CVE-2026-20858
Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-20857
Untrusted pointer dereference in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-20837
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.
CVE-2026-20829
Out-of-bounds read in Windows TPM allows an authorized attacker to disclose information locally.
CVE-2026-20825
Improper access control in Windows Hyper-V allows an authorized attacker to disclose information locally.
CVE-2026-20810
Free of memory not on the heap in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2025-64673
Improper access control in Storvsp.sys Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-64658
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally.
CVE-2025-62467
Integer overflow or wraparound in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2025-62464
Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2025-62462
Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2025-62461
Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-62457
Out-of-bounds read in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-62454
Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-62221
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-59516
Missing authentication for critical function in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-55233
Out-of-bounds read in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2025-62215
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2025-60723
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to deny service over a network.
CVE-2025-60717
Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally.