Kategorie: Allgemein

Improper input validation in Windows Hello allows an authorized attacker to bypass a security feature locally.

Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.

[CVE-2026-32631](https://www.cve.org/CVERecord?id=CVE-2026-32631) is regarding a vulnerability where it is possible to obtain a user’s NTLM hash by tricking them into cloning a malicious repository, or checking out a malicious branch that accesses an attacker-controlled server. By default, NTLM authentication does not need any user interaction. GitHub created this CVE on their behalf. The documented Visual Studio…
Weiterlesen

Improper link resolution before file access (‚link following‘) in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.

Use after free in Windows Container Isolation FS Filter Driver allows an authorized attacker to elevate privileges locally.

Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Concurrent execution using shared resource with improper synchronization (‚race condition‘) in Windows Server Update Service allows an authorized attacker to elevate privileges locally.

Improper neutralization of special elements used in an sql command (’sql injection‘) in SQL Server allows an authorized attacker to elevate privileges locally.