Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-41121

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-13 Dec, 2022 | 00:00
Updated At-22 Jul, 2025 | 17:49
Rejected At-
Credits

Windows Graphics Component Elevation of Privilege Vulnerability

Windows Graphics Component Elevation of Privilege Vulnerability

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:13 Dec, 2022 | 00:00
Updated At:22 Jul, 2025 | 17:49
Rejected At:
â–¼CVE Numbering Authority (CNA)
Windows Graphics Component Elevation of Privilege Vulnerability

Windows Graphics Component Elevation of Privilege Vulnerability

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 1809
Platforms
  • 32-bit Systems
  • x64-based Systems
Versions
Affected
  • From 10.0.17763.0 before 10.0.17763.3770 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 1809
Platforms
  • ARM64-based Systems
Versions
Affected
  • From 10.0.0 before 10.0.17763.3770 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2019
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.17763.0 before 10.0.17763.3770 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2019 (Server Core installation)
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.17763.0 before 10.0.17763.3770 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 21H1
Platforms
  • x64-based Systems
  • ARM64-based Systems
  • 32-bit Systems
Versions
Affected
  • From 10.0.0 before 10.0.19043.2364 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2022
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.20348.0 before 10.0.20348.1366 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 20H2
Platforms
  • 32-bit Systems
  • ARM64-based Systems
Versions
Affected
  • From 10.0.0 before 10.0.19042.2364 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 11 version 21H2
Platforms
  • x64-based Systems
  • ARM64-based Systems
Versions
Affected
  • From 10.0.22000.0 before 10.0.22000.1335 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 21H2
Platforms
  • 32-bit Systems
  • ARM64-based Systems
  • x64-based Systems
Versions
Affected
  • From 10.0.19044.0 before 10.0.19044.2364 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 11 version 22H2
Platforms
  • ARM64-based Systems
  • x64-based Systems
Versions
Affected
  • From 10.0.22621.0 before 10.0.22621.993 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 22H2
Platforms
  • x64-based Systems
  • ARM64-based Systems
  • 32-bit Systems
Versions
Affected
  • From 10.0.19045.0 before 10.0.19045.2364 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 1507
Platforms
  • 32-bit Systems
  • x64-based Systems
Versions
Affected
  • From 10.0.10240.0 before 10.0.10240.19624 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 1607
Platforms
  • 32-bit Systems
  • x64-based Systems
Versions
Affected
  • From 10.0.14393.0 before 10.0.14393.5582 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2016
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.14393.0 before 10.0.14393.5582 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2016 (Server Core installation)
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.14393.0 before 10.0.14393.5582 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 7
Platforms
  • 32-bit Systems
Versions
Affected
  • From 6.1.0 before 6.1.7601.26266 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 7 Service Pack 1
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.1.0 before 6.1.7601.26266 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 8.1
Platforms
  • 32-bit Systems
  • x64-based Systems
  • ARM64-based Systems
Versions
Affected
  • From 6.3.0 before 6.3.9600.20721 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2008 Service Pack 2
Platforms
  • 32-bit Systems
Versions
Affected
  • From 6.0.6003.0 before 6.0.6003.21815 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2008 Service Pack 2 (Server Core installation)
Platforms
  • 32-bit Systems
  • x64-based Systems
Versions
Affected
  • From 6.0.6003.0 before 6.0.6003.21815 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2008 Service Pack 2
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.0.6003.0 before 6.0.6003.21815 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2008 R2 Service Pack 1
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.1.7601.0 before 6.1.7601.26266 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2008 R2 Service Pack 1 (Server Core installation)
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.1.7601.0 before 6.1.7601.26266 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2012
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.2.9200.0 before 6.2.9200.24018 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2012 (Server Core installation)
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.2.9200.0 before 6.2.9200.24018 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2012 R2
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.3.9600.0 before 6.3.9600.20721 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2012 R2 (Server Core installation)
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.3.9600.0 before 6.3.9600.20721 (custom)
Problem Types
TypeCWE IDDescription
ImpactN/AElevation of Privilege
Type: Impact
CWE ID: N/A
Description: Elevation of Privilege
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41121
vendor-advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41121
Resource:
vendor-advisory
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41121
x_transferred
Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41121
Resource:
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:13 Dec, 2022 | 19:15
Updated At:07 Jul, 2025 | 18:15

