CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
A race condition in Windows Push Notifications allows for concurrent execution using shared resources with improper synchronization. This enables an authorized attacker to elevate privileges locally.
A race condition in Windows Push Notifications allows for concurrent execution using shared resources with improper synchronization. This enables an authorized attacker to elevate privileges locally.
An integer overflow or wraparound vulnerability exists in the Windows Performance Monitor component. It allows an unauthenticated attacker to execute code remotely over the network.
An integer overflow or wraparound vulnerability in the Windows NT OS Kernel allows an authenticated attacker to elevate privileges locally.
A race condition in the Remote Desktop Client due to improper synchronization of shared resources allows an unauthorized attacker to execute code over the network.
In Windows Telephony Service, there is a concurrent execution issue using shared resources with improper synchronization, leading to a race condition. This allows an authorized attacker to elevate privileges locally.
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
An out-of-bounds write in Windows Hotpatch Monitoring Service allows an authorized attacker to elevate privileges locally.
A race condition vulnerability exists in the Remote Desktop Client due to improper synchronization of shared resources. This allows an unauthorized attacker to execute code remotely over a network.
An out-of-bounds read vulnerability in Windows RDP allows an unauthorized attacker to disclose information over a network.
A use after free vulnerability in the Windows DWM Core Library allows an authorized attacker to locally elevate privileges.
Improper authorization in Microsoft PowerToys allows an authorized attacker to elevate privileges locally.
An out-of-bounds read vulnerability in the Windows Projected File System Filter Driver allows an authenticated attacker to elevate privileges locally. This flaw can be exploited to gain higher-level access on the affected system.
A race condition in Function Discovery Service (fdwsd.dll) allows an authorized attacker to locally elevate privileges due to improper synchronization during concurrent execution using shared resources.
Microsoft Teams for Android has improper neutralization of special elements in output, allowing an authorized attacker to disclose information over a network.
Improper access control in Windows Administrator Protection allows an authorized attacker to bypass a security feature locally.
Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.
The vulnerability occurs when partial-chain certificate verification is enabled along with OCSP response checking for the entire chain. If there is no self-signed trusted anchor, a NULL pointer dereference occurs, crashing the process.
Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled, leading to abnormal termination of the server process and Denial of Service.
The Svelte devalue library in versions 5.6.3 through 5.8.0 contains a vulnerability that causes excessive memory consumption when deserializing sparse arrays. This is due to quirks in some JavaScript engines that may allocate more memory than needed.

