1809 +12
NVD Exploit-DB VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-21243 HIGH PATCH This Week

Windows LDAP service in Server 2022 and 2022 23H2 is vulnerable to denial of service through a null pointer dereference that can be triggered remotely without authentication. An attacker can exploit this flaw over the network to crash the LDAP service and disrupt directory access functionality. No patch is currently available for this vulnerability.

Windows LDAP Null Pointer Dereference Windows Server 2022 Windows Server 2022 23h2 +3
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-21240 HIGH PATCH This Week

Windows HTTP.sys contains a race condition between privilege checks and resource access that enables local authenticated users to escalate privileges on Windows 10 21H2, Windows 11 23H2, and Windows Server 2025. An attacker with valid credentials can exploit this timing vulnerability to gain system-level access. No patch is currently available for this vulnerability.

Windows Race Condition Windows 10 21h2 Windows 11 23h2 Windows Server 2025 +8
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21239 HIGH PATCH This Week

Privilege escalation via heap buffer overflow in Windows Kernel (Windows 10 21H2, Windows Server 2016) allows authenticated local users to gain elevated system privileges. The vulnerability requires local access and user-level permissions, making it exploitable by authorized account holders to bypass security boundaries. No patch is currently available for this issue.

Linux Windows Buffer Overflow Heap Overflow Windows 10 21h2 +13
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21238 HIGH PATCH This Week

Privilege escalation in the Windows Ancillary Function Driver for WinSock affects Windows 11 and Windows Server 2022/2019, allowing authenticated local users to gain elevated system privileges. The vulnerability stems from improper access control mechanisms and currently lacks a patch. An authenticated attacker with local access can exploit this to achieve full system compromise.

Windows Windows 11 23h2 Windows Server 2022 23h2 Windows 11 25h2 Windows Server 2019 +10
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21236 HIGH PATCH This Week

Windows Ancillary Function Driver for WinSock contains a heap buffer overflow vulnerability that enables authenticated local users to achieve privilege escalation on affected Windows 10 and Server 2012 systems. An attacker with valid user credentials can exploit this memory corruption flaw to execute arbitrary code with elevated privileges. No patch is currently available for this vulnerability.

Windows Buffer Overflow Heap Overflow Windows 10 1607 Windows 10 21h2 +12
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21235 HIGH PATCH This Week

Privilege escalation in Microsoft Graphics Component via use-after-free memory corruption affects Windows Server 2019 and 2012, allowing authenticated local attackers to gain elevated system privileges with user interaction. The vulnerability poses a significant risk in industrial environments where Windows Server hosts critical infrastructure. No patch is currently available for this high-severity issue.

Microsoft Industrial Use After Free Windows Server 2019 Windows Server 2012 +7
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-21234 HIGH PATCH This Week

Local privilege escalation in Windows Connected Devices Platform Service exploits a race condition in resource synchronization, allowing authenticated attackers to gain elevated privileges on affected Windows systems including Server 2022, Windows 11 25h2, and Windows 10 21h2. The vulnerability requires local access and user interaction is not needed, making it a practical attack vector for users with standard privileges. No patch is currently available.

Windows Race Condition Windows Server 2022 Windows 11 25h2 Windows 10 21h2 +8
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-21231 HIGH PATCH This Week

Windows Kernel privilege escalation vulnerability in Windows 10 21H2 and Windows Server 2012 stems from improper synchronization of concurrent access to shared resources, enabling local authenticated users to gain elevated system privileges. The race condition can be triggered without user interaction and impacts confidentiality, integrity, and availability of the affected system. No patch is currently available.

Linux Windows Race Condition Windows 10 21h2 Windows Server 2012 +12
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21222 MEDIUM PATCH This Month

Windows Kernel inadvertently logs sensitive information accessible to authenticated local users, enabling information disclosure attacks. This medium-severity vulnerability affects Windows 10 22H2, Windows 11 23H2, and 24H2, as well as Linux systems, allowing authorized attackers with local access to retrieve confidential data. No patch is currently available for this issue.

Linux Windows Windows 10 22h2 Windows 11 24h2 Windows 11 23h2 +10
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20846 HIGH PATCH This Week

Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network. [CVSS 7.5 HIGH]

Windows Buffer Overflow Windows 11 23h2 Windows 11 24h2 Windows Server 2012 +11
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-21265 MEDIUM PATCH This Month

Windows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. [CVSS 6.4 MEDIUM]

Microsoft Windows Windows 10 22h2 Windows 10 1607 Windows 11 25h2 +10
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2026-20962 MEDIUM PATCH This Month

Uninitialized memory in the Dynamic Root of Trust for Measurement (DRTM) component of Windows 11 25h2, Windows Server 2019, Windows 10 22h2, Windows 10 1809, and Windows 11 23h2 allows a high-privileged local attacker to read sensitive information from kernel memory. The vulnerability requires administrative or equivalent privileges to exploit and carries no patch availability. This issue is tracked under CWE-908 with a CVSS score of 4.4.

Information Disclosure Windows 11 25h2 Windows Server 2019 Windows 10 22h2 Windows 10 1809 +7
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2026-20940 HIGH PATCH This Week

Windows Cloud Files Mini Filter Driver contains a heap-based buffer overflow that enables local privilege escalation on Windows 10 1809, Windows Server 2016, and Windows Server 2022. An authenticated attacker can exploit this vulnerability to gain elevated system privileges without user interaction. No patch is currently available.

Windows Buffer Overflow Heap Overflow Windows 10 1809 Windows Server 2022 +9
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20939 MEDIUM PATCH This Month

Windows File Explorer information disclosure affects Windows 10 and 11 systems, allowing local authenticated attackers to access sensitive data through improper access controls. The vulnerability requires valid user credentials and local system access, posing a risk in multi-user or shared computing environments where sensitive files may be exposed to other authorized users.

Windows Windows Server 2022 23h2 Windows 11 24h2 Windows 10 21h2 Windows 10 1607 +9
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20937 MEDIUM PATCH This Month

Windows File Explorer improperly restricts access to sensitive information, enabling authenticated local users to read confidential data without authorization. This vulnerability affects Windows 10 across multiple versions (1607, 1809, 21H2, 22H2) and requires valid user credentials and local system access to exploit. Currently, no patch is available to remediate this information disclosure issue.

Windows Windows Server 2022 Windows 10 21h2 Windows 10 22h2 Windows 10 1607 +9
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20936 MEDIUM PATCH This Month

Information disclosure in Windows NDIS allows a privileged local attacker with physical access to read sensitive kernel memory regions on Windows 10 and Windows 11 systems. The vulnerability requires both authentication and direct hardware interaction, limiting its practical exploitation to scenarios where an attacker has already compromised system access. No patch is currently available for affected Windows versions including 10 (21h2, 22h2) and 11 (25h2).

Windows Windows 10 22h2 Windows 10 21h2 Windows 11 25h2 Windows Server 2012 +11
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-20934 HIGH PATCH This Week

Privilege escalation in Windows SMB Server (Server 2025, Windows 11 24H2, Windows 10 22H2) stems from improper synchronization of shared resources during concurrent execution, enabling authenticated network attackers to gain elevated privileges. The vulnerability requires high complexity exploitation but carries high impact across confidentiality, integrity, and availability. No patch is currently available.

Windows Race Condition Windows Server 2025 Windows 11 24h2 Windows 10 22h2 +11
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-20932 MEDIUM PATCH This Month

Windows File Explorer information disclosure allows local authenticated users to access sensitive data without authorization. This medium-severity vulnerability affects multiple Windows versions including Windows 11 (24h2 and 25h2), Windows 10 1809, and Windows Server 2019, but no patch is currently available.

Windows Windows 11 24h2 Windows Server 2019 Windows 11 25h2 Windows 10 1809 +9
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20929 HIGH PATCH This Week

Windows HTTP.sys contains an access control weakness that enables authenticated network attackers to escalate privileges on affected Windows systems including Windows 10 and Windows Server 2016/2019. The vulnerability requires low attack complexity and existing user credentials but grants complete compromise of confidentiality, integrity, and availability. No patch is currently available for this HIGH severity issue.

Windows Windows 10 22h2 Windows Server 2019 Windows Server 2016 Windows 10 1809 +8
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-20927 MEDIUM PATCH This Month

Windows SMB Server denial of service via race condition affects Windows 10 21h2, Windows 11 24h2, and Windows Server 2022, allowing authenticated attackers to disrupt service availability through improper synchronization of shared resources. The vulnerability requires network access and specific conditions to trigger but carries no patch availability at this time. Impact is limited to availability with no confidentiality or integrity compromise.

Windows Race Condition Windows Server 2022 Windows 11 24h2 Windows 10 21h2 +12
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-20926 HIGH PATCH This Week

Privilege escalation in Windows SMB Server (versions 10 22h2, 11 23h2, and 11 25h2) stems from improper synchronization of shared resources, allowing authenticated network attackers to elevate privileges. The race condition vulnerability requires specific timing conditions but carries high impact across confidentiality, integrity, and availability. No patch is currently available for this vulnerability.

Windows Race Condition Windows 11 23h2 Windows 11 25h2 Windows 10 22h2 +11
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-20925 MEDIUM PATCH This Month

Windows NTLM authentication across multiple Windows versions (10, Server 2008/2019) allows remote attackers to manipulate file name or path parameters without authentication, enabling network-based identity spoofing attacks. The vulnerability requires user interaction and has no available patch, affecting systems still running older Windows Server editions alongside current Windows 10 releases. An attacker could impersonate legitimate services or users to compromise trust in networked communications.

Windows Windows 10 22h2 Windows Server 2008 Windows 10 1607 Windows Server 2019 +11
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-20924 HIGH PATCH This Week

Privilege escalation in Windows Management Services via use-after-free memory corruption affects Windows 10, Windows 11, and Windows Server 2019, enabling authenticated local attackers to gain elevated system privileges. An authorized user can exploit this vulnerability through a race condition to execute arbitrary code with higher privileges. No patch is currently available for this vulnerability.

Windows Use After Free Windows 11 25h2 Windows Server 2019 Windows 10 22h2 +8
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20923 HIGH PATCH This Week

Privilege escalation in Windows Management Services affects Windows Server 2019, 2022 23h2, and 2025 through a use-after-free vulnerability that allows authenticated local attackers to gain elevated system privileges. The flaw requires low privileges and manual user interaction to trigger, potentially giving attackers complete system control. No patch is currently available for this vulnerability.

Windows Use After Free Windows Server 2022 23h2 Windows Server 2025 Windows Server 2019 +8
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20922 HIGH PATCH This Week

Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally. [CVSS 7.8 HIGH]

Windows Buffer Overflow Heap Overflow Windows 10 1607 Windows 11 25h2 +13
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20919 HIGH PATCH This Week

Windows SMB Server contains a race condition in concurrent resource handling that enables authenticated network attackers to escalate privileges on affected systems including Windows 10 22H2, Windows 10 1607, and Windows Server 2025. The vulnerability requires low attack complexity and network access from an authenticated user, but carries high impact across confidentiality, integrity, and availability. No patch is currently available for this HIGH severity issue (CVSS 7.5).

Windows Race Condition Windows 10 22h2 Windows Server 2025 Windows 10 1607 +11
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-20918 HIGH PATCH This Week

Windows Management Services on Windows 10 and 11 contains a race condition in shared resource synchronization that enables authenticated local users to escalate privileges to system level. The vulnerability affects multiple Windows versions including 22h2, 21h2, and 25h2 builds, with no patch currently available.

Windows Race Condition Windows 11 25h2 Windows 10 22h2 Windows 10 21h2 +8
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20877 HIGH PATCH This Week

Privilege escalation in Windows Management Services affects Windows 10 22h2, Windows Server 2022 23h2, and Windows 11 23h2 through a use-after-free memory flaw. An authenticated local attacker can exploit this vulnerability to gain elevated system privileges. Currently, no patch is available.

Windows Use After Free Windows 10 22h2 Windows Server 2022 23h2 Windows 11 23h2 +8
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20875 HIGH PATCH This Week

Remote denial of service in Windows LSASS affects Windows 10 and 11 through a null pointer dereference that an unauthenticated attacker can trigger over the network. The vulnerability causes service unavailability but does not enable code execution or data theft. No patch is currently available, leaving affected systems vulnerable until Microsoft releases a fix.

Windows Null Pointer Dereference Windows 11 24h2 Windows 10 21h2 Windows 10 1809 +12
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-20874 HIGH PATCH This Week

Privilege escalation in Windows Management Services on Windows 10 and 11 stems from improper synchronization of shared resources, enabling local authenticated attackers to gain elevated privileges. The race condition can be exploited without user interaction and impacts confidentiality, integrity, and availability across system boundaries. No patch is currently available for this vulnerability.

Windows Race Condition Windows 11 23h2 Windows 11 24h2 Windows 10 1809 +8
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20873 HIGH PATCH This Week

Privilege escalation in Windows Management Services (Windows 10/11) stems from improper synchronization of shared resources, allowing authenticated local users to gain elevated privileges through race condition exploitation. The vulnerability affects multiple Windows versions including 22H2 and 24H2 builds, with no patch currently available. An attacker with valid credentials can leverage this flaw to escalate from a standard user account to system-level access.

Windows Race Condition Windows 10 22h2 Windows 11 24h2 Windows 10 1809 +8
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20869 HIGH PATCH This Week

Local privilege escalation in Windows Local Session Manager (LSM) across Windows 11 23h2, Windows Server 2012, and 2019 stems from improper synchronization in shared resource handling, enabling authenticated attackers to elevate privileges on affected systems. The vulnerability requires local access and specific timing conditions to exploit, with no patch currently available. This affects systems running the impacted Windows and Server editions where authenticated users may achieve system-level privileges.

Windows Race Condition Windows 11 23h2 Windows Server 2012 Windows Server 2019 +12
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-20868 HIGH PATCH This Week

Remote code execution in Windows RRAS affects Windows 10 21h2 and Windows Server 2022 variants through a heap-based buffer overflow triggered over the network without authentication. An attacker can exploit this vulnerability to execute arbitrary code with high privileges, though a user interaction is required to trigger the flaw. No patch is currently available, making this a critical risk for exposed systems.

Windows Buffer Overflow Heap Overflow Windows Server 2022 Windows Server 2022 23h2 +13
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-20867 HIGH PATCH This Week

Local privilege escalation in Windows Management Services affects Windows Server 2019, Windows 11 24h2, and Windows Server 2025 through improper synchronization of shared resources, enabling authenticated users to gain elevated system privileges. The vulnerability exploits a race condition that an attacker can trigger without user interaction, though no patch is currently available.