Windows Graphics Component Elevation of Privilege Vulnerability

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Microsoft Corporation
microsoft
>>powershell>>7.2
cpe:2.3:a:microsoft:powershell:7.2:-:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>powershell>>7.3
cpe:2.3:a:microsoft:powershell:7.3:-:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>remote_desktop_client>>-
cpe:2.3:a:microsoft:remote_desktop_client:-:*:*:*:*:windows:*:*
Microsoft Corporation
microsoft
>>windows_10>>-
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>20h2
cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>21h1
cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>21h2
cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>22h2
cpe:2.3:o:microsoft:windows_10:22h2:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>1607
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>1809
cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_11>>-
cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*
Microsoft Corporation
microsoft
>>windows_11>>-
cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_7>>-
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_8.1>>-
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_rt_8.1>>-
cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2008>>-
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2008>>r2
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_server_2012>>-
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2012>>r2
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2016>>-
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2019>>-
cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2022>>-
cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2022>>-
cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:azure:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41121secure@microsoft.com
N/A
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41121af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41121
Source: secure@microsoft.com
Resource: N/A
Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41121
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

2128Records found
CVE-2020-24367
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.87%
||
7 Day CHG~0.00%
Published-10 Nov, 2020 | 20:43
Updated-04 Aug, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect file permissions in BlueStacks 4 through 4.230 on Windows allow a local attacker to escalate privileges by modifying a file that is later executed by a higher-privileged user.

Action-Not Available
Vendor-bluestacksn/aMicrosoft Corporation
Product-windowsbluestacksn/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2025-23315
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.70%
||
7 Day CHG+0.01%
Published-26 Aug, 2025 | 18:30
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA NeMo Framework for all platforms contains a vulnerability in the export and deploy component, where malicious data created by an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-Apple Inc.NVIDIA CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-nemolinux_kernelmacoswindowsNeMo Framework
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-29801
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.56% / 68.59%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:24
Updated-13 Feb, 2026 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

Incorrect default permissions in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-autoupdateMicrosoft AutoUpdate for Mac
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-24425
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-0.23% / 46.06%
||
7 Day CHG~0.00%
Published-21 Oct, 2020 | 20:07
Updated-16 Sep, 2024 | 23:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege escalation vulnerability in Dreamweaver version 20.2

Dreamweaver version 20.2 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. Successful exploitation could result in a local user with permissions to write to the file system running system commands with administrator privileges.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsmacosdreamweaverDreamweaver
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2026-32077
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.35%
||
7 Day CHG~0.00%
Published-14 Apr, 2026 | 16:58
Updated-12 May, 2026 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows UPnP Device Host Elevation of Privilege Vulnerability

Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_22h2windows_10_21h2windows_10_1809windows_11_25h2windows_server_2022windows_server_2025windows_10_1607windows_server_2019windows_11_26h1windows_11_24h2windows_server_2022_23h2windows_server_2016windows_11_23h2windows_server_2012Windows Server 2019Windows 11 version 26H1Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H3Windows Server 2012Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025 (Server Core installation)Windows 11 Version 25H2Windows 10 Version 22H2Windows 10 Version 21H2Windows Server 2016Windows 11 Version 24H2Windows Server 2012 R2Windows Server 2019 (Server Core installation)Windows Server 2025Windows Server 2022Windows Server 2012 (Server Core installation)Windows 11 Version 23H2Windows Server 2016 (Server Core installation)Windows 10 Version 1607
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2020-24557
Matching Score-8
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-8
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-1.88% / 83.33%
||
7 Day CHG~0.00%
Published-01 Sep, 2020 | 18:55
Updated-31 Oct, 2025 | 14:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function and attain privilege escalation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-windowsworry-free_business_securityapex_oneTrend Micro Apex OneTrend Micro Worry-Free Business Security Apex One, OfficeScan, and Worry-Free Business Security
CVE-2025-23304
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.45% / 63.95%
||
7 Day CHG~0.00%
Published-13 Aug, 2025 | 17:16
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA NeMo library for all platforms contains a vulnerability in the model loading component, where an attacker could cause code injection by loading .nemo files with maliciously crafted metadata. A successful exploit of this vulnerability may lead to remote code execution and data tampering.

