Microsoft Windows Common Log File System Driver contains a privilege escalation vulnerability that could allow a local, privileged attacker to bypass certain security mechanisms.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Windows Desktop Bridge Elevation of Privilege Vulnerability
Windows AppX Package Manager Elevation of Privilege Vulnerability
Windows Win32k Elevation of Privilege Vulnerability
Windows Security Support Provider Interface Elevation of Privilege Vulnerability
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Use after free in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.
OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. Local attackers with control over service script generation arguments can inject arbitrary commands by providing metacharacter-only values or CR/LF sequences that execute unintended code in the scheduled task context.
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Integer Truncation Privilege Escalation vulnerability which could allow a local attacker to trigger a buffer overflow and escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Untrusted pointer dereference in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
Out-of-bounds read in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.
Windows Graphics Component Elevation of Privilege Vulnerability
Adobe Thor versions 3.9.5.353 and earlier have a vulnerability in the directory search path used to find resources, related to Creative Cloud desktop applications.
Improper input validation in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Windows Kerberos Elevation of Privilege Vulnerability
Windows Container Manager Service Elevation of Privilege Vulnerability
Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.
Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authorized attacker to elevate privileges locally.
Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.
Windows Graphics Component Elevation of Privilege Vulnerability
Use after free in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.
Windows Container Manager Service Elevation of Privilege Vulnerability
Proofpoint Insider Threat Management Agent for Windows relies on an inherently dangerous function that could enable an unprivileged local Windows user to run arbitrary code with SYSTEM privileges. All versions prior to 7.12.1 are affected. Agents for MacOS and Linux and Cloud are unaffected. Proofpoint has released fixed software version 7.12.1. The fixed software versions are available through the customer support portal.
.NET and Visual Studio Elevation of Privilege Vulnerability
upsMonitor in ViewPower (aka ViewPowerHTML) 1.04-21012 through 1.04-21353 has insecure permissions for the service binary that enable an Authenticated User to modify files, allowing for privilege escalation.
Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go.
The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Community Edition: versions 1.3.0 and below and TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Enterprise Edition: versions 1.3.0 and below.
The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.
The Windows Installation component of TIBCO Software Inc.'s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below.
A vulnerability, which was classified as problematic, was found in ShadeYouVPN.com Client 2.0.1.11. Affected is an unknown function. The manipulation leads to improper privilege management. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.1.12 is able to address this issue. It is recommended to upgrade the affected component.
Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendMessageTimeoutW API with arbitrary arguments via a local pipe, leading to a local privilege escalation vulnerability. An attacker who exploits this issue could execute arbitrary code on the local system.
Windows Kerberos Elevation of Privilege Vulnerability
The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Community Edition: versions 1.3.0 and below and TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Enterprise Edition: versions 1.3.0 and below.
Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
Improper access control in Microsoft Management Console allows an authorized attacker to elevate privileges locally.
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.