Windows Race Condition Windows Server 2019 Windows 11 24h2 Windows Server 2025 +8
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20866 HIGH PATCH This Week

Windows Management Services on Windows 10 and Windows Server 2019 contains a race condition in shared resource synchronization that enables local privilege escalation for authenticated users. An attacker with local access can exploit improper locking mechanisms to gain elevated system privileges. No patch is currently available for this vulnerability.

Windows Race Condition Windows Server 2019 Windows 10 22h2 Windows 10 1809 +8
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20865 HIGH PATCH This Week

Privilege escalation in Windows Management Services affects Windows 11 24H2, Windows Server 2022, and 2025 through a use-after-free memory vulnerability that allows authenticated local attackers to gain elevated system privileges. The vulnerability requires local access and manual user interaction is not required, making it exploitable by any authorized account on the system. Currently no patch is available to remediate this issue.

Windows Use After Free Windows 11 24h2 Windows Server 2025 Windows Server 2022 +8
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20862 MEDIUM PATCH This Month

Windows Management Services on Windows 10, 11, and Server 2022 expose sensitive information through an information disclosure vulnerability that allows authenticated local users to read confidential data. An attacker with valid credentials can exploit this to access information they should not be authorized to view, though no remote exploitation or system modification is possible. No patch is currently available for affected systems.

Windows Windows 11 23h2 Windows 10 22h2 Windows Server 2022 23h2 Windows 11 25h2 +7
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20861 HIGH PATCH This Week

Windows Management Services on Windows 10 and Windows Server 2022 contain a race condition in shared resource handling that permits authenticated local attackers to escalate privileges to system level. The vulnerability stems from improper synchronization during concurrent operations and affects multiple Windows versions including Windows 10 22H2 and 1809. No patch is currently available for this high-severity issue (CVSS 7.8).

Windows Race Condition Windows Server 2022 Windows 10 22h2 Windows 10 1809 +8
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20860 HIGH PATCH This Week

Windows 10 1607 is affected by access of resource using incompatible type (type confusion) (CVSS 7.8).

Windows Windows 10 21h2 Windows 11 25h2 Windows Server 2019 Windows Server 2022 23h2 +11
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-20858 HIGH PATCH This Week

Privilege escalation in Windows Management Services affects Windows 10, Windows 11, and Windows Server 2022 through a use-after-free memory vulnerability. An authenticated local attacker can exploit this flaw to gain elevated system privileges. Currently no patch is available and exploitation requires specific conditions to trigger.

Windows Use After Free Windows Server 2022 23h2 Windows 11 23h2 Windows 10 22h2 +8
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20857 HIGH PATCH This Week

Windows Cloud Files Mini Filter Driver contains an unsafe pointer dereference vulnerability that enables authenticated local users to achieve privilege escalation on affected Windows versions including Windows 10 1809, Windows 11, and Windows Server 2022. An attacker with valid credentials can exploit this flaw to gain elevated system privileges without user interaction. No patch is currently available for this high-severity vulnerability.

Windows Windows 10 1809 Windows Server 2022 Windows 11 23h2 Windows 11 24h2 +7
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20856 HIGH PATCH This Week

Remote code execution in Windows Server Update Service affects Windows 11 25h2, Windows Server 2025, 2022, and 2016 due to inadequate input validation, enabling unauthenticated network-based attackers to execute arbitrary code with high impact. The vulnerability requires specific conditions to exploit (high complexity) but carries significant risk across widely-deployed server infrastructure with no patch currently available.

Windows Windows Server 2025 Windows Server 2022 Windows Server 2016 Windows 11 25h2 +10
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-20852 HIGH PATCH This Week

Windows Hello privilege escalation on Windows 10, 11, and Server 2019 allows local attackers without credentials to tamper with system integrity through incorrect privilege assignment. The vulnerability requires local access but no user interaction, enabling unauthorized modifications to protected resources. No patch is currently available for this HIGH severity issue affecting multiple Windows versions.

Windows Windows 11 24h2 Windows 11 25h2 Windows Server 2019 Windows 10 21h2 +9
NVD
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-20849 HIGH PATCH This Week

Windows Kerberos authentication in multiple Windows versions accepts untrusted input during security decisions, enabling authenticated network attackers to escalate privileges without user interaction. The vulnerability affects Windows 10 (versions 1607 and 1809), Windows Server 2012, and Windows Server 2025, with no patch currently available. An attacker with valid credentials can exploit this to gain elevated system access across the network.

Windows Windows Server 2025 Windows 10 1607 Windows Server 2012 Windows 10 1809 +11
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-20848 HIGH PATCH This Week

Privilege escalation via race condition in Windows SMB Server affects Windows 10 21h2, Windows 11 25h2, and Windows Server 2022 23h2, allowing authenticated attackers to gain elevated privileges over the network. The vulnerability stems from improper synchronization when handling concurrent access to shared resources, and no patch is currently available. With a CVSS score of 7.5, this poses a significant risk to organizations using affected Windows versions.

Windows Race Condition Windows 10 21h2 Windows 11 25h2 Windows Server 2022 23h2 +11
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-20847 MEDIUM PATCH This Month

Windows Shell information disclosure in Windows 10, 11, and Server 2019/2022 permits authenticated network attackers to conduct spoofing attacks by accessing sensitive data. The vulnerability requires valid credentials and network access, with no active exploits currently documented. No patch is available at this time.

Windows Windows 10 1607 Windows 11 23h2 Windows Server 2019 Windows Server 2022 +11
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-20844 HIGH PATCH This Week

Windows Clipboard Server contains a use-after-free vulnerability affecting Windows 10 (versions 21H2 and 1809) and Windows Server 2022 (23H2) that enables local privilege escalation without requiring user interaction. An attacker with local access can exploit this memory safety flaw to gain elevated system privileges. No patch is currently available for this vulnerability.

Windows Use After Free Windows 10 21h2 Windows 10 1809 Windows Server 2022 23h2 +10
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-20843 HIGH PATCH This Week

Local privilege escalation in Windows RRAS affects Windows 10, Windows 11, and Windows Server 2022, allowing authenticated users to gain system-level access through improper access control mechanisms. An attacker with local user credentials can exploit this vulnerability to obtain elevated privileges on the affected system. No patch is currently available, leaving vulnerable systems at risk until Microsoft releases a security update.

Windows Windows 11 24h2 Windows 11 25h2 Windows Server 2022 23h2 Windows 10 21h2 +11
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20840 HIGH PATCH This Week

Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally. [CVSS 7.8 HIGH]

Windows Buffer Overflow Heap Overflow Windows 10 21h2 Windows Server 2019 +13
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20839 MEDIUM PATCH This Month

Information disclosure in Windows Client-Side Caching Service allows authenticated local users to read sensitive data on affected systems including Windows 10, Windows 11, and Windows Server editions. An attacker with valid credentials can exploit improper access controls to access cached information without additional user interaction. No patch is currently available for this vulnerability.