Action-Not Available
Vendor-Apple Inc.NVIDIA CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-nemolinux_kernelmacoswindowsNVIDIA NeMo Framework
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2020-24562
Matching Score-8
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-8
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.21% / 43.64%
||
7 Day CHG~0.00%
Published-28 Sep, 2020 | 23:30
Updated-04 Aug, 2024 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This CVE is similar, but not identical to CVE-2020-24556.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-windowsofficescanTrend Micro OfficeScan
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2026-31994
Matching Score-8
Assigner-VulnCheck
ShareView Details
Matching Score-8
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.06% / 19.22%
||
7 Day CHG~0.00%
Published-19 Mar, 2026 | 01:00
Updated-19 Mar, 2026 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.2.19 - Local Command Injection via Unsafe cmd Argument Handling in Windows Scheduled Task Script Generation

OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. Local attackers with control over service script generation arguments can inject arbitrary commands by providing metacharacter-only values or CR/LF sequences that execute unintended code in the scheduled task context.

Action-Not Available
Vendor-Microsoft CorporationOpenClaw
Product-openclawwindowsOpenClaw
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-32074
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.35%
||
7 Day CHG~0.00%
Published-14 Apr, 2026 | 16:58
Updated-12 May, 2026 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Projected File System Elevation of Privilege Vulnerability

Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_22h2windows_10_21h2windows_10_1809windows_11_25h2windows_server_2022windows_server_2025windows_server_2019windows_11_26h1windows_11_24h2windows_server_2022_23h2windows_11_23h2Windows 11 Version 24H2Windows Server 2019Windows 11 Version 25H2Windows 11 version 26H1Windows 10 Version 1809Windows Server 2019 (Server Core installation)Windows Server 2025Windows Server 2022Windows 11 version 22H3Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 22H2Windows 10 Version 21H2
CWE ID-CWE-415
Double Free
CVE-2026-32222
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.35%
||
7 Day CHG~0.00%
Published-14 Apr, 2026 | 16:57
Updated-12 May, 2026 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Win32k Elevation of Privilege Vulnerability

Untrusted pointer dereference in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_11_26h1windows_11_25h2windows_server_2025Windows 11 Version 24H2Windows 11 version 26H1Windows Server 2025Windows Server 2025 (Server Core installation)Windows 11 Version 25H2
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2022-33675
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.38% / 59.47%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 22:38
Updated-08 Jul, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Site Recovery Elevation of Privilege Vulnerability

Azure Site Recovery Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_site_recovery_vmware_to_azureAzure Site Recovery VMWare to Azure
CVE-2026-32167
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 18.44%
||
7 Day CHG~0.00%
Published-14 Apr, 2026 | 16:57
Updated-12 May, 2026 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Server Elevation of Privilege Vulnerability

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_2025sql_server_2022sql_server_2016sql_server_2019sql_server_2017Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature PackMicrosoft SQL Server 2017 (CU 31)Microsoft SQL Server 2022 for x64-based Systems (CU 24)Microsoft SQL Server 2017 (GDR)Microsoft SQL Server 2019 (GDR)Microsoft SQL Server 2022 (GDR)Microsoft SQL Server 2025 for x64-based Systems (GDR)Microsoft SQL Server 2025 (CU 3)Microsoft SQL Server 2016 Service Pack 3 (GDR)Microsoft SQL Server 2019 (CU 32)
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-23303
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-2.17% / 84.50%
||
7 Day CHG~0.00%
Published-13 Aug, 2025 | 17:15
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA NeMo Framework for all platforms contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering.

