Autor: Peter Leibling

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

Concurrent execution using shared resource with improper synchronization (‚race condition‘) in .NET Framework allows an unauthorized attacker to deny service over a network.

[CVE-2026-32631](https://www.cve.org/CVERecord?id=CVE-2026-32631) is regarding a vulnerability where it is possible to obtain a user’s NTLM hash by tricking them into cloning a malicious repository, or checking out a malicious branch that accesses an attacker-controlled server. By default, NTLM authentication does not need any user interaction. GitHub created this CVE on their behalf. The documented Visual Studio…
Weiterlesen

Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.

Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.

Improper link resolution before file access (‚link following‘) in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.

Improper input validation in Windows Hello allows an authorized attacker to bypass a security feature locally.

Use of uninitialized resource in Windows Boot Manager allows an unauthorized attacker to bypass a security feature with a physical attack.

Improper access control in Windows RPC API allows an authorized attacker to elevate privileges locally.

Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network.