Windows Windows 10 21h2 Windows 11 25h2 Windows Server 2008 Windows Server 2025 +11
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20837 HIGH PATCH This Week

Local code execution in Windows Media affects Windows 11 25h2, Windows Server 2019, and Windows Server 2025 through a heap buffer overflow that requires user interaction to trigger. An attacker with local access can exploit this vulnerability to achieve arbitrary code execution with full system privileges. No patch is currently available for this vulnerability.

Windows Buffer Overflow Heap Overflow Windows Server 2025 Windows Server 2019 +9
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20836 HIGH PATCH This Week

Privilege escalation in the Graphics Kernel on Windows 11 and Linux systems results from improper synchronization of concurrent access to shared resources, allowing authenticated local attackers to gain elevated privileges. The vulnerability requires specific timing conditions to exploit but impacts multiple Windows versions and Linux distributions. No patch is currently available for this race condition vulnerability.

Linux Industrial Race Condition Windows 11 23h2 Windows 11 24h2 +11
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-20834 MEDIUM PATCH This Month

Windows Shell path traversal vulnerability affecting Windows 10 21H2, Windows Server 2016, 2019, and 2022 allows an attacker with physical access to spoof system resources without requiring user interaction. The vulnerability has no patch available and poses a confidentiality risk through unauthorized information disclosure.

Windows Path Traversal Windows Server 2016 Windows 10 21h2 Windows Server 2022 23h2 +12
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2026-20833 MEDIUM PATCH This Month

Windows Server 2008 versions up to - is affected by use of a broken or risky cryptographic algorithm (CVSS 5.5).

Windows Windows Server 2022 23h2 Windows Server 2025 Windows Server 2008 Windows Server 2019 +4
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20832 HIGH PATCH This Week

Privileged local attackers can exploit a use-after-free vulnerability in the Windows RPC IDL subsystem to gain system-level code execution on affected Windows 10, Windows 11, Windows Server 2016, and Windows Server 2022 systems. The vulnerability requires local access and valid credentials but allows complete compromise of the target system with no user interaction required. No patch is currently available, leaving vulnerable systems at risk.

Windows Windows 11 23h2 Windows Server 2022 23h2 Windows 10 22h2 Windows Server 2016 +9
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20831 HIGH PATCH This Week

Windows Ancillary Function Driver for WinSock contains a race condition that enables local privilege escalation on affected Windows systems including Server 2008, Server 2019, and Windows 10 22H2. An authenticated attacker can exploit this timing vulnerability to gain elevated privileges with high impact to confidentiality, integrity, and availability. No patch is currently available for this vulnerability.

Windows Race Condition Windows Server 2008 Windows Server 2019 Windows 10 22h2 +12
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20829 MEDIUM PATCH This Month

Out-of-bounds read in Windows TPM allows an authorized attacker to disclose information locally. [CVSS 5.5 MEDIUM]

Windows Windows 10 21h2 Windows 10 22h2 Windows 11 23h2 Windows Server 2022 23h2 +7
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20828 MEDIUM PATCH This Month

Windows Internet Connection Sharing (ICS) contains an out-of-bounds read vulnerability affecting Windows 7 through Windows 11 24H2 and Windows Server 2008-2019, enabling information disclosure through physical access to an affected system. An attacker with direct hardware access can exploit this flaw to read sensitive data from memory, though no patch is currently available. The attack requires physical presence and does not provide code execution or availability impact.

Windows Windows Server 2019 Windows 11 24h2 Windows Server 2008 Windows Server 2016 +11
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2026-20827 MEDIUM PATCH This Month

Information disclosure in Windows Tablet UI (TWINUI) subsystem allows authenticated local users to read sensitive data on affected Windows 11 and Windows Server systems. An attacker with local access can exploit this to retrieve confidential information without requiring user interaction. No patch is currently available for this medium-severity vulnerability.

Windows Windows 11 23h2 Windows Server 2016 Windows 11 24h2 Windows Server 2022 +9
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20826 HIGH PATCH This Week

Privilege escalation in Windows Tablet UI (TWINUI) subsystem on Windows 10, Windows Server 2022, and Windows Server 2025 stems from improper synchronization of shared resources, enabling authenticated local attackers to gain elevated privileges. The race condition vulnerability affects multiple Windows versions and currently has no available patch.

Windows Race Condition Windows Server 2022 23h2 Windows Server 2025 Windows 10 21h2 +10
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20825 MEDIUM PATCH This Month

Improper access control in Windows Hyper-V enables privileged local users to read sensitive system information without authorization. The vulnerability affects Windows 10 (versions 21H2 and 22H2), Windows Server 2025, and Hyper-V implementations where an authenticated attacker with high privileges can bypass security controls to access confidential data. Currently no patch is available for this medium-severity issue.

Windows Hyper-V Windows 10 21h2 Windows Server 2025 Windows 10 22h2 +8
NVD
CVSS 3.1
4.4
EPSS
0.0%
EPSS 0% CVSS 8.0
HIGH POC PATCH This Week

Remote code execution in Windows Routing and Remote Access Service (RRAS) across Windows Server 2012, 2022, and 2022 23h2 stems from an integer overflow vulnerability that authenticated network attackers can exploit with user interaction. Public exploit code exists for this vulnerability, enabling attackers to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. No patch is currently available.

Microsoft Buffer Overflow Heap Overflow +7
NVD VulDB GitHub
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Privilege escalation in Windows Authentication Methods (Windows 10 22H2, Windows 11 26H1) stems from a use-after-free memory vulnerability that allows authenticated local attackers to gain elevated system privileges. The flaw requires low user privileges and manual interaction but provides complete system compromise through code execution. No patch is currently available for this high-severity vulnerability.

Use After Free Microsoft Denial Of Service +16
NVD VulDB
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

A division by zero flaw in the Microsoft Graphics Component on Windows 10 and Windows 11 systems enables local attackers to trigger a denial of service condition without requiring special privileges or user interaction. The vulnerability affects multiple Windows versions including Windows 10 1607, 22h2 and Windows 11 25h2, 26h1, with no patch currently available.

Microsoft Authentication Bypass Windows 10 1607 +13
NVD VulDB
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Microsoft Graphics Component on Windows 10 21H2, Windows Server 2016, and Windows 11 25H2 is vulnerable to a null pointer dereference that enables local denial of service attacks. An attacker with local access can trigger the vulnerability without requiring elevated privileges or user interaction to crash the graphics component and render the system unavailable. No patch is currently available for this medium-severity vulnerability.

Microsoft Null Pointer Dereference Denial Of Service +14
NVD VulDB
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Local code execution in Windows System Image Manager (Windows 11 23h2, Windows Server 2019/2022) through unsafe deserialization of untrusted data. An authenticated local attacker can exploit this vulnerability to execute arbitrary code with elevated privileges. No patch is currently available.

Deserialization Microsoft Windows 11 23h2 +12
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Privilege escalation in Windows Performance Counters via null pointer dereference affects Windows Server 2019 and Windows 11 systems, enabling authenticated local attackers to gain elevated privileges. The vulnerability impacts systems where users have standard account access, allowing them to escalate to higher privilege levels on affected machines. No patch is currently available.

Null Pointer Dereference Microsoft Denial Of Service +15
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Windows Kerberos authentication in Server 2012 and Windows 10 (versions 1607, 1809) contains a race condition that enables unauthenticated remote attackers to circumvent security feature protections. The synchronization flaw in concurrent resource access allows attackers to bypass intended security controls without user interaction over the network. No patch is currently available for this vulnerability.