Action-Not Available
Vendor-Apple Inc.NVIDIA CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-nemolinux_kernelmacoswindowsNVIDIA NeMo Framework
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-24556
Matching Score-8
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-8
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.17% / 37.88%
||
7 Day CHG~0.00%
Published-01 Sep, 2020 | 18:55
Updated-04 Aug, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationTrend Micro Incorporated
Product-worry-free_business_security_servicesworry-free_business_securityapex_onewindowsmacosTrend Micro Apex OneTrend Micro OfficeScanTrend Micro Worry-Free Business Security
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2026-20832
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.63%
||
7 Day CHG+0.01%
Published-13 Jan, 2026 | 17:56
Updated-01 Apr, 2026 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerability

Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10_21h2windows_10_22h2windows_server_2022_23h2windows_server_2025windows_10_1809windows_server_2022windows_11_24h2windows_10_1607windows_server_2019windows_11_23h2windows_11_25h2Windows Server 2025Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 24H2Windows 10 Version 21H2Windows Server 2019 (Server Core installation)Windows 11 version 22H3Windows Server 2022Windows 10 Version 22H2Windows 11 Version 25H2Windows Server 2025 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows 11 Version 23H2Windows Server 2016 (Server Core installation)Windows Server 2019Windows 10 Version 1809
CWE ID-CWE-415
Double Free
CVE-2026-21533
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-20.20% / 95.57%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 17:51
Updated-11 May, 2026 | 21:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2026-03-03||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Windows Remote Desktop Services Elevation of Privilege Vulnerability

Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_23h2windows_server_2022_23h2windows_10_22h2windows_10_1607windows_server_2016windows_server_2025windows_server_2012windows_server_2022windows_server_2019windows_10_21h2windows_10_1809windows_11_24h2windows_11_25h2Windows 11 Version 26H1Windows Server 2019Windows 11 version 26H1Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H3Windows Server 2012Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025 (Server Core installation)Windows 11 Version 25H2Windows 10 Version 22H2Windows 10 Version 21H2Windows Server 2016Windows 11 Version 24H2Windows Server 2012 R2Windows Server 2019 (Server Core installation)Windows Server 2025Windows Server 2022Windows Server 2012 (Server Core installation)Windows 11 Version 23H2Windows Server 2016 (Server Core installation)Windows 10 Version 1607Windows
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-24682
Matching Score-8
Assigner-Asea Brown Boveri Ltd. (ABB)
ShareView Details
Matching Score-8
Assigner-Asea Brown Boveri Ltd. (ABB)
CVSS Score-7.2||HIGH
EPSS-0.05% / 15.10%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 07:11
Updated-17 Jun, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Automation Studio and PVI Multiple unquoted service path vulnerabilities

Unquoted Search Path or Element vulnerability in B&R Industrial Automation Automation Studio, B&R Industrial Automation NET/PVI allows Target Programs with Elevated Privileges.This issue affects Automation Studio: from 4.0 through 4.6, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP; NET/PVI: from 4.0 through 4.6, from 4.7.0 before 4.7.7, from 4.8.0 before 4.8.6, from 4.9.0 before 4.9.4.

