Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227.

CVSS: 7.3 · CWE: CWE-427

View on NVD

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227.

CVSS: 7.3 · CWE: CWE-427

View on NVD

Local privilege escalation due to EXE hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227.

CVSS: 7.3 · CWE: CWE-427

View on NVD

Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227.

CVSS: 7.3 · CWE: CWE-250

View on NVD

Improper input validation in NI-PAL may allow a local authenticated user to access arbitrary system memory, potentially leading to privilege escalation. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux.

CVSS: 7.1 · CWE: CWE-1285

View on NVD

Improper input validation in the NI-PAL kernel driver may allow a local authenticated user to cause a denial of service by triggering a crash due to a NULL pointer dereference. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux.

CVSS: 7.1 · CWE: CWE-476

View on NVD

launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the `file` argument in the `launchEditor`, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters. This issue has been fixed in the `launch-editor` version 2.9.0, corresponding to vite version 5.4…

CVSS: 7.5 · CWE: CWE-77

View on NVD

Improper access control in the PCTCore64.sys Windows kernel driver from PC Tools Internet Security allows user-mode processes to access the PCTCoreDriver WDM device interface and invoke privileged IOCTL handlers. A local attacker with the ability to access or load the affected driver can exploit this vulnerability to perform sensitive and privileged operations on the target system.

CVSS: 7.8 · CWE: CWE-782

View on NVD

Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that may be controllable by an unprivileged user on Windows. Tychon contains a privileged service that uses this OpenSSL component. A user who can place a specially-crafted openssl.cnf file at an appropriate path may be able to achieve arbitrary code execution with SYSTEM privileges.

CVSS: 7.4 · CWE: N/A

View on NVD

Privilege chaining issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege.

CVSS: 7.8 · CWE: CWE-268

View on NVD

Incorrect permission assignment for critical resource issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege.

CVSS: 7.8 · CWE: CWE-732

View on NVD

CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Linux and Windows allows an unauthenticated remote attacker to steal the session token of an authenticated user and perform Administrator Account Takeover via a malicious cross-origin web page visited by the victim. The High security mode is not affect…

CVSS: 7.5 · CWE: CWE-942

View on NVD

Use after free in Core in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.3 · CWE: CWE-416

View on NVD

Use after free in UI in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 · CWE: CWE-416

View on NVD

Integer overflow in XML in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.3 · CWE: CWE-472

View on NVD

Use after free in Core in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.3 · CWE: CWE-416

View on NVD

Use after free in Media in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 · CWE: CWE-416

View on NVD

Use after free in UI in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.3 · CWE: CWE-416

View on NVD

Use after free in ANGLE in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.3 · CWE: CWE-416

View on NVD

Out of bounds read in ANGLE in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 · CWE: CWE-125

View on NVD

Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.3 · CWE: CWE-122

View on NVD

Use after free in Accessibility in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.3 · CWE: CWE-416

View on NVD

Use after free in XR in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

CVSS: 8.3 · CWE: CWE-416

View on NVD

Use after free in Passwords in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.3 · CWE: CWE-416

View on NVD

Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GET /api/prompts/{filename} endpoint on Windows deployments that allows unauthenticated remote attackers to read arbitrary files by supplying absolute Windows paths or backslash-based traversal sequences. Attackers can bypass the incomplete path traversal guard, which only blocks forward slashes and…

CVSS: 7.5 · CWE: CWE-36

View on NVD

This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation.

CVSS: 7.3 · CWE: CWE-532

View on NVD

Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a flaw in Tauri's is_local_url() function causes it to incorrectly classify remote URLs as trusted local origins on Windows and Android. On these systems, Tauri maps custom URI scheme protocols to http://.localhost/ because those platforms' WebView implementations cannot serve custom URI scheme…

CVSS: 8.8 · CWE: CWE-918

View on NVD

NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.

CVSS: 7.8 · CWE: CWE-787

View on NVD

NVIDIA Display Driver for Windows contains a vulnerability where an attacker could cause a time-of-check time-of-use issue. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.

CVSS: 7.8 · CWE: CWE-367

View on NVD

NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user could cause improper access to GPU resources. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.

CVSS: 7.8 · CWE: CWE-862

View on NVD

Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is asked for any URL path that resolves to a directory without an index file, DirPage walks upward through parent directories — past the configured server root — looking for a file named handler.lua to execute as the request handler. The loop terminates only after 100 ancestor steps or when filepath.Dir returns…

CVSS: 9.0 · CWE: CWE-20

View on NVD

NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute arbitrary code with NT AUTHORITY\SYSTEM privileges and to delete arbitrary files with SYSTEM privileges. By leveraging t…

CVSS: 8.5 · CWE: CWE-22

View on NVD

Wine ships a .desktop file that registers itself as a MIME handler for EXE files and several other Windows executable file types. In some configurations, handling of an EXE file causes that file to be blindly executed with the permissions of the invoker. This allows escaping Flatpak and Snap sandboxes, because MIME handlers are not intended for use by code interpreters and loaders. NOTE: some par…

CVSS: 7.3 · CWE: CWE-669

View on NVD

Insertion of sensitive information into log file vulnerability in syslink software AG Avantra on Linux, Windows allows Resource Leak Exposure. This issue affects Avantra: before 25.3.0.

