CVE-2026-25189
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-24292
Use after free in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.
CVE-2026-24290
Improper access control in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-24287
External control of file name or path in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-23667
Use after free in Broadcast DVR allows an authorized attacker to elevate privileges locally.
CVE-2026-21240
Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
CVE-2026-21234
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.
CVE-2026-20962
Use of uninitialized resource in Dynamic Root of Trust for Measurement (DRTM) allows an authorized attacker to disclose information locally.
CVE-2026-20924
Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-20923
Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-20918
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-20877
Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-20874
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-20873
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-20867
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-20866
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-20865
Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-20864
Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.
CVE-2026-20862
Exposure of sensitive information to an unauthorized actor in Windows Management Services allows an authorized attacker to disclose information locally.
CVE-2026-20861
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.