Action-Not Available
Vendor-B&R Industrial Automation GmbHMicrosoft Corporation
Product-windowsautomation_net\/pviautomation_studioNET/PVIAutomation Studio
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2026-20809
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.72%
||
7 Day CHG+0.01%
Published-13 Jan, 2026 | 17:56
Updated-01 Apr, 2026 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Memory Elevation of Privilege Vulnerability

Time-of-check time-of-use (toctou) race condition in Windows Kernel Memory allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10_21h2windows_10_22h2windows_server_2022_23h2windows_server_2025windows_10_1809windows_server_2022windows_11_24h2windows_10_1607windows_server_2019windows_11_23h2windows_11_25h2windows_server_2012Windows Server 2025Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 24H2Windows 10 Version 21H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019 (Server Core installation)Windows 11 version 22H3Windows Server 2012 R2Windows Server 2022Windows 10 Version 22H2Windows 11 Version 25H2Windows Server 2025 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows 11 Version 23H2Windows Server 2016 (Server Core installation)Windows Server 2019Windows 10 Version 1809
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2026-20864
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.64%
||
7 Day CHG+0.02%
Published-13 Jan, 2026 | 17:56
Updated-01 Apr, 2026 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Connected Devices Platform Service Elevation of Privilege Vulnerability

Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_22h2windows_server_2022_23h2windows_server_2025windows_10_1809windows_server_2022windows_11_24h2windows_server_2019windows_11_23h2windows_11_25h2Windows Server 2022Windows Server 2025Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025 (Server Core installation)Windows 11 Version 24H2Windows 10 Version 21H2Windows Server 2019 (Server Core installation)Windows 11 version 22H3Windows 11 Version 23H2Windows 10 Version 22H2Windows Server 2019Windows 11 Version 25H2Windows 10 Version 1809
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-21322
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.16% / 36.61%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:58
Updated-13 Feb, 2026 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft PC Manager Elevation of Privilege Vulnerability

Microsoft PC Manager Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-pc_managerMicrosoft PC Manager
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2026-20820
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.99%
||
7 Day CHG+0.01%
Published-13 Jan, 2026 | 17:56
Updated-01 Apr, 2026 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Common Log File System Driver Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10_21h2windows_10_22h2windows_server_2022_23h2windows_server_2025windows_10_1809windows_server_2022windows_11_24h2windows_10_1607windows_server_2019windows_server_2008windows_11_23h2windows_11_25h2windows_server_2012Windows Server 2012 (Server Core installation)Windows Server 2025Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows 11 Version 24H2Windows Server 2008 Service Pack 2Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2019 (Server Core installation)Windows 11 version 22H3Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2012 R2Windows 10 Version 22H2Windows Server 2022Windows Server 2012Windows 11 Version 25H2Windows Server 2025 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows 11 Version 23H2Windows Server 2016 (Server Core installation)Windows Server 2019Windows 10 Version 1809
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-21382
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.85% / 83.19%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-13 Feb, 2026 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Graphics Component Elevation of Privilege Vulnerability

Windows Graphics Component Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2025windows_10_21h2windows_11_23h2windows_server_2019windows_server_2022windows_10_22h2windows_11_22h2windows_10_1809windows_11_24h2Windows Server 2025Windows Server 2022Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows 11 Version 23H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows 11 version 22H2Windows 10 Version 21H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows 10 Version 22H2Windows Server 2019
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-21338
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.53% / 67.50%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-13 Feb, 2026 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GDI+ Remote Code Execution Vulnerability

GDI+ Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2025windows_server_2008windows_server_2019windows_10_1809windows_10_1607windows_server_2016windows_10_21h2windows_11_22h2windows_11_24h2windows_10_22h2windows_10_1507officewindows_server_2012windows_server_2022_23h2windows_server_2022windows_11_23h2Windows Server 2025Microsoft Office for iOSWindows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Microsoft Office LTSC for Mac 2024Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Microsoft Office for MacWindows 11 Version 24H2Microsoft Office for UniversalWindows 10 Version 1607Microsoft Office LTSC for Mac 2021Windows Server 2016Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Microsoft Office for AndroidWindows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-21204
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-7.25% / 91.71%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:23
Updated-13 Feb, 2026 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Process Activation Elevation of Privilege Vulnerability

