Month: March 2026

Improper restriction of names for files and other resources in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network. Continue reading CVE-2026-25177 Active Directory Domain Services Elevation of Privilege Vulnerability→

Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-24293 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability→

Out-of-bounds read in Windows NTFS allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-25175 Windows NTFS Elevation of Privilege Vulnerability→

Use after free in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-24292 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability→

Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. Continue reading CVE-2026-25173 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability→

Incorrect permission assignment for critical resource in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-24291 Windows Accessibility Infrastructure (ATBroker.exe) Elevation of Privilege Vulnerability→

Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-25171 Windows Authentication Elevation of Privilege Vulnerability→

Improper access control in Windows Projected File System allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-24290 Windows Projected File System Elevation of Privilege Vulnerability→