CVSS: 7.5 · CWE: CWE-532

View on NVD

Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows allows Reusing Session IDs (aka Session Replay). This issue affects Avantra: before 25.3.1.

CVSS: 9.6 · CWE: CWE-613

View on NVD

Use after free in XR in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 · CWE: CWE-416

View on NVD

Use after free in GPU in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 · CWE: CWE-416

View on NVD

Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

CVSS: 7.8 · CWE: CWE-59

View on NVD

Claude HUD through 0.0.12, patched in commit 234d9aa, contains a command injection vulnerability that allows local attackers to execute arbitrary commands by manipulating the COMSPEC environment variable. Attackers can set COMSPEC to an arbitrary binary path before claude-hud performs its version check, causing execFile() to execute the attacker-supplied executable with cmd.exe arguments, resulti…

CVSS: 7.8 · CWE: CWE-427

View on NVD

Kite 4.2.0.1 U1 contains an unquoted service path vulnerability in the KiteService Windows service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can place a malicious executable in the Program Files directory to be executed with LocalSystem privileges when the service starts.

CVSS: 7.8 · CWE: CWE-428

View on NVD

A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows versions 12.5.0.2421 through 12.5.0.2434), distributed from the legitimate website daemon-tools.cc between approximately April 8, 2026, and May 5, 2026. Attackers gained unauthorized access to the vendor's (AVB Disc Soft) build or distribution infrastructure and trojanized three binaries: DTHelper.e…

CVSS: 9.8 · CWE: CWE-506

View on NVD

Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows a user to gain SYSTEM level control of a Windows host. When started the metasploitPostgreSQL service would start the postgres.exe child process which would in turn load an OpenSSL configuration file from a static location. This static location would be writable by a pre-existing "vagrant" user, if they already…

CVSS: 8.5 · CWE: CWE-284

View on NVD

python-utcp is the python implementation of UTCP. Prior to 1.1.3, the _substitute_utcp_args method in cli_communication_protocol.py inserts user-controlled tool_args values directly into shell command strings without any sanitization or escaping. These commands are then executed via /bin/bash -c (Unix) or powershell.exe -Command (Windows), allowing an attacker to inject arbitrary shell commands.…

CVSS: 8.3 · CWE: CWE-78

View on NVD

Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

CVSS: 8.3 · CWE: CWE-416

View on NVD

Integer overflow in Codecs in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Medium)

CVSS: 8.3 · CWE: CWE-472

View on NVD

Use after free in GTK in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 · CWE: CWE-416

View on NVD

Insufficient policy enforcement in Passwords in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)

CVSS: 7.5 · CWE: CWE-862

View on NVD

Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.3 · CWE: CWE-416

View on NVD

Heap buffer overflow in WebML in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 · CWE: CWE-122

View on NVD

Use after free in Network in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.3 · CWE: CWE-416

View on NVD

Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

CVSS: 8.8 · CWE: CWE-472

View on NVD

Integer overflow in Skia in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

CVSS: 7.5 · CWE: CWE-472

View on NVD

Fleet is open source device management software. Prior to version 4.81.0, a vulnerability in Fleet's software installer pipeline could allow a crafted software package to execute arbitrary commands as root (macOS/Linux) or SYSTEM (Windows) on managed endpoints when an uninstall is triggered. When a software package (.pkg, .deb, .rpm, .exe, or .msi) is uploaded to Fleet, metadata is extracted from…

CVSS: 9.8 · CWE: CWE-78

View on NVD

Fleet is open source device management software. Prior to version 4.82.0, a vulnerability in Fleet's Windows MDM enrollment flow allows authentication tokens from any Azure AD tenant to be accepted. Because Fleet validates JWT signatures using Microsoft's multi-tenant JWKS endpoint but does not enforce the `aud` (audience) or `iss` (issuer) claims, any Microsoft-signed Azure AD access token conta…

CVSS: 7.5 · CWE: CWE-290

View on NVD

SiYuan is an open-source personal knowledge management system. From 2.1.12 to before 3.7.0. SiYuan's Bazaar marketplace renders package author metadata from the public bazaar stage feed into HTML without escaping. In the desktop app this becomes stored XSS, and because SiYuan's Electron windows are created with nodeIntegration: true and contextIsolation: false, a successful payload can call Node.…

CVSS: 8.3 · CWE: CWE-79

View on NVD

Fleet is open source device management software. Prior to version 4.81.0, a vulnerability in Fleet’s Windows MDM management endpoint could allow requests to be processed without proper client certificate validation. In certain circumstances, this could allow an attacker to impersonate an enrolled Windows device and retrieve sensitive configuration data. Fleet’s Windows MDM management endpoint rel…

CVSS: 7.5 · CWE: CWE-295

View on NVD

Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access.