Improper link resolution before file access ('link following') in Windows Update Stack allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_11_24h2windows_11_23h2windows_server_2019windows_server_2022windows_10_22h2windows_server_2016windows_server_2025windows_11_22h2windows_server_2022_23h2windows_10_1507windows_10_1809windows_10_1607windows_server_2012windows_10_21h2Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2025-21271
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.28% / 51.23%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:03
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_22h2windows_server_2019windows_server_2022windows_10_1809windows_10_21h2Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1809
CWE ID-CWE-126
Buffer Over-read
CVE-2025-21367
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.29%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:58
Updated-26 Feb, 2026 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows 11 version 22H2Windows 11 version 22H3Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2019Windows Server 2022Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows 11 Version 24H2Windows 10 Version 1809Windows Server 2025 (Server Core installation)
CWE ID-CWE-416
Use After Free
CVE-2026-21519
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-4.52% / 89.26%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 17:51
Updated-11 May, 2026 | 21:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2026-03-03||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Desktop Window Manager Elevation of Privilege Vulnerability

Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_server_2016windows_10_22h2windows_11_24h2windows_11_23h2windows_10_1809windows_server_2022windows_server_2025windows_11_25h2windows_server_2022_23h2windows_10_1607windows_server_2019Windows 11 Version 26H1Windows Server 2019Windows 11 version 26H1Windows 10 Version 1809Windows 11 version 22H3Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025 (Server Core installation)Windows 11 Version 25H2Windows 10 Version 22H2Windows 10 Version 21H2Windows Server 2016Windows 11 Version 24H2Windows Server 2019 (Server Core installation)Windows Server 2025Windows Server 2022Windows Server 2016 (Server Core installation)Windows 10 Version 1607Windows 11 Version 23H2Windows
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2025-21235
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.30% / 53.35%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:03
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability

Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_11_22h2windows_server_2022windows_server_2022_23h2windows_10_21h2windows_10_22h2windows_server_2025windows_11_23h2Windows 10 Version 21H2Windows 11 version 22H2Windows 11 version 22H3Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2022Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows 11 Version 24H2Windows Server 2025 (Server Core installation)
CWE ID-CWE-20
Improper Input Validation
CVE-2025-21360
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.22% / 44.17%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-13 Feb, 2026 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-autoupdateMicrosoft AutoUpdate for Mac
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-21335
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-7.65% / 91.97%
||
7 Day CHG-1.07%
Published-14 Jan, 2025 | 18:04
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-02-04||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_22h2windows_10_21h2windows_11_24h2windows_11_23h2windows_10_22h2windows_server_2022_23h2windows_server_2025Windows 10 Version 21H2Windows 11 version 22H2Windows 11 version 22H3Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows
CWE ID-CWE-416
Use After Free
CVE-2025-21420
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-38.22% / 97.28%
||
7 Day CHG-3.25%
Published-11 Feb, 2025 | 17:58
Updated-13 Feb, 2026 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Disk Cleanup Tool Elevation of Privilege Vulnerability

Windows Disk Cleanup Tool Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2025windows_10_1507windows_10_21h2windows_server_2022windows_10_1809windows_11_22h2windows_server_2016windows_server_2012windows_10_1607windows_server_2019windows_10_22h2windows_11_23h2windows_11_24h2Windows Server 2025Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2025-21358
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.82%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:58
Updated-13 Feb, 2026 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Core Messaging Elevation of Privileges Vulnerability

Windows Core Messaging Elevation of Privileges Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-Windows Server 2025Windows 11 Version 23H2Windows 10 Version 1809Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows 11 version 22H2
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2025-21334
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-5.80% / 90.61%
||
7 Day CHG-0.83%
Published-14 Jan, 2025 | 18:04
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-02-04||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_22h2windows_10_21h2windows_11_24h2windows_11_23h2windows_10_22h2windows_server_2022_23h2windows_server_2025Windows 10 Version 21H2Windows 11 version 22H2Windows 11 version 22H3Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows
CWE ID-CWE-416
Use After Free
CVE-2025-21333
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-82.28% / 99.24%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-02-04||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_22h2windows_10_21h2windows_11_24h2windows_11_23h2windows_10_22h2windows_server_2022_23h2windows_server_2025Windows 10 Version 21H2Windows 11 version 22H2Windows 11 version 22H3Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-21246
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.79%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 17:51
Updated-11 May, 2026 | 21:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Graphics Component Elevation of Privilege Vulnerability

Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_server_2016windows_10_22h2windows_server_2012windows_11_24h2windows_11_23h2windows_10_1809windows_server_2022windows_server_2025windows_11_25h2windows_server_2022_23h2windows_10_1607windows_server_2019Windows Server 2019Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H3Windows Server 2012Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025 (Server Core installation)Windows 11 Version 25H2Windows 10 Version 22H2Windows 10 Version 21H2Windows Server 2016Windows 11 Version 24H2Windows Server 2012 R2Windows Server 2019 (Server Core installation)Windows Server 2025Windows Server 2022Windows Server 2012 (Server Core installation)Windows 11 Version 23H2Windows Server 2016 (Server Core installation)Windows 10 Version 1607
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-20860
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.47% / 64.81%
||
7 Day CHG+0.15%
Published-13 Jan, 2026 | 17:56
Updated-01 Apr, 2026 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10_21h2windows_10_22h2windows_server_2022_23h2windows_server_2025windows_10_1809windows_server_2022windows_11_24h2windows_10_1607windows_server_2019windows_server_2008windows_11_23h2windows_11_25h2windows_server_2012Windows Server 2012 (Server Core installation)Windows Server 2025Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows 11 Version 24H2Windows Server 2008 Service Pack 2Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2019 (Server Core installation)Windows 11 version 22H3Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2012 R2Windows 10 Version 22H2Windows Server 2022Windows Server 2012Windows 11 Version 25H2Windows Server 2025 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows 11 Version 23H2Windows Server 2016 (Server Core installation)Windows Server 2019Windows 10 Version 1809
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2025-21299
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.1||HIGH
EPSS-0.64% / 70.72%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:03
Updated-13 Feb, 2026 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kerberos Security Feature Bypass Vulnerability

Windows Kerberos Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_10_1809windows_11_24h2windows_11_22h2windows_server_2016windows_server_2022windows_server_2022_23h2windows_10_21h2windows_10_1507windows_server_2019windows_10_22h2windows_server_2025windows_11_23h2Windows Server 2025Windows 11 Version 23H2Windows 10 Version 1809Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows 11 version 22H2
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2025-21107
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.66%
||
7 Day CHG~0.00%
Published-30 Jan, 2025 | 09:15
Updated-07 Feb, 2025 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell NetWorker, version(s) prior to 19.11.0.3, all versions of 19.10 & prior versions contain(s) an Unquoted Search Path or Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationDell Inc.
Product-linux_kernelwindowsnetworkerNetWorker
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2025-21304
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.28% / 51.23%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:03
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft DWM Core Library Elevation of Privilege Vulnerability

Microsoft DWM Core Library Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_10_1809windows_server_2016windows_10_21h2windows_server_2019windows_10_22h2Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 22H2Windows 10 Version 1607Windows Server 2019Windows Server 2016 (Server Core installation)Windows Server 2016Windows 10 Version 1809
CWE ID-CWE-416
Use After Free
CVE-2025-21375
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.16% / 36.83%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:58
Updated-13 Feb, 2026 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_10_1809windows_10_22h2windows_10_21h2windows_server_2022_23h2windows_11_22h2windows_11_23h2windows_10_1607windows_11_24h2windows_server_2025windows_server_2022windows_10_1507windows_server_2019windows_server_2008windows_server_2016Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-20
Improper Input Validation
CVE-2025-21370
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.59% / 69.47%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-13 Feb, 2026 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability

Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_23h2windows_11_22h2windows_11_24h2Windows 11 version 22H2Windows 11 Version 23H2Windows 11 version 22H3Windows 11 Version 24H2
CWE ID-CWE-20
Improper Input Validation
CVE-2025-21373
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.16% / 36.81%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:58
Updated-13 Feb, 2026 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Installer Elevation of Privilege Vulnerability

Windows Installer Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_10_1809windows_10_22h2windows_10_21h2windows_server_2022_23h2windows_11_22h2windows_11_23h2windows_10_1607windows_11_24h2windows_server_2025windows_server_2022windows_10_1507windows_server_2019windows_server_2008windows_server_2016Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2025-21275
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.16% / 36.39%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-13 Feb, 2026 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows App Package Installer Elevation of Privilege Vulnerability

Windows App Package Installer Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_22h2windows_11_23h2windows_server_2022windows_11_24h2windows_server_2025windows_11_22h2windows_10_21h2windows_server_2022_23h2Windows Server 2025Windows Server 2022Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows 11 Version 23H2Windows 11 version 22H2Windows 10 Version 21H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows 10 Version 22H2
CWE ID-CWE-285
Improper Authorization
CVE-2025-21234
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.41% / 61.75%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:03
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability

Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_11_22h2windows_server_2022windows_server_2022_23h2windows_10_21h2windows_10_22h2windows_server_2025windows_11_23h2Windows 10 Version 21H2Windows 11 version 22H2Windows 11 version 22H3Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2022Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows 11 Version 24H2Windows Server 2025 (Server Core installation)
CWE ID-CWE-20
Improper Input Validation
CVE-2025-21281
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.28% / 51.23%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:03
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft COM for Windows Elevation of Privilege Vulnerability

Microsoft COM for Windows Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10_1507windows_10_22h2windows_10_1607windows_11_23h2windows_server_2019windows_server_2022windows_10_1809windows_11_24h2windows_server_2025windows_11_22h2windows_server_2012windows_10_21h2windows_server_2022_23h2Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2012Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2012 R2Windows Server 2025 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows 11 version 22H3Windows Server 2019Windows 10 Version 1607Windows Server 2022Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2025Windows Server 2016 (Server Core installation)Windows 11 Version 24H2Windows Server 2016Windows 10 Version 1809
CWE ID-CWE-416
Use After Free
CVE-2025-21418
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-13.27% / 94.24%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:58
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-03-04||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_22h2windows_server_2012windows_server_2008windows_10_21h2windows_11_23h2windows_11_24h2windows_server_2022windows_10_1607windows_10_22h2windows_server_2022_23h2windows_10_1809windows_server_2025windows_server_2019windows_server_2016Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2012Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2025 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2016Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows 11 version 22H3Windows Server 2019Windows 10 Version 1607Windows Server 2022Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2025Windows Server 2016 (Server Core installation)Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809Windows
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-21378
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.46% / 64.47%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-13 Feb, 2026 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows CSC Service Elevation of Privilege Vulnerability

Windows CSC Service Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2022_23h2windows_server_2025windows_10_21h2windows_11_23h2windows_server_2019windows_10_1507windows_server_2022windows_10_1607windows_10_22h2windows_11_22h2windows_server_2012windows_10_1809windows_11_24h2Windows Server 2025Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-21359
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.18%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:58
Updated-26 Feb, 2026 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Security Feature Bypass Vulnerability

Windows Kernel Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2012Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2025 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2016Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows 11 version 22H3Windows Server 2019Windows 10 Version 1607Windows Server 2022Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2025Windows Server 2016 (Server Core installation)Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809
CWE ID-CWE-284
Improper Access Control
CVE-2026-20920
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.64%
||
7 Day CHG+0.02%
Published-13 Jan, 2026 | 17:56
Updated-01 Apr, 2026 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Win32k Elevation of Privilege Vulnerability

Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_11_23h2windows_server_2022Windows Server 2022Windows 11 version 22H3Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 23H2
CWE ID-CWE-416
Use After Free
  • Previous
  • 1
  • 2
  • ...
  • 6
  • 7
  • 8
  • ...
  • 42
  • 43
  • Next
Details not found