Логотип exploitDog
source:"nvd"
Консоль
Логотип exploitDog

exploitDog

source:"nvd"

Количество 331 614

Количество 331 614

nvd логотип

CVE-2026-20870

27 дней назад

Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

CVSS3: 7.8
EPSS: Низкий
nvd логотип

CVE-2026-2086

2 дня назад

A vulnerability was detected in UTT HiPER 810G up to 1.7.7-171114. Affected by this vulnerability is the function strcpy of the file /goform/formFireWall of the component Management Interface. The manipulation of the argument GroupName results in buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS3: 8.8
EPSS: Низкий
nvd логотип

CVE-2026-20869

27 дней назад

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Local Session Manager (LSM) allows an authorized attacker to elevate privileges locally.

CVSS3: 7
EPSS: Низкий
nvd логотип

CVE-2026-20868

27 дней назад

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

CVSS3: 8.8
EPSS: Низкий
nvd логотип

CVE-2026-20867

27 дней назад

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

CVSS3: 7.8
EPSS: Низкий
nvd логотип

CVE-2026-20866

27 дней назад

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

CVSS3: 7.8
EPSS: Низкий
nvd логотип

CVE-2026-20865

27 дней назад

Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.

CVSS3: 7.8
EPSS: Низкий
nvd логотип

CVE-2026-20864

27 дней назад

Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.

CVSS3: 7.8
EPSS: Низкий
nvd логотип

CVE-2026-20863

27 дней назад

Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

CVSS3: 7
EPSS: Низкий
nvd логотип

CVE-2026-20862

27 дней назад

Exposure of sensitive information to an unauthorized actor in Windows Management Services allows an authorized attacker to disclose information locally.

CVSS3: 5.5
EPSS: Низкий
nvd логотип

CVE-2026-20861

27 дней назад

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

CVSS3: 7.8
EPSS: Низкий
nvd логотип

CVE-2026-20860

27 дней назад

Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVSS3: 7.8
EPSS: Низкий
nvd логотип

CVE-2026-2085

2 дня назад

A security vulnerability has been detected in D-Link DWR-M921 1.1.50. Affected is the function sub_419F20 of the file /boafrm/formUSSDSetup of the component USSD Configuration Endpoint. The manipulation of the argument ussdValue leads to command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.

CVSS3: 7.2
EPSS: Низкий
nvd логотип

CVE-2026-20859

27 дней назад

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.

CVSS3: 7.8
EPSS: Низкий
nvd логотип

CVE-2026-20858

27 дней назад

Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.

CVSS3: 7.8
EPSS: Низкий
nvd логотип

CVE-2026-20857

27 дней назад

Untrusted pointer dereference in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

CVSS3: 7.8
EPSS: Низкий
nvd логотип

CVE-2026-20856

27 дней назад

Improper input validation in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

CVSS3: 8.1
EPSS: Низкий
nvd логотип

CVE-2026-20854

27 дней назад

Use after free in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to execute code over a network.

CVSS3: 7.5
EPSS: Низкий
nvd логотип

CVE-2026-20853

27 дней назад

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows WalletService allows an unauthorized attacker to elevate privileges locally.

CVSS3: 7.4
EPSS: Низкий
nvd логотип

CVE-2026-20852

27 дней назад

Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally.

CVSS3: 7.7
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
nvd логотип
CVE-2026-20870

Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

CVSS3: 7.8
0%
Низкий
27 дней назад
nvd логотип
CVE-2026-2086

A vulnerability was detected in UTT HiPER 810G up to 1.7.7-171114. Affected by this vulnerability is the function strcpy of the file /goform/formFireWall of the component Management Interface. The manipulation of the argument GroupName results in buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS3: 8.8
0%
Низкий
2 дня назад
nvd логотип
CVE-2026-20869

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Local Session Manager (LSM) allows an authorized attacker to elevate privileges locally.

CVSS3: 7
0%
Низкий
27 дней назад
nvd логотип
CVE-2026-20868

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

CVSS3: 8.8
0%
Низкий
27 дней назад
nvd логотип
CVE-2026-20867

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

CVSS3: 7.8
0%
Низкий
27 дней назад
nvd логотип
CVE-2026-20866

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

CVSS3: 7.8
0%
Низкий
27 дней назад
nvd логотип
CVE-2026-20865

Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.

CVSS3: 7.8
0%
Низкий
27 дней назад
nvd логотип
CVE-2026-20864

Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.

CVSS3: 7.8
0%
Низкий
27 дней назад
nvd логотип
CVE-2026-20863

Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

CVSS3: 7
0%
Низкий
27 дней назад
nvd логотип
CVE-2026-20862

Exposure of sensitive information to an unauthorized actor in Windows Management Services allows an authorized attacker to disclose information locally.

CVSS3: 5.5
0%
Низкий
27 дней назад
nvd логотип
CVE-2026-20861

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

CVSS3: 7.8
0%
Низкий
27 дней назад
nvd логотип
CVE-2026-20860

Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVSS3: 7.8
0%
Низкий
27 дней назад
nvd логотип
CVE-2026-2085

A security vulnerability has been detected in D-Link DWR-M921 1.1.50. Affected is the function sub_419F20 of the file /boafrm/formUSSDSetup of the component USSD Configuration Endpoint. The manipulation of the argument ussdValue leads to command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.

CVSS3: 7.2
0%
Низкий
2 дня назад
nvd логотип
CVE-2026-20859

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.

CVSS3: 7.8
0%
Низкий
27 дней назад
nvd логотип
CVE-2026-20858

Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.

CVSS3: 7.8
0%
Низкий
27 дней назад
nvd логотип
CVE-2026-20857

Untrusted pointer dereference in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

CVSS3: 7.8
0%
Низкий
27 дней назад
nvd логотип
CVE-2026-20856

Improper input validation in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

CVSS3: 8.1
0%
Низкий
27 дней назад
nvd логотип
CVE-2026-20854

Use after free in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to execute code over a network.

CVSS3: 7.5
0%
Низкий
27 дней назад
nvd логотип
CVE-2026-20853

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows WalletService allows an unauthorized attacker to elevate privileges locally.

CVSS3: 7.4
0%
Низкий
27 дней назад
nvd логотип
CVE-2026-20852

Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally.

CVSS3: 7.7
0%
Низкий
27 дней назад

Уязвимостей на страницу