Race Condition Microsoft Authentication Bypass +8
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Privilege escalation in Windows Device Association Service (Windows 10 versions 1607, 1809, and 21H2) stems from improper synchronization of shared resources, enabling local authenticated users to gain elevated system privileges. The vulnerability requires high attack complexity and no user interaction, making it exploitable by insiders or compromised local accounts. No patch is currently available.

Race Condition Microsoft Information Disclosure +15
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Privilege escalation in Windows Device Association Service across Windows 10, 11, and Server 2022 stems from improper synchronization of shared resources, enabling local authenticated users to gain elevated system privileges. The vulnerability requires local access and specific timing conditions but poses high risk due to its impact on confidentiality, integrity, and availability. No patch is currently available.

Race Condition Microsoft Information Disclosure +14
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Windows SMB Server authentication bypass across multiple versions (Windows 10 1607, Windows 11 23h2, Windows Server 2012/2025) permits authenticated local users to escalate privileges with high impact to confidentiality, integrity, and availability. The vulnerability stems from improper authentication validation in the SMB service, allowing a local attacker to gain system-level access without user interaction. No patch is currently available, leaving affected systems vulnerable to privilege escalation attacks from any authenticated user.

Microsoft Authentication Bypass Windows 10 1607 +13
NVD VulDB GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Privilege escalation in Windows Connected Devices Platform Service (Cdpsvc) exploits a use-after-free memory vulnerability, affecting Windows 10 22h2 and Windows 11 (25h2, 26h1). An authenticated local attacker can leverage this flaw to gain system-level privileges on vulnerable systems. No patch is currently available for this high-severity vulnerability.

Use After Free Denial Of Service Memory Corruption +12
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Privilege escalation in Windows Accessibility Infrastructure (ATBroker.exe) across Windows 10, Windows 11, and Windows Server 2022 stems from improper permission assignments on a critical resource. A local authenticated attacker can exploit this misconfiguration to gain elevated privileges without user interaction. No patch is currently available for this vulnerability.

Information Disclosure Microsoft Windows Server 2022 +14
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Windows Projected File System in Windows 11 and Server 2022 contains improper access control that enables authenticated local users to escalate privileges to system level. An attacker with valid credentials can exploit this vulnerability to gain elevated permissions without user interaction. Currently, no patch is available to address this issue.

Microsoft Authentication Bypass Windows 11 24h2 +11
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. [CVSS 7.8 HIGH]

Use After Free Microsoft Denial Of Service +15
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Windows Kernel path traversal vulnerability in Server 2025, Server 2022, Windows 11 24h2, and Windows 10 22h2 enables authenticated local attackers to achieve full system compromise through privilege escalation. The flaw allows an authorized user to manipulate file name or path parameters, bypassing access controls and gaining kernel-level privileges. No patch is currently available.

Information Disclosure Microsoft Windows Server 2025 +11
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Windows MapUrlToZone security bypass in Windows 11 24H2, Windows 10 21H2, and Windows Server 2016/2025 allows unauthenticated remote attackers to circumvent zone-based security restrictions through improper path equivalence resolution. An attacker can exploit this network-accessible vulnerability without user interaction to bypass intended access controls. No patch is currently available for this high-severity vulnerability.

Microsoft Authentication Bypass Windows 11 24h2 +14
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Windows ReFS contains an out-of-bounds read vulnerability affecting Server 2019, 2022, 2025, and Windows 11 26h1 that enables authenticated local users to escalate privileges with high impact to confidentiality, integrity, and availability. The vulnerability requires low attack complexity and no user interaction, making it exploitable by any authenticated user on the system. No patch is currently available for this HIGH severity issue.

Information Disclosure Microsoft Buffer Overflow +15
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability [CVSS 7.8 HIGH]

Information Disclosure Buffer Overflow Microsoft +15
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Privilege escalation in the Windows Bluetooth RFCOM Protocol Driver across Windows 11 26h1, Windows Server 2025, and Windows 10 1809 stems from improper synchronization of concurrent access to shared resources. An authenticated local attacker can exploit this race condition to gain elevated privileges on affected systems. No patch is currently available for this vulnerability.

Race Condition Information Disclosure Microsoft +14
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in Microsoft Graphics Component on Windows Server 2016 and Windows 11 23h2 stems from improper synchronization of shared resources, enabling authenticated attackers to gain elevated privileges. The race condition vulnerability requires local access and specific timing conditions but carries high impact potential across confidentiality, integrity, and availability. No patch is currently available for this vulnerability.

Microsoft Industrial Race Condition +10
NVD VulDB
EPSS 3% CVSS 7.8
HIGH KEV PATCH THREAT Act Now

Desktop Window Manager (DWM) in Windows contains a type confusion vulnerability (CVE-2026-21519, CVSS 7.8) that enables authorized local attackers to escalate privileges. KEV-listed, this kernel-level vulnerability in the Windows compositor allows any authenticated user to achieve SYSTEM-level access through exploitation of an incompatible type access in DWM's resource handling.

Buffer Overflow Windows 11 24h2 Windows 11 23h2 +11
NVD VulDB
EPSS 4% CVSS 8.8
HIGH POC KEV PATCH THREAT Act Now

Windows Shell contains a protection mechanism failure (CVE-2026-21510, CVSS 8.8) that allows unauthenticated remote attackers to bypass security features over a network. KEV-listed, this vulnerability in the core Windows Shell component enables remote code execution by circumventing security boundaries designed to prevent execution of untrusted content received from the network.

Windows Windows 11 23h2 Windows Server 2016 +12
NVD VulDB GitHub
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Windows Storage component contains an authentication bypass that enables authenticated local users to escalate privileges on Windows 10, Windows 11, and Windows Server 2016/2019 systems. An attacker with valid local credentials can exploit this vulnerability to gain elevated system access without user interaction. No patch is currently available for this HIGH severity issue affecting multiple Windows versions.

Windows Windows 10 1809 Windows Server 2016 +12
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Windows Hyper-V fails to properly enforce access controls, enabling local authenticated users to circumvent security features and gain unauthorized system access. This high-severity flaw affects Windows 10, Windows 11, Windows Server 2022, and Hyper-V implementations, allowing privileged attackers to escalate privileges across system boundaries. No patch is currently available for this vulnerability.

Windows Hyper-V Windows 10 1607 +12
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Privilege escalation in Windows Cluster Client Failover exploits a use-after-free memory vulnerability, enabling authenticated local users to gain elevated system privileges. The flaw affects Windows Server 2016, 2019, and 2025 installations where an attacker with existing local access can trigger the vulnerability through the failover clustering component. No patch is currently available for this high-severity vulnerability.

Windows Use After Free Windows Server 2019 +5
NVD
EPSS 0% CVSS 7.3
HIGH POC PATCH This Week

Heap overflow in Windows Hyper-V enables authenticated local users to achieve arbitrary code execution with high privileges on affected Windows and Windows Server systems. An attacker with local access and user-level permissions can trigger memory corruption through user interaction to compromise system integrity and confidentiality. This vulnerability affects Windows 10 1809, Windows Server 2025, and related Hyper-V implementations with no patch currently available.

