Common Vulnerabilities and Exposures (CVE)
CVE-2026-20417
In pcie, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation...
CVE-2026-20831
Time-of-check time-of-use (toctou) race condition in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-20418
In Thread, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: W...
CVE-2026-20832
Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerability
CVE-2025-14914
IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution.
CVE-2026-20836
Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally.
CVE-2025-47358
Memory Corruption when user space address is modified and passed to mem_free API, causing kernel memory to be freed inadvertently.
CVE-2026-20837
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.
CVE-2025-47359
Memory Corruption when multiple threads simultaneously access a memory free API.
CVE-2026-20840
Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.
CVE-2025-47363
Memory corruption when calculating oversized partition sizes without proper checks.
CVE-2026-20842
Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.
CVE-2025-47364
Memory corruption while calculating offset from partition start point.
CVE-2026-20844
Use after free in Windows Clipboard Server allows an unauthorized attacker to elevate privileges locally.
CVE-2025-47366
Cryptographic issue when a Trusted Zone with outdated code is triggered by a HLOS providing incorrect input.