CVSS: 7.8 · CWE: CWE-426

View on NVD

External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access.

CVSS: 7.8 · CWE: CWE-73

View on NVD

The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. Prior to 1.3834.0, the CoworkVMService component in Claude Desktop for Windows ran as SYSTEM and did not validate whether the VM bundle directory was a real directory or an NTFS directory junction before creating files within it. A local non-elevated user could replace the use…

CVSS: 7.8 · CWE: CWE-59

View on NVD

Privilege escalation in the mk_mysql agent plugin on Windows in Checkmk <2.4.0p29, <2.3.0p47, and 2.2.0 (EOL) allows a local unprivileged user able to create a Windows service whose name matches 'MySQL' or 'MariaDB' (or with write access to a binary referenced by such a service) to execute arbitrary code in the context of the Checkmk agent service, which typically runs as SYSTEM.

CVSS: 7.8 · CWE: CWE-427

View on NVD

Bytello Share (Windows Edition) installer executable provided by Bytello insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when invoking the affected installer, arbitrary code may be executed with the privilege of the user invoking the installer.

CVSS: 7.8 · CWE: CWE-427

View on NVD

Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal (e.g. \..\..\ secret.txt) bypasses the directory traversal check in Template.__init__ and the posixpath-based normalization in TemplateLookup.get_template(), allowing reads of files outside the configured template directory. This vulnerability is fixed in 1.3.12.

CVSS: 8.7 · CWE: CWE-22

View on NVD

Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 · CWE: CWE-122

View on NVD

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

CVSS: 7.0 · CWE: CWE-416

View on NVD

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.1, an authenticated Server-Side Request Forgery (SSRF) vulnerability in the Xibo CMS allows users with Library upload permissions to make arbitrary HTTP requests from the CMS server to internal or external network resources. This can be exploited to scan internal…

CVSS: 7.7 · CWE: CWE-918

View on NVD

Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.

CVSS: 9.8 · CWE: CWE-122

View on NVD

Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.

CVSS: 9.8 · CWE: CWE-121

View on NVD

Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 · CWE: CWE-73

View on NVD

Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

CVSS: 8.8 · CWE: CWE-284

View on NVD

Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.

CVSS: 8.1 · CWE: CWE-416

View on NVD

Windows TCP/IP Denial of Service Vulnerability

CVSS: 7.4 · CWE: CWE-476

View on NVD

Windows TCP/IP Denial of Service Vulnerability

CVSS: 7.4 · CWE: CWE-476

View on NVD

Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally.

CVSS: 7.0 · CWE: CWE-416

View on NVD

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 · CWE: CWE-416

View on NVD

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 · CWE: CWE-122

View on NVD

Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.

CVSS: 7.5 · CWE: CWE-416

View on NVD

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network.

CVSS: 7.5 · CWE: CWE-476

View on NVD

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.

CVSS: 8.8 · CWE: CWE-122

View on NVD

Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.

CVSS: 9.3 · CWE: CWE-416

View on NVD

Windows TCP/IP Denial of Service Vulnerability

CVSS: 7.1 · CWE: CWE-476

View on NVD

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 · CWE: CWE-121

View on NVD

Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 · CWE: CWE-122

View on NVD

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 · CWE: CWE-191

View on NVD

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 · CWE: CWE-416

View on NVD

Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 · CWE: CWE-122

View on NVD

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 · CWE: CWE-822

View on NVD

Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

CVSS: 8.3 · CWE: CWE-862

View on NVD

Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.

CVSS: 7.5 · CWE: CWE-401

View on NVD

Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.

CVSS: 7.8 · CWE: CWE-122

View on NVD

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 · CWE: CWE-122

View on NVD

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 · CWE: CWE-367

View on NVD

Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 · CWE: CWE-843

View on NVD

Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVSS: 7.0 · CWE: CWE-416

View on NVD

Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 · CWE: CWE-190

View on NVD

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 · CWE: CWE-362

View on NVD

Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

CVSS: 7.0 · CWE: CWE-416

View on NVD

Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVSS: 7.0 · CWE: CWE-362

View on NVD

Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 · CWE: CWE-843

View on NVD

Heap-based buffer overflow in Windows Application Identity (AppID) Subsystem allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 · CWE: CWE-122

View on NVD

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.

CVSS: 7.0 · CWE: CWE-362

View on NVD