Windows Hyper-V Buffer Overflow +14
NVD Exploit-DB VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally. [CVSS 7.3 HIGH]

Windows Hyper-V Windows 11 24h2 +12
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Privilege escalation in Microsoft Graphics Component on Windows 11 24H2 and Windows 10 21H2 exploits a heap buffer overflow to allow authenticated local attackers to gain system-level access. The vulnerability requires local access and user interaction is not required, presenting a significant risk in multi-user environments. No patch is currently available.

Microsoft Industrial Buffer Overflow +14
NVD
EPSS 0% CVSS 7.3
HIGH POC PATCH This Week

Heap overflow in Windows Hyper-V enables authenticated local users to achieve arbitrary code execution with high privileges (CVSS 7.3). Exploitation requires user interaction and local system access, affecting Windows 10 1809 and Windows Server 2025. No patch is currently available.

Windows Hyper-V Buffer Overflow +14
NVD Exploit-DB VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Windows LDAP service in Server 2022 and 2022 23H2 is vulnerable to denial of service through a null pointer dereference that can be triggered remotely without authentication. An attacker can exploit this flaw over the network to crash the LDAP service and disrupt directory access functionality. No patch is currently available for this vulnerability.

Windows LDAP Null Pointer Dereference +5
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Windows HTTP.sys contains a race condition between privilege checks and resource access that enables local authenticated users to escalate privileges on Windows 10 21H2, Windows 11 23H2, and Windows Server 2025. An attacker with valid credentials can exploit this timing vulnerability to gain system-level access. No patch is currently available for this vulnerability.

Windows Race Condition Windows 10 21h2 +10
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Privilege escalation via heap buffer overflow in Windows Kernel (Windows 10 21H2, Windows Server 2016) allows authenticated local users to gain elevated system privileges. The vulnerability requires local access and user-level permissions, making it exploitable by authorized account holders to bypass security boundaries. No patch is currently available for this issue.

Linux Windows Buffer Overflow +15
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Privilege escalation in the Windows Ancillary Function Driver for WinSock affects Windows 11 and Windows Server 2022/2019, allowing authenticated local users to gain elevated system privileges. The vulnerability stems from improper access control mechanisms and currently lacks a patch. An authenticated attacker with local access can exploit this to achieve full system compromise.

Windows Windows 11 23h2 Windows Server 2022 23h2 +12
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Windows Ancillary Function Driver for WinSock contains a heap buffer overflow vulnerability that enables authenticated local users to achieve privilege escalation on affected Windows 10 and Server 2012 systems. An attacker with valid user credentials can exploit this memory corruption flaw to execute arbitrary code with elevated privileges. No patch is currently available for this vulnerability.

Windows Buffer Overflow Heap Overflow +14
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Privilege escalation in Microsoft Graphics Component via use-after-free memory corruption affects Windows Server 2019 and 2012, allowing authenticated local attackers to gain elevated system privileges with user interaction. The vulnerability poses a significant risk in industrial environments where Windows Server hosts critical infrastructure. No patch is currently available for this high-severity issue.

Microsoft Industrial Use After Free +9
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in Windows Connected Devices Platform Service exploits a race condition in resource synchronization, allowing authenticated attackers to gain elevated privileges on affected Windows systems including Server 2022, Windows 11 25h2, and Windows 10 21h2. The vulnerability requires local access and user interaction is not needed, making it a practical attack vector for users with standard privileges. No patch is currently available.

Windows Race Condition Windows Server 2022 +10
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Windows Kernel privilege escalation vulnerability in Windows 10 21H2 and Windows Server 2012 stems from improper synchronization of concurrent access to shared resources, enabling local authenticated users to gain elevated system privileges. The race condition can be triggered without user interaction and impacts confidentiality, integrity, and availability of the affected system. No patch is currently available.

Linux Windows Race Condition +14
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Windows Kernel inadvertently logs sensitive information accessible to authenticated local users, enabling information disclosure attacks. This medium-severity vulnerability affects Windows 10 22H2, Windows 11 23H2, and 24H2, as well as Linux systems, allowing authorized attackers with local access to retrieve confidential data. No patch is currently available for this issue.

Linux Windows Windows 10 22h2 +12
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network. [CVSS 7.5 HIGH]

Windows Buffer Overflow Windows 11 23h2 +13
NVD
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

Windows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. [CVSS 6.4 MEDIUM]

Microsoft Windows Windows 10 22h2 +12
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

Uninitialized memory in the Dynamic Root of Trust for Measurement (DRTM) component of Windows 11 25h2, Windows Server 2019, Windows 10 22h2, Windows 10 1809, and Windows 11 23h2 allows a high-privileged local attacker to read sensitive information from kernel memory. The vulnerability requires administrative or equivalent privileges to exploit and carries no patch availability. This issue is tracked under CWE-908 with a CVSS score of 4.4.

Information Disclosure Windows 11 25h2 Windows Server 2019 +9
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Windows Cloud Files Mini Filter Driver contains a heap-based buffer overflow that enables local privilege escalation on Windows 10 1809, Windows Server 2016, and Windows Server 2022. An authenticated attacker can exploit this vulnerability to gain elevated system privileges without user interaction. No patch is currently available.

Windows Buffer Overflow Heap Overflow +11
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Windows File Explorer information disclosure affects Windows 10 and 11 systems, allowing local authenticated attackers to access sensitive data through improper access controls. The vulnerability requires valid user credentials and local system access, posing a risk in multi-user or shared computing environments where sensitive files may be exposed to other authorized users.

Windows Windows Server 2022 23h2 Windows 11 24h2 +11
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Windows File Explorer improperly restricts access to sensitive information, enabling authenticated local users to read confidential data without authorization. This vulnerability affects Windows 10 across multiple versions (1607, 1809, 21H2, 22H2) and requires valid user credentials and local system access to exploit. Currently, no patch is available to remediate this information disclosure issue.

Windows Windows Server 2022 Windows 10 21h2 +11
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Information disclosure in Windows NDIS allows a privileged local attacker with physical access to read sensitive kernel memory regions on Windows 10 and Windows 11 systems. The vulnerability requires both authentication and direct hardware interaction, limiting its practical exploitation to scenarios where an attacker has already compromised system access. No patch is currently available for affected Windows versions including 10 (21h2, 22h2) and 11 (25h2).

Windows Windows 10 22h2 Windows 10 21h2 +13
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Privilege escalation in Windows SMB Server (Server 2025, Windows 11 24H2, Windows 10 22H2) stems from improper synchronization of shared resources during concurrent execution, enabling authenticated network attackers to gain elevated privileges. The vulnerability requires high complexity exploitation but carries high impact across confidentiality, integrity, and availability. No patch is currently available.

Windows Race Condition Windows Server 2025 +13
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Windows File Explorer information disclosure allows local authenticated users to access sensitive data without authorization. This medium-severity vulnerability affects multiple Windows versions including Windows 11 (24h2 and 25h2), Windows 10 1809, and Windows Server 2019, but no patch is currently available.

Windows Windows 11 24h2 Windows Server 2019 +11
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Windows HTTP.sys contains an access control weakness that enables authenticated network attackers to escalate privileges on affected Windows systems including Windows 10 and Windows Server 2016/2019. The vulnerability requires low attack complexity and existing user credentials but grants complete compromise of confidentiality, integrity, and availability. No patch is currently available for this HIGH severity issue.

Windows Windows 10 22h2 Windows Server 2019 +10
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Windows SMB Server denial of service via race condition affects Windows 10 21h2, Windows 11 24h2, and Windows Server 2022, allowing authenticated attackers to disrupt service availability through improper synchronization of shared resources. The vulnerability requires network access and specific conditions to trigger but carries no patch availability at this time. Impact is limited to availability with no confidentiality or integrity compromise.

Windows Race Condition Windows Server 2022 +14
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Privilege escalation in Windows SMB Server (versions 10 22h2, 11 23h2, and 11 25h2) stems from improper synchronization of shared resources, allowing authenticated network attackers to elevate privileges. The race condition vulnerability requires specific timing conditions but carries high impact across confidentiality, integrity, and availability. No patch is currently available for this vulnerability.

Windows Race Condition Windows 11 23h2 +13
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Windows NTLM authentication across multiple Windows versions (10, Server 2008/2019) allows remote attackers to manipulate file name or path parameters without authentication, enabling network-based identity spoofing attacks. The vulnerability requires user interaction and has no available patch, affecting systems still running older Windows Server editions alongside current Windows 10 releases. An attacker could impersonate legitimate services or users to compromise trust in networked communications.

Windows Windows 10 22h2 Windows Server 2008 +13
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Privilege escalation in Windows Management Services via use-after-free memory corruption affects Windows 10, Windows 11, and Windows Server 2019, enabling authenticated local attackers to gain elevated system privileges. An authorized user can exploit this vulnerability through a race condition to execute arbitrary code with higher privileges. No patch is currently available for this vulnerability.

Windows Use After Free Windows 11 25h2 +10
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Privilege escalation in Windows Management Services affects Windows Server 2019, 2022 23h2, and 2025 through a use-after-free vulnerability that allows authenticated local attackers to gain elevated system privileges. The flaw requires low privileges and manual user interaction to trigger, potentially giving attackers complete system control. No patch is currently available for this vulnerability.

Windows Use After Free Windows Server 2022 23h2 +10
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally. [CVSS 7.8 HIGH]

Windows Buffer Overflow Heap Overflow +15
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Windows SMB Server contains a race condition in concurrent resource handling that enables authenticated network attackers to escalate privileges on affected systems including Windows 10 22H2, Windows 10 1607, and Windows Server 2025. The vulnerability requires low attack complexity and network access from an authenticated user, but carries high impact across confidentiality, integrity, and availability. No patch is currently available for this HIGH severity issue (CVSS 7.5).

Windows Race Condition Windows 10 22h2 +13
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Windows Management Services on Windows 10 and 11 contains a race condition in shared resource synchronization that enables authenticated local users to escalate privileges to system level. The vulnerability affects multiple Windows versions including 22h2, 21h2, and 25h2 builds, with no patch currently available.

Windows Race Condition Windows 11 25h2 +10
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Privilege escalation in Windows Management Services affects Windows 10 22h2, Windows Server 2022 23h2, and Windows 11 23h2 through a use-after-free memory flaw. An authenticated local attacker can exploit this vulnerability to gain elevated system privileges. Currently, no patch is available.

Windows Use After Free Windows 10 22h2 +10
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote denial of service in Windows LSASS affects Windows 10 and 11 through a null pointer dereference that an unauthenticated attacker can trigger over the network. The vulnerability causes service unavailability but does not enable code execution or data theft. No patch is currently available, leaving affected systems vulnerable until Microsoft releases a fix.

Windows Null Pointer Dereference Windows 11 24h2 +14
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Privilege escalation in Windows Management Services on Windows 10 and 11 stems from improper synchronization of shared resources, enabling local authenticated attackers to gain elevated privileges. The race condition can be exploited without user interaction and impacts confidentiality, integrity, and availability across system boundaries. No patch is currently available for this vulnerability.

Windows Race Condition Windows 11 23h2 +10
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Privilege escalation in Windows Management Services (Windows 10/11) stems from improper synchronization of shared resources, allowing authenticated local users to gain elevated privileges through race condition exploitation. The vulnerability affects multiple Windows versions including 22H2 and 24H2 builds, with no patch currently available. An attacker with valid credentials can leverage this flaw to escalate from a standard user account to system-level access.

Windows Race Condition Windows 10 22h2 +10
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in Windows Local Session Manager (LSM) across Windows 11 23h2, Windows Server 2012, and 2019 stems from improper synchronization in shared resource handling, enabling authenticated attackers to elevate privileges on affected systems. The vulnerability requires local access and specific timing conditions to exploit, with no patch currently available. This affects systems running the impacted Windows and Server editions where authenticated users may achieve system-level privileges.

Windows Race Condition Windows 11 23h2 +14
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Windows RRAS affects Windows 10 21h2 and Windows Server 2022 variants through a heap-based buffer overflow triggered over the network without authentication. An attacker can exploit this vulnerability to execute arbitrary code with high privileges, though a user interaction is required to trigger the flaw. No patch is currently available, making this a critical risk for exposed systems.

Windows Buffer Overflow Heap Overflow +15
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in Windows Management Services affects Windows Server 2019, Windows 11 24h2, and Windows Server 2025 through improper synchronization of shared resources, enabling authenticated users to gain elevated system privileges. The vulnerability exploits a race condition that an attacker can trigger without user interaction, though no patch is currently available.

Windows Race Condition Windows Server 2019 +10
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Windows Management Services on Windows 10 and Windows Server 2019 contains a race condition in shared resource synchronization that enables local privilege escalation for authenticated users. An attacker with local access can exploit improper locking mechanisms to gain elevated system privileges. No patch is currently available for this vulnerability.

Windows Race Condition Windows Server 2019 +10
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Privilege escalation in Windows Management Services affects Windows 11 24H2, Windows Server 2022, and 2025 through a use-after-free memory vulnerability that allows authenticated local attackers to gain elevated system privileges. The vulnerability requires local access and manual user interaction is not required, making it exploitable by any authorized account on the system. Currently no patch is available to remediate this issue.

Windows Use After Free Windows 11 24h2 +10
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Windows Management Services on Windows 10, 11, and Server 2022 expose sensitive information through an information disclosure vulnerability that allows authenticated local users to read confidential data. An attacker with valid credentials can exploit this to access information they should not be authorized to view, though no remote exploitation or system modification is possible. No patch is currently available for affected systems.

Windows Windows 11 23h2 Windows 10 22h2 +9
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Windows Management Services on Windows 10 and Windows Server 2022 contain a race condition in shared resource handling that permits authenticated local attackers to escalate privileges to system level. The vulnerability stems from improper synchronization during concurrent operations and affects multiple Windows versions including Windows 10 22H2 and 1809. No patch is currently available for this high-severity issue (CVSS 7.8).

Windows Race Condition Windows Server 2022 +10
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Windows 10 1607 is affected by access of resource using incompatible type (type confusion) (CVSS 7.8).

Windows Windows 10 21h2 Windows 11 25h2 +13
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Privilege escalation in Windows Management Services affects Windows 10, Windows 11, and Windows Server 2022 through a use-after-free memory vulnerability. An authenticated local attacker can exploit this flaw to gain elevated system privileges. Currently no patch is available and exploitation requires specific conditions to trigger.

Windows Use After Free Windows Server 2022 23h2 +10
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Windows Cloud Files Mini Filter Driver contains an unsafe pointer dereference vulnerability that enables authenticated local users to achieve privilege escalation on affected Windows versions including Windows 10 1809, Windows 11, and Windows Server 2022. An attacker with valid credentials can exploit this flaw to gain elevated system privileges without user interaction. No patch is currently available for this high-severity vulnerability.

Windows Windows 10 1809 Windows Server 2022 +9
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Remote code execution in Windows Server Update Service affects Windows 11 25h2, Windows Server 2025, 2022, and 2016 due to inadequate input validation, enabling unauthenticated network-based attackers to execute arbitrary code with high impact. The vulnerability requires specific conditions to exploit (high complexity) but carries significant risk across widely-deployed server infrastructure with no patch currently available.

Windows Windows Server 2025 Windows Server 2022 +12
NVD
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Windows Hello privilege escalation on Windows 10, 11, and Server 2019 allows local attackers without credentials to tamper with system integrity through incorrect privilege assignment. The vulnerability requires local access but no user interaction, enabling unauthorized modifications to protected resources. No patch is currently available for this HIGH severity issue affecting multiple Windows versions.

Windows Windows 11 24h2 Windows 11 25h2 +11
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Windows Kerberos authentication in multiple Windows versions accepts untrusted input during security decisions, enabling authenticated network attackers to escalate privileges without user interaction. The vulnerability affects Windows 10 (versions 1607 and 1809), Windows Server 2012, and Windows Server 2025, with no patch currently available. An attacker with valid credentials can exploit this to gain elevated system access across the network.

Windows Windows Server 2025 Windows 10 1607 +13
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Privilege escalation via race condition in Windows SMB Server affects Windows 10 21h2, Windows 11 25h2, and Windows Server 2022 23h2, allowing authenticated attackers to gain elevated privileges over the network. The vulnerability stems from improper synchronization when handling concurrent access to shared resources, and no patch is currently available. With a CVSS score of 7.5, this poses a significant risk to organizations using affected Windows versions.

Windows Race Condition Windows 10 21h2 +13
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Windows Shell information disclosure in Windows 10, 11, and Server 2019/2022 permits authenticated network attackers to conduct spoofing attacks by accessing sensitive data. The vulnerability requires valid credentials and network access, with no active exploits currently documented. No patch is available at this time.

Windows Windows 10 1607 Windows 11 23h2 +13
NVD
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Windows Clipboard Server contains a use-after-free vulnerability affecting Windows 10 (versions 21H2 and 1809) and Windows Server 2022 (23H2) that enables local privilege escalation without requiring user interaction. An attacker with local access can exploit this memory safety flaw to gain elevated system privileges. No patch is currently available for this vulnerability.

Windows Use After Free Windows 10 21h2 +12
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in Windows RRAS affects Windows 10, Windows 11, and Windows Server 2022, allowing authenticated users to gain system-level access through improper access control mechanisms. An attacker with local user credentials can exploit this vulnerability to obtain elevated privileges on the affected system. No patch is currently available, leaving vulnerable systems at risk until Microsoft releases a security update.

Windows Windows 11 24h2 Windows 11 25h2 +13
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally. [CVSS 7.8 HIGH]

Windows Buffer Overflow Heap Overflow +15
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Information disclosure in Windows Client-Side Caching Service allows authenticated local users to read sensitive data on affected systems including Windows 10, Windows 11, and Windows Server editions. An attacker with valid credentials can exploit improper access controls to access cached information without additional user interaction. No patch is currently available for this vulnerability.

Windows Windows 10 21h2 Windows 11 25h2 +13
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local code execution in Windows Media affects Windows 11 25h2, Windows Server 2019, and Windows Server 2025 through a heap buffer overflow that requires user interaction to trigger. An attacker with local access can exploit this vulnerability to achieve arbitrary code execution with full system privileges. No patch is currently available for this vulnerability.

Windows Buffer Overflow Heap Overflow +11
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Privilege escalation in the Graphics Kernel on Windows 11 and Linux systems results from improper synchronization of concurrent access to shared resources, allowing authenticated local attackers to gain elevated privileges. The vulnerability requires specific timing conditions to exploit but impacts multiple Windows versions and Linux distributions. No patch is currently available for this race condition vulnerability.

Linux Industrial Race Condition +13
NVD
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

Windows Shell path traversal vulnerability affecting Windows 10 21H2, Windows Server 2016, 2019, and 2022 allows an attacker with physical access to spoof system resources without requiring user interaction. The vulnerability has no patch available and poses a confidentiality risk through unauthorized information disclosure.

Windows Path Traversal Windows Server 2016 +14
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Windows Server 2008 versions up to - is affected by use of a broken or risky cryptographic algorithm (CVSS 5.5).

Windows Windows Server 2022 23h2 Windows Server 2025 +6
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Privileged local attackers can exploit a use-after-free vulnerability in the Windows RPC IDL subsystem to gain system-level code execution on affected Windows 10, Windows 11, Windows Server 2016, and Windows Server 2022 systems. The vulnerability requires local access and valid credentials but allows complete compromise of the target system with no user interaction required. No patch is currently available, leaving vulnerable systems at risk.

Windows Windows 11 23h2 Windows Server 2022 23h2 +11
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Windows Ancillary Function Driver for WinSock contains a race condition that enables local privilege escalation on affected Windows systems including Server 2008, Server 2019, and Windows 10 22H2. An authenticated attacker can exploit this timing vulnerability to gain elevated privileges with high impact to confidentiality, integrity, and availability. No patch is currently available for this vulnerability.

Windows Race Condition Windows Server 2008 +14
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Out-of-bounds read in Windows TPM allows an authorized attacker to disclose information locally. [CVSS 5.5 MEDIUM]

Windows Windows 10 21h2 Windows 10 22h2 +9
NVD
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

Windows Internet Connection Sharing (ICS) contains an out-of-bounds read vulnerability affecting Windows 7 through Windows 11 24H2 and Windows Server 2008-2019, enabling information disclosure through physical access to an affected system. An attacker with direct hardware access can exploit this flaw to read sensitive data from memory, though no patch is currently available. The attack requires physical presence and does not provide code execution or availability impact.

Windows Windows Server 2019 Windows 11 24h2 +13
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Information disclosure in Windows Tablet UI (TWINUI) subsystem allows authenticated local users to read sensitive data on affected Windows 11 and Windows Server systems. An attacker with local access can exploit this to retrieve confidential information without requiring user interaction. No patch is currently available for this medium-severity vulnerability.

Windows Windows 11 23h2 Windows Server 2016 +11
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Privilege escalation in Windows Tablet UI (TWINUI) subsystem on Windows 10, Windows Server 2022, and Windows Server 2025 stems from improper synchronization of shared resources, enabling authenticated local attackers to gain elevated privileges. The race condition vulnerability affects multiple Windows versions and currently has no available patch.

Windows Race Condition Windows Server 2022 23h2 +12
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

Improper access control in Windows Hyper-V enables privileged local users to read sensitive system information without authorization. The vulnerability affects Windows 10 (versions 21H2 and 22H2), Windows Server 2025, and Hyper-V implementations where an authenticated attacker with high privileges can bypass security controls to access confidential data. Currently no patch is available for this medium-severity issue.

Windows Hyper-V Windows 10 21h2 +10
NVD
Prev Page 5 of 48 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy