Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-50687 (GCVE-0-2026-50687)
Vulnerability from cvelistv5 – Published: 2026-07-14 17:08 – Updated: 2026-07-14 19:40- CWE-416 - Use After Free
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 11 Version 24H2 |
Affected:
10.0.26100.0 , < 10.0.26100.8875
(custom)
|
|
| Microsoft | Windows 11 Version 25H2 |
Affected:
10.0.26200.0 , < 10.0.26200.8875
(custom)
|
|
| Microsoft | Windows 11 version 26H1 |
Affected:
10.0.28000.0 , < 10.0.28000.2269
(custom)
|
|
| Microsoft | Windows Server 2025 |
Affected:
10.0.26100.0 , < 10.0.26100.33158
(custom)
|
|
| Microsoft | Windows Server 2025 (Server Core installation) |
Affected:
10.0.26100.0 , < 10.0.26100.33158
(custom)
|
{
"containers": {
"cna": {
"affected": [
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 24H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.8875",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 25H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26200.8875",
"status": "affected",
"version": "10.0.26200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 26H1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.28000.2269",
"status": "affected",
"version": "10.0.28000.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.33158",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.33158",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.33158",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26200.8875",
"versionStartIncluding": "10.0.26200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26100.8875",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.33158",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.28000.2269",
"versionStartIncluding": "10.0.28000.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-07-14T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T19:40:29.315Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Windows Win32k Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50687"
}
],
"title": "Windows Win32k Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-50687",
"datePublished": "2026-07-14T17:08:23.121Z",
"dateReserved": "2026-06-05T14:35:07.080Z",
"dateUpdated": "2026-07-14T19:40:29.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-50687\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2026-07-14T18:18:04.310\",\"lastModified\":\"2026-07-14T20:35:12.370\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.\"}],\"affected\":[{\"source\":\"secure@microsoft.com\",\"affectedData\":[{\"vendor\":\"Microsoft\",\"product\":\"Windows 11 Version 24H2\",\"platforms\":[\"ARM64-based Systems\",\"x64-based Systems\"],\"versions\":[{\"version\":\"10.0.26100.0\",\"lessThan\":\"10.0.26100.8875\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Microsoft\",\"product\":\"Windows 11 Version 25H2\",\"platforms\":[\"ARM64-based Systems\",\"x64-based Systems\"],\"versions\":[{\"version\":\"10.0.26200.0\",\"lessThan\":\"10.0.26200.8875\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Microsoft\",\"product\":\"Windows 11 version 26H1\",\"platforms\":[\"ARM64-based Systems\",\"x64-based Systems\"],\"versions\":[{\"version\":\"10.0.28000.0\",\"lessThan\":\"10.0.28000.2269\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Microsoft\",\"product\":\"Windows Server 2025\",\"platforms\":[\"x64-based Systems\"],\"versions\":[{\"version\":\"10.0.26100.0\",\"lessThan\":\"10.0.26100.33158\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Microsoft\",\"product\":\"Windows Server 2025 (Server Core installation)\",\"platforms\":[\"x64-based Systems\"],\"versions\":[{\"version\":\"10.0.26100.0\",\"lessThan\":\"10.0.26100.33158\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.0,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50687\",\"source\":\"secure@microsoft.com\"}]}}"
}
}
FKIE_CVE-2026-50687
Vulnerability from fkie_nvd - Published: 2026-07-14 18:18 - Updated: 2026-07-14 20:35| Vendor | Product | Version |
|---|
{
"affected": [
{
"affectedData": [
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 24H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.8875",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 25H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26200.8875",
"status": "affected",
"version": "10.0.26200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 26H1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.28000.2269",
"status": "affected",
"version": "10.0.28000.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.33158",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.33158",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
}
],
"source": "secure@microsoft.com"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally."
}
],
"id": "CVE-2026-50687",
"lastModified": "2026-07-14T20:35:12.370",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2026-07-14T18:18:04.310",
"references": [
{
"source": "secure@microsoft.com",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50687"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
GHSA-4PVM-WG2G-H8CW
Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2026-50687"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T18:18:04Z",
"severity": "HIGH"
},
"details": "Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-4pvm-wg2g-h8cw",
"modified": "2026-07-14T18:32:30Z",
"published": "2026-07-14T18:32:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50687"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50687"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
NCSC-2026-0231
Vulnerability from csaf_ncscnl - Published: 2026-07-14 18:13 - Updated: 2026-07-14 18:13A heap-based buffer overflow vulnerability in the Windows DHCP Server allows unauthorized remote code execution, posing a critical security risk.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An infinite loop vulnerability in Active Directory Federation Services (AD FS) allows unauthorized attackers to cause a denial of service over a network, impacting service availability.
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in Windows Media allows attackers to execute unauthorized local code by exploiting memory management flaws.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A vulnerability in Windows BitLocker allows an attacker with physical access to bypass its encryption protection mechanism, potentially exposing sensitive data.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges remotely over a network.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A race condition in Windows NTFS caused by improper synchronization of shared resource access enables a local authorized attacker to elevate privileges.
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in Windows NTFS allows unauthorized attackers to perform physical attacks and elevate privileges, posing significant security risks.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A race condition vulnerability in the Windows Telephony Service caused by improper synchronization of shared resources enables an authorized local attacker to elevate privileges.
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An out-of-bounds read vulnerability in the Windows Kernel allows an authorized local attacker to elevate privileges by exploiting improper memory access.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows NTFS file system allows an authorized local attacker to elevate privileges by exploiting improper memory handling.
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A null pointer dereference vulnerability in the Windows Kernel allows an authorized local attacker to elevate privileges by exploiting improper handling of kernel memory references.
CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An integer overflow vulnerability in Windows Active Directory allows an authorized local attacker to elevate privileges by exploiting improper input validation.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An authorized attacker can exploit improper input neutralization in Active Directory Federation Services (AD FS) to conduct cross-site scripting and network spoofing attacks, compromising security within affected environments.
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows Kernel allows an authorized local attacker to elevate privileges by exploiting improper memory management.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in Windows Hyper-V allows an authorized local attacker to escalate privileges by exploiting memory corruption.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A vulnerability in Windows Cryptographic Services allows an authorized local attacker to disclose sensitive information, potentially compromising system confidentiality.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An improper authorization vulnerability in Active Directory Certificate Services (AD CS) allows an authorized attacker to escalate privileges across a network, potentially compromising domain-wide security.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A double free vulnerability in the Windows DHCP Server allows an authorized attacker to remotely execute code over a network, posing a critical security risk.
CWE-415 - Double Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in the Windows DHCP Server allows an authorized attacker on an adjacent network to escalate privileges, posing a significant security risk.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A type confusion vulnerability in Windows Object Linking and Embedding (OLE) allows remote attackers to execute arbitrary code over a network, posing a significant security risk.
CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows Clipboard Server allows an authorized local attacker to elevate privileges by exploiting improper memory handling.
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A race condition in Windows Runtime caused by improper synchronization of shared resources allows a local authorized attacker to elevate privileges.
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An uninitialized resource vulnerability in Windows SMB allows an authorized local attacker to disclose sensitive information by exploiting improper resource handling.
CWE-908 - Use of Uninitialized Resource| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in Desktop Window Manager allows an authorized local attacker to elevate privileges by exploiting memory corruption.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows DHCP Client allows an attacker to execute unauthorized local code, posing a significant security risk.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An out-of-bounds read vulnerability in Windows Remote Desktop Protocol (RDP) allows unauthorized attackers to disclose sensitive information over a network.
CWE-125 - Out-of-bounds Read| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in the Windows DHCP Server allows unauthorized remote code execution, posing a critical security risk.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in Microsoft XML Core Services allows an authorized local attacker to elevate privileges by exploiting memory management flaws.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in Windows WebView allows an authorized local attacker to elevate privileges by exploiting improper memory handling.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An out-of-bounds read vulnerability in the Windows Win32K GRFX component allows an authorized local attacker to elevate privileges by exploiting improper memory access.
CWE-125 - Out-of-bounds Read| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in Windows NTFS allows an authorized local attacker to escalate privileges by exploiting memory corruption.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An integer overflow vulnerability in the Windows NTFS file system allows an authorized local attacker to escalate privileges by exploiting improper handling of integer values.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A vulnerability in Windows Remote Desktop Protocol (RDP) involving an uninitialized resource allows remote attackers to execute arbitrary code over a network.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An out-of-bounds read vulnerability in the Windows Schannel security package allows an authorized attacker to disclose sensitive information over a network.
CWE-125 - Out-of-bounds Read| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A race condition in the Windows Server Network driver caused by improper synchronization of shared resources enables unauthorized remote code execution.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in Microsoft Windows Media Foundation allows an attacker to execute unauthorized local code.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows Kernel allows an authorized local attacker to elevate privileges by exploiting improper memory management.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows Kernel allows an authorized local attacker to elevate privileges by exploiting improper memory management.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in the Windows Network File System allows an authorized attacker to remotely elevate privileges over a network, posing a significant security risk.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An integer overflow vulnerability in the Windows Remote Access Service Infrastructure allows an authorized attacker to remotely elevate privileges, posing a significant security risk.
CWE-190 - Integer Overflow or Wraparound| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A TOCTOU race condition vulnerability in the Windows Network File System allows an authorized remote attacker to elevate privileges by exploiting timing discrepancies in file system operations.
CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A race condition vulnerability in the Windows Network File System arises from improper synchronization of shared resources, allowing attackers to execute unauthorized remote code.
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An uninitialized resource vulnerability in the Microsoft Windows Codecs Library allows a local unauthorized attacker to disclose sensitive information.
CWE-908 - Use of Uninitialized Resource| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A vulnerability in Windows File Explorer involving an uninitialized resource can enable an unauthorized local attacker to disclose sensitive information.
CWE-908 - Use of Uninitialized Resource| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in the Windows Network File System allows an authorized local attacker to elevate privileges by exploiting memory corruption.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A vulnerability in the Windows Win32K component allows unauthorized local attackers to elevate privileges by exposing sensitive information, potentially compromising system security.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in the Windows Message Queuing Queue Manager allows an unauthorized local attacker to execute arbitrary code.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An integer overflow or wraparound vulnerability in the Windows Resilient File System (ReFS) allows an authorized attacker to execute code locally on affected systems.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An integer underflow vulnerability in the Reliable Multicast Transport Driver (RMCAST) allows unauthorized attackers to execute code over an adjacent network.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows Win32K component allows an authorized local attacker to elevate privileges on the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An infinite loop vulnerability in Windows Active Directory allows unauthorized attackers to cause a denial of service over a network by exploiting an unreachable exit condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use of uninitialized resource vulnerability in Windows SMB allows an authorized local attacker to disclose sensitive information.
CWE-908 - Use of Uninitialized Resource| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A race condition in Windows TCP/IP due to improper synchronization of shared resources allows unauthorized attackers to execute code over an adjacent network.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use of uninitialized resource vulnerability in Windows Remote Desktop Protocol (RDP) allows unauthorized attackers to disclose sensitive information over a network.
CWE-908 - Use of Uninitialized Resource| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Reliable Multicast Transport Driver (RMCAST) allows unauthorized remote code execution, posing a critical security risk.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in Windows GDI+ enables unauthorized local attackers to execute arbitrary code.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
Insufficient granularity of access control in Active Directory Federation Services (AD FS) allows an authorized attacker to locally elevate privileges within the system.
CWE-1220 - Insufficient Granularity of Access Control| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows Secure Socket Tunneling Protocol (SSTP) allows unauthorized remote code execution over a network.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An untrusted search path vulnerability in Microsoft XML allows an unauthorized attacker to bypass security features via a physical attack.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A null pointer dereference vulnerability in Active Directory Domain Services allows an authorized attacker to cause a denial of service over a network.
CWE-476 - NULL Pointer Dereference| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An out-of-bounds read vulnerability in Windows Remote Desktop Protocol (RDP) enables unauthorized attackers to disclose sensitive information over a network.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in Windows Storage allows an authorized local attacker to elevate privileges by exploiting improper memory handling.
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in the Virtual Hard Disk (VHD) Miniport Driver enables an authorized local attacker to elevate privileges on the affected system.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A race condition in Windows Print Spooler components allows authorized attackers to execute code remotely by exploiting improper synchronization during concurrent access to shared resources.
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An out-of-bounds read vulnerability in the Microsoft Graphics Component enables unauthorized local code execution by attackers.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in Microsoft Windows Media Foundation enables unauthorized local code execution by an attacker.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An out-of-bounds read vulnerability in the Windows Kernel allows an authorized local attacker to bypass a security feature.
CWE-125 - Out-of-bounds Read| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
Improper neutralization of special elements in Windows Narrator Braille commands enables an authorized attacker to locally elevate privileges.
CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in Windows NTFS allows an authorized local attacker to execute arbitrary code on the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A vulnerability in Windows File Explorer allows an authorized local attacker to expose sensitive information, potentially leading to unauthorized data disclosure.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An exposure of sensitive information vulnerability in the Windows Audio Service allows an authorized local attacker to disclose information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An uninitialized resource vulnerability in Windows File Explorer permits an authorized local attacker to disclose sensitive information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A vulnerability in Windows File Explorer allows an authorized local attacker to expose sensitive information, potentially leading to unauthorized data disclosure.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A relative path traversal vulnerability in Windows PowerShell enables an authorized attacker to execute arbitrary code remotely over a network.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A protection mechanism failure in the Windows Event Logging Service enables an authorized attacker to disclose information over a network, potentially exposing sensitive data.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A memory release vulnerability in Windows Cryptographic Services after its effective lifetime allows unauthorized attackers to cause a network denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A memory allocation vulnerability in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to cause a denial of service over a network by specifying an excessive size value.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in the Windows DHCP Server allows an authorized attacker to execute arbitrary code remotely over a network.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in Active Directory Domain Services enables an authorized attacker to execute arbitrary code remotely over a network.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An improper link resolution vulnerability in Universal Plug and Play (upnp.dll) allows an authorized local attacker to disclose sensitive information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An integer underflow vulnerability in the Windows DHCP Client allows unauthorized attackers to elevate privileges remotely over a network.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in Windows NTFS allows an unauthorized local attacker to execute arbitrary code on the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A race condition in the Windows Clipboard Server due to improper synchronization of shared resources allows an authorized local attacker to elevate privileges.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A security flaw in Windows Secure Boot's implementation allows an authorized local attacker to bypass a critical security feature, potentially compromising system integrity.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A vulnerability in Windows HTTP.sys allows unauthorized attackers to cause denial of service by allocating resources without limits or throttling over a network.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
HTTP/2's lack of resource allocation limits or throttling enables unauthorized attackers to perform denial-of-service attacks over a network by exhausting available resources.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A stack-based buffer overflow vulnerability in Windows NTFS allows an authorized local attacker to elevate privileges by exploiting the flaw.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
The Windows Universal Disk Format File System Driver (UDFS) contains an elevation of privilege vulnerability that could enable attackers to gain higher system privileges.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An improper link resolution vulnerability in Windows Routing and Remote Access Service (RRAS) enables an authorized local attacker to elevate privileges by exploiting link following before file access.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A numeric truncation error in the Windows Resilient File System (ReFS) enables an authorized attacker to execute code locally, posing a significant security risk.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in the Windows Resilient File System (ReFS) allows an authorized attacker to execute code locally on affected systems.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An out-of-bounds read vulnerability in the Windows USB Audio Class driver (usbaudio.sys) allows unauthorized attackers to disclose information via a physical attack.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in the Windows Graphics Device Interface (GDI) enables unauthorized local attackers to execute arbitrary code.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows Kernel allows an authorized local attacker to elevate privileges by exploiting improper memory management.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in Windows NTFS allows an unauthorized local attacker to execute arbitrary code on the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows Kernel allows unauthorized local privilege escalation, potentially enabling attackers to gain elevated system privileges.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An integer overflow vulnerability in Windows Storage Spaces Direct allows unauthorized attackers to execute code via physical access, posing a significant security risk.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An integer overflow vulnerability in the Windows Web Proxy Auto-Discovery Protocol (WPAD) enables an authorized local attacker to elevate privileges.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An uncontrolled resource consumption vulnerability in Windows LSASS allows an authorized attacker to cause a denial of service over a network, impacting system availability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An integer underflow vulnerability in the Windows NTFS file system allows unauthorized local code execution, posing a significant security risk.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
Improper access control in Windows Server allows an authorized local attacker to elevate their privileges, potentially compromising system integrity.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in the Windows USB Video Driver allows an attacker with physical access to escalate privileges on the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A vulnerability in the Windows Kernel allows unauthorized local attackers to expose sensitive system information, potentially compromising system confidentiality.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A local privilege escalation vulnerability exists in Windows Spaceport.sys due to missing authentication, allowing authorized attackers to elevate privileges on affected systems.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An uninitialized resource vulnerability in Windows SMB allows an authorized local attacker to disclose sensitive information by exploiting improper resource handling.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An improper access control vulnerability in the Windows Win32K component allows authorized local attackers to elevate their privileges, potentially compromising system security.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A race condition in the Windows AppX Deployment Service caused by improper synchronization of shared resources enables a local authorized attacker to elevate privileges.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A stack-based buffer overflow vulnerability in the Windows Resilient File System (ReFS) allows an authorized local attacker to escalate privileges by exploiting memory corruption.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An improper access control vulnerability in Windows Audio Compression Manager (ACM) allows a locally authorized attacker to elevate privileges on the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A vulnerability in Microsoft Windows DirectX enables unauthorized local attackers to access sensitive information, potentially compromising system confidentiality.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An integer overflow vulnerability in Windows Spaceport.sys allows unauthorized attackers to perform physical attacks and elevate privileges on affected systems.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows Kernel allows an authorized local attacker to elevate privileges by exploiting improper memory management.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Graphics Kernel allows an authorized local attacker to escalate privileges by exploiting memory management flaws.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An improper access control vulnerability in the Windows Win32K component allows authorized local attackers to elevate their privileges, potentially compromising system security.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An improper access control vulnerability in the Windows Win32K component allows authorized local attackers to elevate their privileges, potentially compromising system security.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A race condition in Microsoft Windows App Store's shared resource management allows a local attacker with authorization to elevate privileges due to improper synchronization.
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A race condition in the Windows Clip Service caused by improper synchronization of shared resources enables an authorized local attacker to elevate privileges.
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An integer underflow vulnerability in the Windows Kernel allows an authorized local attacker to disclose sensitive information, potentially compromising system confidentiality.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A cryptographic primitive in Windows Key Guard is implemented insecurely, allowing an authorized local attacker to bypass a security feature.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in the Windows Kernel allows an authorized local attacker to escalate privileges by exploiting memory corruption.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A buffer over-read vulnerability in Windows Redirected Drive Buffering allows an authorized local attacker to elevate privileges by exploiting improper memory handling.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows Kernel allows an authorized local attacker to elevate privileges by exploiting improper memory management.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in Windows Push Notifications allows an authorized local attacker to elevate privileges by exploiting memory corruption.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A stack-based buffer overflow vulnerability in Active Directory Federation Services allows an unauthorized attacker to cause a denial of service over a network.
CWE-121 - Stack-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An uncaught exception vulnerability in Windows Server Update Service allows unauthorized attackers to perform tampering over a network, potentially compromising system integrity.
CWE-248 - Uncaught Exception| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows TCP/IP stack allows an authorized attacker to escalate privileges locally by exploiting memory management flaws.
CWE-190 - Integer Overflow or Wraparound| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A stack-based buffer overflow vulnerability in Windows NTFS allows an authorized local attacker to escalate privileges by exploiting improper handling of input data.
CWE-121 - Stack-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A vulnerability in Windows Notification involving incorrect type conversion or casting allows an authorized local attacker to elevate privileges.
CWE-704 - Incorrect Type Conversion or Cast| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in Windows NTFS allows an attacker to execute unauthorized local code by exploiting memory management flaws.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A stack-based buffer overflow vulnerability in Windows App Installer allows an authorized local attacker to elevate privileges by exploiting improper memory handling.
CWE-121 - Stack-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in Windows NTFS allows an authorized attacker to execute code locally by exploiting memory corruption.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An exposure vulnerability in the Windows Kernel allows an authorized local attacker to disclose sensitive information, potentially compromising system confidentiality.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A stack-based buffer overflow vulnerability in Active Directory Federation Services allows an unauthorized attacker to cause a denial of service over a network.
CWE-121 - Stack-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows TCP/IP stack allows an authorized attacker to escalate privileges locally by exploiting memory management flaws.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in Windows NTFS allows an attacker to execute unauthorized local code by exploiting memory management flaws.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in Windows GDI+ allows remote attackers to execute arbitrary code over a network, posing a significant security risk.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A buffer over-read vulnerability in the Windows NTFS file system allows an authorized local attacker to disclose sensitive information by reading beyond allocated memory bounds.
CWE-126 - Buffer Over-read| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in the Windows Resilient File System (ReFS) allows an authorized local attacker to escalate privileges by exploiting memory corruption.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows Application Model allows an authorized local attacker to elevate privileges by exploiting improper memory handling.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An improper privilege management vulnerability in Microsoft Install Service allows an authorized local attacker to elevate their privileges.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in the Windows DHCP Server allows unauthorized remote code execution on adjacent networks, posing a significant security risk.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in the Windows Data DLL allows an attacker to execute unauthorized local code by exploiting memory corruption.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A race condition in the Windows USB Driver caused by improper synchronization of shared resources allows a local authorized attacker to elevate privileges.
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A vulnerability in Windows Push Notifications allows an authorized local attacker to disclose sensitive information by exposing data to unauthorized actors.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A vulnerability in Windows Push Notifications allows an authorized local attacker to disclose sensitive information by exposing data to unauthorized actors.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An integer overflow vulnerability in Windows Devices Human Interface allows an authorized local attacker to disclose sensitive information by exploiting improper handling of integer operations.
CWE-190 - Integer Overflow or Wraparound| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An infinite loop vulnerability in Active Directory Federation Services (AD FS) allows unauthorized attackers to cause a denial of service over a network, impacting service availability.
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows Ancillary Function Driver for WinSock allows an authorized local attacker to elevate privileges on affected systems.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in the Remote Desktop Client allows unauthorized remote attackers to elevate privileges.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A numeric truncation error in the Windows Resilient File System (ReFS) allows an authorized attacker to execute code locally, posing a significant security risk.
CWE-197 - Numeric Truncation Error| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An out-of-bounds read vulnerability in the Windows Kernel allows an authorized local attacker to elevate privileges by exploiting improper memory access.
CWE-125 - Out-of-bounds Read| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A type confusion vulnerability in the Windows Kernel allows an authorized local attacker to elevate privileges by exploiting improper type handling within the kernel.
CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A race condition vulnerability in Windows Runtime's concurrent execution of shared resources can be exploited remotely to elevate privileges.
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A race condition vulnerability in Windows Runtime's concurrent execution of shared resources can be exploited remotely to elevate privileges.
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
Improper access control vulnerabilities in Windows Operating Systems allow authorized local users to elevate their privileges, potentially compromising system integrity and security.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in Windows DirectX allows an authorized local attacker to escalate privileges by exploiting memory corruption.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A null pointer dereference vulnerability in Active Directory Domain Services allows an authorized attacker to cause a denial of service over a network, impacting system availability.
CWE-476 - NULL Pointer Dereference| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in Windows Media allows an authorized local attacker to elevate privileges by exploiting improper memory handling.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A stack-based buffer overflow vulnerability in Active Directory Federation Services allows an unauthorized attacker to cause a denial of service over a network.
CWE-121 - Stack-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An authorized local attacker can exploit improper access control in the Microsoft Windows Search Component to elevate privileges on the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An out-of-bounds read vulnerability in the Windows NTFS file system allows a local attacker to execute unauthorized code by exploiting improper memory access.
CWE-125 - Out-of-bounds Read| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in Windows Runtime allows an authorized local attacker to elevate privileges by exploiting improper memory handling.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in Windows Runtime allows an authorized local attacker to elevate privileges by exploiting improper memory handling.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A race condition in Windows LUAFV caused by improper synchronization of shared resources enables an authorized local attacker to elevate privileges.
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An out-of-bounds read vulnerability in the Windows Kernel allows remote attackers to disclose sensitive information over a network, posing a significant security risk.
CWE-125 - Out-of-bounds Read| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A race condition vulnerability in Windows Runtime's concurrent execution of shared resources can be exploited remotely to elevate privileges.
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in Windows Media allows an authorized local attacker to elevate privileges by exploiting improper memory handling.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
Improper privilege management in Windows Group Policy allows an authorized attacker to escalate privileges locally, potentially compromising system security.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A race condition in Windows Key Guard caused by improper synchronization of shared resources allows a local authorized attacker to elevate privileges.
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An out-of-bounds read vulnerability in the Windows Cloud Files Mini Filter Driver allows an authorized local attacker to disclose sensitive information by reading memory outside the intended buffer boundaries.
CWE-125 - Out-of-bounds Read| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An authorized attacker can exploit improper authorization in RPC Runtime to locally elevate privileges, potentially gaining higher-level access on the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A vulnerability in Windows Remote Desktop Protocol (RDP) involving the use of an uninitialized resource can allow unauthorized attackers to disclose sensitive information over a network.
CWE-908 - Use of Uninitialized Resource| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows Kernel allows an authorized local attacker to elevate privileges by exploiting improper memory management.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A vulnerability in the Windows Filtering Platform (WFP) caused by insufficient access control granularity allows an authorized local attacker to escalate privileges on affected Windows systems.
CWE-1220 - Insufficient Granularity of Access Control| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in Windows NTFS allows an attacker to execute unauthorized local code by exploiting memory management flaws.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A stack-based buffer overflow vulnerability in the Windows Graphics Device Interface (GDI) allows an authorized local attacker to escalate privileges by exploiting memory corruption.
CWE-121 - Stack-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A vulnerability in Windows Notification allows an authorized local attacker to expose sensitive information to unauthorized users, posing a significant security risk.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A buffer over-read vulnerability in Windows Remote Desktop Protocol (RDP) allows unauthorized attackers to disclose sensitive information over a network, potentially compromising system confidentiality.
CWE-126 - Buffer Over-read| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An authorized attacker can exploit improper authorization in Windows Object Linking and Embedding (OLE) to achieve local privilege escalation, potentially compromising system integrity.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A vulnerability in Windows Cryptographic Services allows an authorized local attacker to disclose sensitive information, potentially compromising system confidentiality.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An untrusted pointer dereference vulnerability in Microsoft Windows DirectX allows an authorized attacker to execute code locally, posing a significant security risk.
CWE-822 - Untrusted Pointer Dereference| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An out-of-bounds read vulnerability in the Windows Desktop Window Manager (DWM) Core Library allows an authorized local attacker to disclose sensitive information.
CWE-125 - Out-of-bounds Read| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in Windows NTFS allows an attacker to execute unauthorized local code by exploiting memory management flaws.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in Windows Remote Desktop Services allows an authorized attacker to remotely elevate privileges by exploiting memory management flaws.
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A local privilege escalation vulnerability exists in Windows Projected File System's link resolution before file access, allowing authorized attackers to elevate privileges.
CWE-59 - Improper Link Resolution Before File Access ('Link Following')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An improper authentication vulnerability in the Windows RPC API allows unauthorized attackers on adjacent networks to elevate their privileges, posing a significant security risk.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A relative path traversal vulnerability in DNS Server allows an authorized attacker to execute code on a neighboring network, posing a significant security risk.
CWE-23 - Relative Path Traversal| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in Content Delivery Manager allows an authorized local attacker to elevate privileges by exploiting improper memory handling.
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An out-of-bounds read vulnerability in Windows NTFS allows an authorized local attacker to elevate privileges by exploiting improper memory access.
CWE-125 - Out-of-bounds Read| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A type confusion vulnerability in Windows Connected User Experiences and Telemetry enables an authorized local attacker to elevate privileges by exploiting improper type handling.
CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows Cloud Files Mini Filter Driver allows an authorized attacker with physical access to elevate privileges on affected systems.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A vulnerability in the Windows Sensor Data Service involving improper handling of an indexable resource ('range error') allows an authorized local attacker to elevate privileges.
CWE-822 - Untrusted Pointer Dereference| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A buffer over-read vulnerability in Windows Print Spooler Components allows an authorized local attacker to disclose sensitive information by reading beyond intended memory boundaries.
CWE-126 - Buffer Over-read| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A vulnerability in Windows Routing and Remote Access Service (RRAS) allows an authorized local attacker to elevate privileges due to missing authentication controls.
CWE-306 - Missing Authentication for Critical Function| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An authorized attacker can exploit an uninitialized resource vulnerability in the Universal Plug and Play (upnp.dll) component to locally disclose sensitive information.
CWE-908 - Use of Uninitialized Resource| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An incorrect numeric type conversion vulnerability in Windows NTFS allows authorized local attackers to elevate their privileges by exploiting the flaw in the file system's handling of numeric data.
CWE-126 - Buffer Over-read| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A buffer over-read vulnerability in the Windows Overlay Filter allows an authorized local attacker to escalate privileges by exploiting improper memory handling.
CWE-126 - Buffer Over-read| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A vulnerability in the Windows Overlay Filter allows an authorized local attacker to expose sensitive information to unauthorized actors, potentially compromising data confidentiality.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An untrusted pointer dereference vulnerability in the Windows Resilient File System (ReFS) allows an authorized local attacker to elevate privileges on affected systems.
CWE-822 - Untrusted Pointer Dereference| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in Microsoft Message Queuing Queue Manager allows remote attackers to execute arbitrary code over a network, posing a significant security risk.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A vulnerability in the Windows Ancillary Function Driver for WinSock enables an authorized local attacker to elevate privileges by manipulating file names or paths.
CWE-73 - External Control of File Name or Path| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in Windows Runtime allows an authorized local attacker to elevate privileges by exploiting improper memory handling.
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An authorized attacker can exploit a vulnerability in Windows File Explorer to locally disclose sensitive information, potentially compromising user data confidentiality.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An authorized attacker can exploit a vulnerability in Windows File Explorer to locally disclose sensitive information, potentially compromising user data confidentiality.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An authorized attacker can exploit a vulnerability in Windows File Explorer to locally disclose sensitive information, potentially compromising user data confidentiality.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An authorized attacker can exploit a vulnerability in Windows File Explorer to locally disclose sensitive information, potentially compromising user data confidentiality.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows Virtual Filtering Platform (VFP) allows an authorized attacker to trigger a network denial of service condition.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in Windows NTFS allows an attacker to execute unauthorized local code by exploiting memory management flaws.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A vulnerability in the Windows Quality of Service (QoS) Packet Scheduler can lead to information disclosure, potentially exposing sensitive data within affected systems.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An out-of-bounds read vulnerability in the Windows USB Audio Class driver (usbaudio.sys) allows unauthorized attackers to disclose sensitive information via a physical attack.
CWE-125 - Out-of-bounds Read| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in Windows NTFS allows an authorized attacker to execute code locally by exploiting memory corruption.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in Windows Message Queuing allows remote attackers to execute arbitrary code over a network, posing a critical security risk.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in the Windows Resilient File System (ReFS) allows an attacker to execute unauthorized local code by exploiting memory corruption.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Remote Desktop Client allows unauthorized remote code execution over a network, posing significant security risks.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A stack-based buffer overflow vulnerability in Active Directory Federation Services (AD FS) allows an unauthorized attacker to cause a denial of service over a network.
CWE-121 - Stack-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A vulnerability in Windows Server Update Service allows an authorized attacker to remotely elevate privileges due to missing authentication on a critical function.
CWE-306 - Missing Authentication for Critical Function| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A vulnerability in Windows Media enables an authorized local attacker to access sensitive information, potentially exposing it to unauthorized parties.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A vulnerability in Windows Media enables unauthorized attackers to access sensitive information over a network, potentially compromising data confidentiality.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A buffer over-read vulnerability in the Windows Kernel allows an authorized local attacker to access sensitive information, potentially compromising system confidentiality.
CWE-126 - Buffer Over-read| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in Microsoft Windows allows an authorized local attacker to elevate privileges by exploiting improper memory handling.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An out-of-bounds read vulnerability in the Windows Kernel allows remote attackers to disclose sensitive information over a network, posing a significant security risk.
CWE-125 - Out-of-bounds Read| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A race condition vulnerability in the Windows Wireless Wide Area Network Service allows an authorized local attacker to elevate privileges by exploiting improper synchronization of shared resources.
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An out-of-bounds read vulnerability in Windows Network Policy Server SNMP allows unauthorized attackers to disclose sensitive information over a network.
CWE-125 - Out-of-bounds Read| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in the Windows Kernel allows an authorized local attacker to escalate privileges by exploiting memory corruption.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows Kernel allows an authorized local attacker to elevate privileges by exploiting improper memory management.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An untrusted pointer dereference vulnerability in the Windows USB Hub Driver allows an authorized local attacker to elevate privileges on affected systems.
CWE-822 - Untrusted Pointer Dereference| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in Windows NTFS allows an authorized attacker to execute code locally by exploiting memory corruption.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An improper access control vulnerability in Microsoft Windows DNS allows an authorized local attacker to tamper with the system, potentially compromising its integrity.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in the Windows Kernel allows an authorized local attacker to escalate privileges by exploiting memory corruption.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows Graphics Kernel allows an authorized local attacker to elevate privileges by exploiting memory management flaws.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A vulnerability in the Windows Event Logging Service's access control enables an authorized attacker to remotely execute code over a network, posing a significant security risk.
CWE-1220 - Insufficient Granularity of Access Control| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A buffer over-read vulnerability in Windows Hyper-V allows an authorized attacker to cause a denial of service on an adjacent network, potentially disrupting network operations.
CWE-126 - Buffer Over-read| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in Windows Netlogon allows an authorized attacker to remotely elevate privileges over a network, posing a significant security risk.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in Windows Print Spooler Components allows an authorized local attacker to elevate privileges by exploiting memory corruption.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in the Windows Win32K component allows an authorized local attacker to escalate privileges by exploiting memory corruption.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in Windows NTFS allows an authorized attacker to execute code locally by exploiting memory corruption.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in Windows Installer allows an authorized local attacker to elevate privileges by exploiting improper memory handling.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
The Windows Universal Disk Format File System Driver (UDFS) contains an elevation of privilege vulnerability that could enable attackers to gain higher system privileges.
CWE-125 - Out-of-bounds Read| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in Windows Message Queuing allows an authorized attacker to remotely execute code over a network, posing a significant security risk to affected systems.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An out-of-bounds read vulnerability in the Code Integrity DLL (ci.dll) allows an authorized local attacker to elevate privileges on affected Windows systems.
CWE-125 - Out-of-bounds Read| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in the Windows Resilient File System (ReFS) allows unauthorized attackers to execute arbitrary code via a physical attack vector.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An off-by-one error in the Windows Remote Desktop Protocol allows unauthorized attackers to disclose sensitive information over a network, posing a significant security risk.
CWE-193 - Off-by-one Error| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An out-of-bounds read vulnerability in Windows Network Policy Server SNMP allows unauthorized attackers to disclose sensitive information over a network.
CWE-125 - Out-of-bounds Read| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A buffer over-read vulnerability in the Remote Desktop Client allows unauthorized attackers to disclose sensitive information over a network.
CWE-126 - Buffer Over-read| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A deserialization vulnerability in the Windows Wireless Wide Area Network Service allows an authorized local attacker to elevate privileges by processing untrusted data.
CWE-502 - Deserialization of Untrusted Data| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in Microsoft Windows Media Foundation allows unauthorized remote code execution, posing a critical security risk.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in Microsoft Windows Media Foundation allows unauthorized remote code execution, posing a critical security risk.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A stack-based buffer overflow vulnerability in the Windows File History Service allows an authorized local attacker to escalate privileges by exploiting improper memory handling.
CWE-121 - Stack-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows SMB Server Network Transport Driver (srvnet.sys) allows remote attackers to execute arbitrary code over a network.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An out-of-bounds read vulnerability in Windows Print Spooler components allows an authorized local attacker to disclose sensitive information.
CWE-125 - Out-of-bounds Read| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows VMSwitch component allows an authorized attacker to remotely elevate privileges over a network, posing a significant security risk.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in Microsoft Windows Media Foundation allows unauthorized remote code execution, posing a critical security risk.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An improper access control vulnerability in the Extensible Storage Engine (ESENT) allows an authorized local attacker to elevate their privileges on the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows Ancillary Function Driver for WinSock allows an authorized local attacker to elevate privileges on affected systems.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service (RRAS) allows an authorized local attacker to elevate privileges on affected systems.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An uninitialized resource vulnerability in Windows Remote Desktop Protocol (RDP) allows an authorized attacker to disclose sensitive information over a network connection.
CWE-908 - Use of Uninitialized Resource| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An out-of-bounds read vulnerability in the Windows USB Audio Class driver (usbaudio.sys) allows unauthorized attackers to disclose sensitive information via a physical attack.
CWE-125 - Out-of-bounds Read| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in the Windows Resilient File System (ReFS) allows an attacker to execute unauthorized local code by exploiting memory corruption.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in the Windows Bluetooth Service allows an authorized local attacker to elevate privileges, potentially compromising system security.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A vulnerability in Windows Remote Desktop Protocol (RDP) involving the use of an uninitialized resource can allow unauthorized attackers to disclose sensitive information over a network.
CWE-908 - Use of Uninitialized Resource| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A vulnerability in Windows Remote Desktop Protocol (RDP) involving the use of an uninitialized resource can allow unauthorized attackers to disclose sensitive information over a network.
CWE-908 - Use of Uninitialized Resource| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A vulnerability in Windows Remote Desktop Protocol (RDP) involving the use of an uninitialized resource can allow unauthorized attackers to disclose sensitive information over a network.
CWE-908 - Use of Uninitialized Resource| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An out-of-bounds read vulnerability in Windows Remote Desktop Protocol (RDP) allows unauthorized attackers to disclose sensitive information over a network.
CWE-125 - Out-of-bounds Read| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An authorized attacker can exploit improper authorization in Windows Installer to locally elevate privileges, potentially gaining higher system access.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A race condition in Windows SMB caused by improper synchronization of shared resources enables an authorized attacker to elevate privileges over a network.
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An integer overflow vulnerability in the Windows Kernel allows an authorized local attacker to escalate privileges by exploiting improper handling of integer operations.
CWE-190 - Integer Overflow or Wraparound| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in Microsoft Input Method Editor (IME) allows an authorized local attacker to escalate privileges by exploiting memory corruption.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows Cloud Files Mini Filter Driver allows an authorized local attacker to elevate privileges on affected systems.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in the Universal Plug and Play (upnp.dll) component allows an authorized local attacker to escalate privileges on the affected system.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An improper access control vulnerability in the Windows Kernel allows an authorized local attacker to bypass a security feature, potentially compromising system integrity.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A type confusion vulnerability in the Windows Desktop Window Manager (DWM) enables an authorized local attacker to elevate privileges by exploiting improper type handling.
CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An integer overflow vulnerability in Windows Remote Desktop Protocol (RDP) allows unauthorized remote code execution, posing a critical security risk to affected systems.
CWE-190 - Integer Overflow or Wraparound| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows Cloud Files Mini Filter Driver allows an authorized local attacker to elevate privileges on affected systems.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows Sensor Data Service allows an authorized local attacker to elevate privileges on affected systems.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An uncontrolled resource consumption vulnerability in the Windows DHCP Server allows unauthorized attackers to cause a denial of service on affected networks by exhausting server resources.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A race condition in Windows Wireless Networking caused by improper synchronization of shared resources enables an authorized local attacker to elevate privileges.
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in Windows DirectX allows an authorized local attacker to elevate privileges by exploiting improper memory handling.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows Win32K component allows an authorized local attacker to elevate privileges by exploiting improper memory handling.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows Client-Side Caching (CSC) Service allows an authorized local attacker to elevate privileges on affected systems.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A missing cryptographic verification step in the Windows Boot Loader allows an authorized local attacker to bypass a security feature, potentially compromising system integrity during the boot process.
CWE-325 - Missing Cryptographic Step| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in Windows DNS allows an authorized local attacker to elevate privileges by exploiting memory corruption.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A missing cryptographic step in Windows CryptoAPI enables an authorized attacker to perform local tampering, compromising the integrity of cryptographic operations.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in Windows Hyper-V allows an unauthorized local attacker to elevate privileges by exploiting improper memory handling.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A vulnerability in the Windows Kernel permits a local authorized attacker to disclose sensitive information by embedding it into a log file, potentially exposing confidential data.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A type confusion vulnerability in the Composite Image File System Driver allows an authorized local attacker to disclose sensitive information by exploiting improper type handling.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A vulnerability in Windows Cryptographic Services due to improper certificate validation allows remote attackers to bypass security mechanisms, potentially compromising system integrity.
CWE-295 - Improper Certificate Validation| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An incorrect implementation of the authentication algorithm in Windows SMB Server allows an authorized attacker to remotely elevate privileges, posing a significant security risk.
CWE-303 - Incorrect Implementation of Authentication Algorithm| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A vulnerability in Windows Push Notifications allows an authorized local attacker to disclose sensitive information by exposing data to unauthorized actors.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An improper access control vulnerability in the Windows operating system allows a local attacker to bypass security mechanisms without authorization, potentially compromising system integrity.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An improper access control vulnerability in the Windows Kernel allows a local authorized attacker to elevate privileges, potentially compromising system integrity.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An out-of-bounds read vulnerability in the Windows Kernel allows an authorized local attacker to elevate privileges by exploiting improper memory access.
CWE-125 - Out-of-bounds Read| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows Kernel allows unauthorized local attackers to escalate privileges by exploiting memory management flaws.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An out-of-bounds read vulnerability in Windows Active Directory allows an authorized attacker to cause a denial of service over a network, potentially disrupting directory services.
CWE-125 - Out-of-bounds Read| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A null pointer dereference vulnerability in the Windows SMB Server allows an authorized attacker to cause a denial of service over a network, impacting system availability.
CWE-476 - NULL Pointer Dereference| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A vulnerability in the Windows Win32K component allows an authorized local attacker to disclose sensitive information, potentially compromising system confidentiality.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An integer overflow vulnerability in Windows Terminal allows an attacker to execute unauthorized local code, posing a significant security risk.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A race condition in Windows Runtime caused by improper synchronization of shared resources allows a local authorized attacker to elevate privileges.
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in Windows Remote Desktop Services allows an authorized attacker to remotely execute code over a network, posing a significant security risk.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows Internal Task Bar allows an authorized local attacker to elevate privileges on affected systems.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A vulnerability in the Windows Trusted Runtime Interface Driver permits an authorized local attacker to expose sensitive information to unauthorized parties, posing a significant security risk.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An improper link resolution vulnerability in Windows Server Backup allows an authorized local attacker to elevate privileges on the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows Unified Consent System allows an authorized local attacker to elevate privileges by exploiting improper memory management.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows Internal System User Profile allows an authorized attacker to perform local privilege escalation by exploiting memory management flaws.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows Backup Engine allows an authorized local attacker to elevate privileges on affected systems.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in Windows Runtime allows an authorized local attacker to elevate privileges by exploiting improper memory handling.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A race condition in Windows App Installer involving concurrent execution with improper synchronization allows an authorized local attacker to elevate privileges.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows App Installer allows an authorized local attacker to elevate privileges by exploiting improper memory handling.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Microsoft Brokering File System allows an authorized local attacker to elevate privileges on affected systems.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in Microsoft Printer Drivers allows an authorized local attacker to elevate privileges on the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the DNS Server allows an authorized attacker to remotely execute code over a network, posing significant security risks.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in the Remote Desktop Client enables unauthorized attackers to execute arbitrary code remotely over a network.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows USB Print Driver allows an unauthorized attacker with physical access to elevate privileges on the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A race condition in the Windows USB Print Driver due to improper synchronization of shared resources allows an authorized local attacker to elevate privileges.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A race condition in the Windows USB Print Driver due to improper synchronization of shared resources allows an authorized local attacker to elevate privileges.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A race condition in the Windows USB Print Driver due to improper synchronization of shared resources allows an authorized local attacker to elevate privileges.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows Kernel Mode Driver allows an authorized local attacker to elevate privileges on affected systems.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A race condition in Windows Push Notifications due to improper synchronization of shared resources allows an authorized local attacker to elevate privileges.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A race condition vulnerability in the Windows USB Print Driver's management of shared resources enables an authorized local attacker to escalate privileges.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A race condition vulnerability in the Windows USB Print Driver's management of shared resources enables an authorized local attacker to escalate privileges.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in Windows Runtime allows an authorized local attacker to elevate privileges by exploiting improper memory handling.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A race condition in the Windows Kernel due to improper synchronization during concurrent access to shared resources enables an authorized local attacker to elevate privileges.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An improper privilege management vulnerability in Microsoft Windows DNS allows an authorized local attacker to bypass a security feature, potentially impacting system security controls.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in Microsoft Brokering File System allows an authorized local attacker to elevate privileges on the affected system.
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows Secure Kernel Mode allows an authorized local attacker to elevate privileges by exploiting memory management flaws.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in Windows Kernel-Mode Drivers allows an authorized local attacker to elevate privileges by exploiting improper memory handling.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in Windows Media allows an authorized local attacker to execute arbitrary code, posing a significant security risk.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in Windows Kernel-Mode Drivers allows an authorized local attacker to elevate privileges by exploiting improper memory handling.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A null pointer dereference vulnerability in Windows Image Acquisition allows an authorized local attacker to elevate privileges by exploiting improper handling of pointer references.
CWE-476 - NULL Pointer Dereference| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A race condition in Windows Runtime caused by improper synchronization of shared resources allows a local authorized attacker to elevate privileges.
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A race condition in Windows Runtime caused by improper synchronization of shared resources allows a local authorized attacker to elevate privileges.
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A double free vulnerability in the Microsoft Brokering File System allows an authorized local attacker to elevate privileges by exploiting improper memory management.
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A race condition in Windows OS shared resources caused by improper synchronization allows authorized local users to escalate privileges.
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in Windows Runtime allows an authorized attacker to remotely elevate privileges over a network, posing a significant security risk.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A vulnerability in the Windows Win32K component allows an authorized local attacker to disclose sensitive information, potentially compromising system confidentiality.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in Windows DirectX allows an authorized local attacker to elevate privileges by exploiting improper memory handling.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A race condition vulnerability in Windows Media's concurrent execution with shared resources enables an authorized attacker to elevate privileges remotely over a network.
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A race condition vulnerability in Windows Media's concurrent execution with shared resources enables an authorized attacker to elevate privileges remotely over a network.
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A race condition in Windows Runtime caused by improper synchronization of shared resources allows a local authorized attacker to elevate privileges.
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows Kernel allows an authorized local attacker to elevate privileges by exploiting improper memory management.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A relative path traversal vulnerability in the Windows User Interface Core allows an authorized local attacker to elevate privileges by exploiting improper path handling.
CWE-23 - Relative Path Traversal| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A race condition in Windows Runtime caused by improper synchronization of shared resources allows a local authorized attacker to elevate privileges.
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in Windows Runtime allows an authorized local attacker to elevate privileges by exploiting improper memory handling.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows Brokering File System allows an authorized local attacker to elevate privileges on affected systems.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An improper access control vulnerability in Microsoft Windows DNS allows an authorized local attacker to tamper with the system, potentially compromising its integrity.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An out-of-bounds read vulnerability in Windows HTTP.sys allows unauthorized local attackers to access sensitive information, potentially compromising system confidentiality.
CWE-125 - Out-of-bounds Read| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in Microsoft Brokering File System allows an authorized local attacker to elevate privileges on the affected system.
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An untrusted pointer dereference vulnerability in Windows Domain Controller allows unauthorized attackers to cause a denial of service over a network, impacting system availability.
CWE-822 - Untrusted Pointer Dereference| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A vulnerability in the Microsoft Graphics Component allows an authorized local attacker to disclose sensitive information, potentially compromising data confidentiality within affected systems.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in Microsoft Windows DNS allows remote attackers to elevate privileges over a network by exploiting memory management flaws.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An authorized attacker can locally elevate privileges on Windows systems due to improper neutralization of special elements in command injection within the Clipboard User Service.
CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A stack-based buffer overflow vulnerability in the Windows Resilient File System (ReFS) allows unauthorized local code execution, posing a critical security risk to affected systems.
CWE-121 - Stack-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A race condition in Windows Runtime caused by improper synchronization of shared resources allows a local authorized attacker to elevate privileges.
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows USB Print Driver allows an authorized local attacker to elevate privileges on affected systems.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in the Microsoft Windows Search Component allows an authorized local attacker to escalate privileges on affected systems.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows Kernel allows an authorized local attacker to elevate privileges by exploiting improper memory management.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in Microsoft NAT Helper Components (ipnathlp.dll) allows an authorized local attacker to elevate privileges on affected systems.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in Windows Management Services allows an authorized local attacker to elevate privileges by exploiting improper memory handling.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in Windows Media allows attackers to execute unauthorized local code by exploiting memory management flaws.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A race condition vulnerability in the Windows USB Print Driver's management of shared resources allows an authorized user with physical access to escalate privileges on the affected system.
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A vulnerability in Windows Network Address Translation (NAT) origin validation allows unauthorized attackers to spoof adjacent networks, potentially compromising network security.
CWE-346 - Origin Validation Error| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An improper access control vulnerability in the Windows MIDI Service Module allows an authorized local attacker to elevate privileges on affected systems.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A race condition in the Windows Audio Service caused by improper synchronization of shared resources enables a local authorized attacker to elevate privileges.
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A race condition vulnerability in Windows Media's shared resource management allows an authorized local attacker to elevate privileges due to improper synchronization.
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in Windows Media allows an authorized local attacker to escalate privileges by exploiting memory corruption.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A race condition vulnerability in Windows Media's concurrent execution with shared resources enables an authorized attacker to elevate privileges remotely over a network.
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A race condition vulnerability in Windows Media's shared resource management allows an authorized local attacker to elevate privileges due to improper synchronization.
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in Windows Media allows an authorized local attacker to elevate privileges by exploiting improper memory handling.
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows MIDI Service Module allows an authorized local attacker to elevate privileges on affected systems.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows MIDI Service Module allows an authorized local attacker to elevate privileges on affected systems.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows Kernel allows an authorized local attacker to elevate privileges by exploiting improper memory management.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An out-of-bounds read vulnerability in the Windows Container Isolation FS Filter Driver (unionfs.sys) allows an authorized local attacker to disclose sensitive information.
CWE-125 - Out-of-bounds Read| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Desktop Window Manager allows an authorized local attacker to elevate privileges on the affected system.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Desktop Window Manager allows an authorized local attacker to elevate privileges on the affected system.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An out-of-bounds read vulnerability in Active Directory Federation Services (AD FS) allows an authorized attacker to disclose sensitive information over a network, potentially compromising data confidentiality.
CWE-125 - Out-of-bounds Read| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in Windows WPAD allows an authorized local attacker to elevate privileges by exploiting memory corruption.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An improper authentication vulnerability in Windows Admin Center allows an authorized attacker to elevate privileges remotely over a network.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
Improper authentication in Windows Admin Center enables an authorized attacker to disclose sensitive information over a network, posing a security risk.
CWE-94 - Improper Control of Generation of Code ('Code Injection')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
Improper authentication in Windows Admin Center allows an authorized attacker to locally elevate privileges, posing a significant security risk.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An improper authorization vulnerability in Windows Admin Center allows an authorized attacker to execute code locally, potentially compromising system integrity.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A relative path traversal vulnerability in Windows Admin Center allows an authorized attacker to remotely execute code over a network, posing a significant security risk.
CWE-23 - Relative Path Traversal| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An authorized attacker can exploit improper neutralization of special elements in Windows Admin Center to perform remote code execution via command injection.
CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An improper access control vulnerability in Windows Remote Help Defense allows an authorized attacker to locally elevate privileges, potentially compromising system integrity.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An improper validation of input consistency in Windows Secure Kernel Mode enables an authorized local attacker to elevate privileges.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A vulnerability in Windows Media allows an authorized local attacker to expose sensitive information to unauthorized users through local disclosure.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A vulnerability in the Windows Ancillary Function Driver for WinSock allows an authorized local attacker to disclose sensitive information due to cleartext transmission.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A race condition due to improper synchronization in the Windows App Store allows unauthorized attackers to elevate privileges remotely over a network.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in the Windows Bluetooth Port Driver enables unauthorized attackers to execute arbitrary code over an adjacent network.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in the SQL Server ODBC driver enables unauthorized attackers to execute arbitrary code remotely over a network.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in Active Directory Domain Services enables unauthorized remote code execution over a network.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use of uninitialized resource vulnerability in Microsoft Windows App Store allows an authorized local attacker to disclose sensitive information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Windows Kernel allows an authorized local attacker to elevate privileges by exploiting improper memory management.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An integer overflow vulnerability in Windows Storage Spaces Direct allows an unauthorized attacker with physical access to elevate privileges by exploiting wraparound behavior.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An insufficient granularity of access control in the Windows StateRepository API allows an authorized local attacker to elevate privileges.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use after free vulnerability in Microsoft Windows Speech allows an authorized local attacker to elevate privileges on the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
Improper privilege management in the Windows WalletService component allows an authorized local attacker to elevate their privileges.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in the Windows FTP Service enables unauthorized remote attackers to execute arbitrary code over a network.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A missing authentication vulnerability in a critical function of Microsoft Windows DNS allows an authorized attacker to perform local tampering.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
An out-of-bounds read vulnerability in Windows TCP/IP allows an authorized local attacker to disclose sensitive information by exploiting improper memory access.
CWE-125 - Out-of-bounds Read| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A race condition due to improper synchronization in the Microsoft Windows App Store allows an authorized attacker to locally elevate privileges, posing a significant security risk.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A stack-based buffer overflow vulnerability in Active Directory Federation Services (AD FS) enables an unauthorized attacker to cause a denial of service over a network.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A stack-based buffer overflow vulnerability in Active Directory Federation Services enables an unauthorized attacker to cause a denial of service over a network.
CWE-121 - Stack-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in Windows Hyper-V allows an authorized local attacker to elevate privileges by exploiting improper memory handling within the virtualization component.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A use-after-free vulnerability in the Quality Windows Audio/Video Experience (QWAVE) service allows an authorized local attacker to elevate privileges on affected Windows systems.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in the Windows Overlay Filter allows an authorized local attacker to elevate privileges on affected systems.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in the Windows Internet Key Exchange (IKE) Protocol enables unauthorized attackers to cause a denial of service over a network.
CWE-122 - Heap-based Buffer Overflow| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A vulnerability in the Windows Common Log File System Driver allows an authorized local attacker to expose sensitive information and elevate privileges.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in the Windows Kernel allows an unauthorized attacker with physical access to elevate privileges.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A race condition due to improper synchronization in the Windows Win32K component allows an authorized local attacker to elevate privileges.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in the Windows Win32K component allows an authorized local attacker to elevate privileges.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in Microsoft Windows Media Foundation enables unauthorized local code execution by an attacker.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
Improper certificate validation in Windows Active Directory allows an authorized attacker to locally elevate privileges by exploiting certificate handling flaws.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A race condition due to improper synchronization in the Windows Win32K component allows an authorized local attacker to elevate privileges.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
A double free vulnerability in Microsoft Printer Drivers allows an authorized local attacker to elevate privileges by exploiting improper memory management.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Windows
|
vers:unknown/* |
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Microsoft heeft een zeer groot aantal kwetsbaarheden verholpen in Windows.",
"title": "Feiten"
},
{
"category": "description",
"text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de categorie\u00ebn schade, zoals genoemd in onderstaande tabel.\n\nDe ernstigste kwetsbaarheden hebben kenmerken **CVE-2026-49172, CVE-2026-56190, CVE-2026-54990, CVE-2026-49798, CVE-2026-50380, CVE-2026-50447, CVE-2026-50518, CVE-2026-56159, CVE-2026-56188 en CVE-2026-57092** toegewezen gekregen en bevinden zich in respectievelijk de FTP service, Remote Desktop (client en server), de Kernel, GDI+, Message Queuing Service, DHCP Server, Server Network Driver en VMSwitch.\nKwaadwillenden met toegang tot deze services kunnen zonder voorafgaande authenticatie mogelijk code uitvoeren of zich toegang verschaffen tot het kwetsbare systeem.\n\nNaast deze ernstige kwetsbaarheden zijn nog eens meer dan 400 kwetsbaarheden verholpen, allen varierend in ernstigheid van middelmatig tot hoog/kritiek.\n\nDoor de aard en omvang van deze updates, adviseert het NCSC om deze updates met voorrang in te zetten.\n\n```\nWindows Admin Center: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-56169 | 8.10 | Verkrijgen van verhoogde rechten | \n| CVE-2026-56185 | 6.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-57107 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-58631 | 7.80 | Uitvoeren van willekeurige code | \n| CVE-2026-56196 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2026-56197 | 8.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Management Services: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-58544 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Audio Service: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-34328 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-50440 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Bluetooth Service: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-58538 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nMicrosoft Install Service: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50343 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nVirtual Hard Disk (VHD) Miniport Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-58601 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Server: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50311 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Server Update Service: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50328 | 7.50 | Manipulatie van gegevens | \n| CVE-2026-50444 | 8.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Win32K: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-54107 | 8.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-54986 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-54112 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-54114 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-49805 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50297 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50325 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50416 | 3.30 | Toegang tot gevoelige gegevens | \n| CVE-2026-50489 | 8.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-56184 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-57095 | 6.20 | Verkrijgen van verhoogde rechten | \n| CVE-2026-58632 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Terminal: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-54124 | 7.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows RDP: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-55003 | 6.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-57979 | 6.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-50376 | 6.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-50445 | 6.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-54126 | 6.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-56190 | 9.80 | Uitvoeren van willekeurige code | \n| CVE-2026-57982 | 6.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-58533 | 6.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-58535 | 6.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-58546 | 6.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-58539 | 6.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-58594 | 8.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Internet Key Exchange (IKE) Protocol: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50696 | 7.50 | Denial-of-Service | \n|----------------|------|-------------------------------------|\n\nQuality Windows Audio/Video Experience (QWAVE) service: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-54989 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows RPC API: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50365 | 8.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nReliable Multicast Transport Driver (RMCAST): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-54982 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2026-54995 | 8.10 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Kernel Mode Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-58602 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Remote Access Service Infrastructure: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-56647 | 8.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Trusted Runtime Interface Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50350 | 5.50 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows Push Notifications: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-44800 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50363 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50434 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-50339 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-50430 | 5.50 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows Common Log File System Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50697 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nContent Delivery Manager: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50427 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows LUAFV: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50371 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nMicrosoft Windows App Store: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-42900 | 8.10 | Verkrijgen van verhoogde rechten | \n| CVE-2026-49165 | 7.10 | Toegang tot gevoelige gegevens | \n| CVE-2026-49784 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50356 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows DNS: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-49175 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-49174 | 6.10 | Manipulatie van gegevens | \n| CVE-2026-50295 | 5.50 | Omzeilen van beveiligingsmaatregel | \n| CVE-2026-50465 | 7.10 | Manipulatie van gegevens | \n| CVE-2026-50495 | 6.10 | Manipulatie van gegevens | \n| CVE-2026-50487 | 8.10 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Data.dll: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50347 | 7.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Boot Loader: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-58638 | 6.00 | Omzeilen van beveiligingsmaatregel | \n|----------------|------|-------------------------------------|\n\nWindows VMSwitch: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-57092 | 9.90 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Remote Access Connection Manager: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50666 | 8.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nMicrosoft Input Method Editor (IME): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-58534 | 8.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nMicrosoft Windows Search Component: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50373 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50679 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nActive Directory Domain Services: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-49164 | 8.10 | Uitvoeren van willekeurige code | \n| CVE-2026-57976 | 6.50 | Denial-of-Service | \n| CVE-2026-49178 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2026-50366 | 6.50 | Denial-of-Service | \n|----------------|------|-------------------------------------|\n\nWindows Routing and Remote Access Service (RRAS): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-49791 | 7.10 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50451 | 7.10 | Verkrijgen van verhoogde rechten | \n| CVE-2026-57096 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nRole: DNS Server: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-49169 | 8.00 | Uitvoeren van willekeurige code | \n| CVE-2026-50426 | 6.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows NTFS: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-58640 | 7.30 | Uitvoeren van willekeurige code | \n| CVE-2026-49184 | 8.40 | Uitvoeren van willekeurige code | \n| CVE-2026-49789 | 7.30 | Verkrijgen van verhoogde rechten | \n| CVE-2026-49797 | 7.80 | Uitvoeren van willekeurige code | \n| CVE-2026-50308 | 7.80 | Uitvoeren van willekeurige code | \n| CVE-2026-50412 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50386 | 7.80 | Uitvoeren van willekeurige code | \n| CVE-2026-50309 | 7.80 | Uitvoeren van willekeurige code | \n| CVE-2026-50313 | 7.80 | Uitvoeren van willekeurige code | \n| CVE-2026-50341 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-50388 | 7.80 | Uitvoeren van willekeurige code | \n| CVE-2026-50448 | 7.80 | Uitvoeren van willekeurige code | \n| CVE-2026-50471 | 7.80 | Uitvoeren van willekeurige code | \n| CVE-2026-50422 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50402 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50461 | 7.80 | Uitvoeren van willekeurige code | \n| CVE-2026-50417 | 7.80 | Uitvoeren van willekeurige code | \n| CVE-2026-50482 | 7.30 | Uitvoeren van willekeurige code | \n| CVE-2026-50494 | 7.80 | Uitvoeren van willekeurige code | \n| CVE-2026-50667 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50668 | 6.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50672 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-56175 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-56182 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Overlay Filter: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-54987 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50435 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50409 | 5.50 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows Notification: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50337 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50334 | 5.50 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows Backup Engine: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50406 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Image Acquisition: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50315 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nMicrosoft Windows Media Foundation: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-54993 | 7.80 | Uitvoeren van willekeurige code | \n| CVE-2026-58610 | 7.80 | Uitvoeren van willekeurige code | \n| CVE-2026-56189 | 7.80 | Uitvoeren van willekeurige code | \n| CVE-2026-57090 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2026-57094 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2026-57087 | 8.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Schannel: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-56186 | 8.10 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows Network Address Translation (NAT): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-56181 | 8.30 | Voordoen als andere gebruiker | \n|----------------|------|-------------------------------------|\n\nCode Integrity DLL (ci.dll): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50491 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows USB Hub Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50479 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows DHCP Server: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-48564 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2026-50370 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2026-50518 | 9.80 | Uitvoeren van willekeurige code | \n| CVE-2026-50685 | 7.50 | Uitvoeren van willekeurige code | \n| CVE-2026-50683 | 8.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-56159 | 9.80 | Uitvoeren van willekeurige code | \n| CVE-2026-58627 | 7.50 | Denial-of-Service | \n|----------------|------|-------------------------------------|\n\nWindows App Installer: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-48572 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-48571 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50400 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Storage: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-58526 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Virtual Filtering Platform (VFP): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50432 | 5.30 | Denial-of-Service | \n|----------------|------|-------------------------------------|\n\nWindows HTTP.sys: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-49787 | 7.50 | Denial-of-Service | \n| CVE-2026-50420 | 6.20 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows Wireless Networking: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-58628 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows DWM Core Library: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50437 | 5.50 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows Storage Spaces Direct: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-49168 | 6.20 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50299 | 6.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nMicrosoft Windows Codecs Library: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-57083 | 5.50 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows GDI: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50387 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows User Interface Core: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50454 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Internal Task Bar: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50293 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Ancillary Function Driver for WinSock: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-34346 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-50312 | 4.70 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50462 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-57093 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Redirected Drive Buffering: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50372 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Message Queuing: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50447 | 9.80 | Uitvoeren van willekeurige code | \n| CVE-2026-50505 | 7.50 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Application Model: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50331 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nActive Directory Certificate Services (AD CS): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-54121 | 8.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Spaceport.sys: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50333 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50298 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Devices Human Interface: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50310 | 4.70 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows USB Audio Class driver (usbaudio.sys): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-49794 | 4.60 | Toegang tot gevoelige gegevens | \n| CVE-2026-50453 | 6.10 | Toegang tot gevoelige gegevens | \n| CVE-2026-58528 | 6.80 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows Group Policy: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50391 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Filtering Platform (WFP): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50405 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Hyper-V: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-54129 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-54127 | 7.40 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50485 | 4.50 | Denial-of-Service | \n| CVE-2026-50680 | 8.20 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nActive Directory Federation Services (AD FS): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-54983 | 7.50 | Denial-of-Service | \n| CVE-2026-50695 | 7.50 | Denial-of-Service | \n| CVE-2026-56155 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50304 | 7.50 | Denial-of-Service | \n| CVE-2026-50368 | 7.50 | Denial-of-Service | \n| CVE-2026-50324 | 5.90 | Denial-of-Service | \n| CVE-2026-50355 | 7.50 | Denial-of-Service | \n| CVE-2026-50411 | 7.50 | Denial-of-Service | \n| CVE-2026-50647 | 7.50 | Denial-of-Service | \n| CVE-2026-50684 | 4.80 | Voordoen als andere gebruiker | \n| CVE-2026-58529 | 7.10 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nMicrosoft Windows: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50476 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Projected File System: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50469 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows MIDI Service Module: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50342 | 8.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-56183 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-56187 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nMicrosoft NAT Helper Components (ipnathlp.dll): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-58537 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Wireless Wide Area Network Service: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50450 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50509 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Narrator Braille: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-58635 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows OLE: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50344 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50686 | 8.10 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows WebView: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-56173 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Network File System: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-56194 | 8.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-56648 | 7.50 | Verkrijgen van verhoogde rechten | \n| CVE-2026-56649 | 5.90 | Uitvoeren van willekeurige code | \n| CVE-2026-56650 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Netlogon: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50500 | 7.50 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nMicrosoft Windows Speech: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-49171 | 7.50 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Brokering File System: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-49162 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50305 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50361 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50466 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50458 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Connected User Experiences and Telemetry: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50421 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Bluetooth Port Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-42975 | 8.00 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nRemote Desktop Client: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-54990 | 9.80 | Uitvoeren van willekeurige code | \n| CVE-2026-50330 | 7.50 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50474 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2026-50504 | 6.50 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows File Explorer: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-33842 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-40422 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-41087 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-50473 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-50442 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-50389 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-50456 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-57084 | 5.50 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows Secure Boot: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-49783 | 7.80 | Omzeilen van beveiligingsmaatregel | \n|----------------|------|-------------------------------------|\n\nWindows Graphics Kernel: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50296 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50493 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Active Directory: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-55001 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-54119 | 7.50 | Denial-of-Service | \n| CVE-2026-54115 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50682 | 7.10 | Denial-of-Service | \n|----------------|------|-------------------------------------|\n\nWindows Clipboard Server: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-49183 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50689 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Kernel-Mode Drivers: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50393 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50396 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows FTP Service: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-49172 | 9.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows USB Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50321 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows SMB Server Network Transport Driver (srvnet.sys): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-57089 | 7.50 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows CryptoAPI: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-55144 | 7.10 | Manipulatie van gegevens | \n|----------------|------|-------------------------------------|\n\nWindows DHCP Client: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-49181 | 7.50 | Verkrijgen van verhoogde rechten | \n| CVE-2026-54128 | 8.40 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Operating Systems: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50335 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50317 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows System: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50418 | 5.10 | Omzeilen van beveiligingsmaatregel | \n|----------------|------|-------------------------------------|\n\nWindows Web Proxy Auto-Discovery Protocol (WPAD): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-49800 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50480 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nRPC Runtime: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50346 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Cryptographic Services: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-44806 | 5.30 | Denial-of-Service | \n| CVE-2026-50302 | 4.20 | Omzeilen van beveiligingsmaatregel | \n| CVE-2026-50352 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-50681 | 5.50 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows Client-Side Caching (CSC) Service: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-58637 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Server Backup: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50364 | 7.30 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nSQL Server ODBC driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-42990 | 9.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Installer: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50490 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-58540 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows DWM: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-58541 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Key Guard: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50303 | 5.50 | Omzeilen van beveiligingsmaatregel | \n| CVE-2026-50378 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Event Logging Service: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-34348 | 6.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-50502 | 8.00 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nExtensible Storage Engine (ESENT): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-57088 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Container Isolation FS Filter Driver (unionfs.sys): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50428 | 7.10 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows USB Print Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-55000 | 6.40 | Verkrijgen van verhoogde rechten | \n| CVE-2026-54111 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-54991 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-54996 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-49802 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-49806 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50674 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-58543 | 6.30 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows SMB Server: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50360 | 8.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-56168 | 6.50 | Denial-of-Service | \n|----------------|------|-------------------------------------|\n\nComposite Image File System Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50381 | 5.50 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows Internal System User Profile: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50425 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Clip Service: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50384 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows USB Video Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-49804 | 6.60 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Remote Help Defense: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-55014 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nMicrosoft Printer Drivers: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-49166 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-55004 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Clipboard User Service: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50488 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nMicrosoft XML Core Services: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50359 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Unified Consent System: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50326 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Win32K - GRFX: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-56176 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows PowerShell: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-40400 | 8.00 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Secure Socket Tunneling Protocol (SSTP): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50694 | 8.10 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Sensor Data Service: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50367 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-58619 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Remote Desktop Services: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50369 | 8.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-58626 | 8.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Server Network driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-56188 | 9.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Domain Controller: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50424 | 7.50 | Denial-of-Service | \n|----------------|------|-------------------------------------|\n\nWindows Local Security Authority Subsystem Service (LSASS): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-40378 | 7.50 | Denial-of-Service | \n| CVE-2026-49799 | 6.50 | Denial-of-Service | \n|----------------|------|-------------------------------------|\n\nWindows AppX Deployment Service: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-49803 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Message Queuing Queue Manager: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-54992 | 8.40 | Uitvoeren van willekeurige code | \n| CVE-2026-50439 | 8.10 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nDesktop Window Manager: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50692 | 8.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-58633 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-58634 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nMicrosoft XML: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-57097 | 6.40 | Omzeilen van beveiligingsmaatregel | \n|----------------|------|-------------------------------------|\n\nWindows SMB: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-54997 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-49801 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-50690 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-58531 | 7.50 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Media: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-34349 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-50327 | 7.80 | Uitvoeren van willekeurige code | \n| CVE-2026-50404 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50358 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50336 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50398 | 8.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50414 | 7.50 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50379 | 7.50 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50433 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50394 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-50415 | 5.30 | Toegang tot gevoelige gegevens | \n| CVE-2026-50655 | 7.80 | Uitvoeren van willekeurige code | \n| CVE-2026-50676 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50677 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-58542 | 7.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nMicrosoft Graphics Component: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-58609 | 7.80 | Uitvoeren van willekeurige code | \n| CVE-2026-50483 | 5.50 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows Print Spooler Components: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-58608 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2026-50383 | 6.10 | Toegang tot gevoelige gegevens | \n| CVE-2026-50499 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-57085 | 5.50 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nUniversal Plug and Play (upnp.dll): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-49180 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-50455 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-58547 | 5.50 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Runtime: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50323 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50452 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50348 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50345 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50322 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50340 | 8.50 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50410 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50449 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50460 | 8.10 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50403 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50385 | 8.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50413 | 8.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50457 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50486 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50503 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-54125 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-58527 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows TCP/IP: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-49177 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-54999 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2026-50306 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50307 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Secure Kernel Mode: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-42982 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50392 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Resilient File System (ReFS): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-54109 | 7.80 | Uitvoeren van willekeurige code | \n| CVE-2026-49792 | 7.80 | Uitvoeren van willekeurige code | \n| CVE-2026-49793 | 7.80 | Uitvoeren van willekeurige code | \n| CVE-2026-50318 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50407 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50357 | 7.80 | Uitvoeren van willekeurige code | \n| CVE-2026-50441 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50362 | 7.80 | Uitvoeren van willekeurige code | \n| CVE-2026-50492 | 6.80 | Uitvoeren van willekeurige code | \n| CVE-2026-50501 | 7.80 | Uitvoeren van willekeurige code | \n| CVE-2026-58530 | 7.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Cloud Files Mini Filter Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50401 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-50374 | 6.30 | Verkrijgen van verhoogde rechten | \n| CVE-2026-58536 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-58613 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Quality of Service (QoS) Packet Scheduler: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50431 | 5.50 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows Kernel: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-49167 | 4.70 | Verkrijgen van verhoogde rechten | \n| CVE-2026-49173 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-54132 | 6.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-58614 | 5.50 | Omzeilen van beveiligingsmaatregel | \n| CVE-2026-49795 | 8.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-49798 | 9.30 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50294 | 6.20 | Toegang tot gevoelige gegevens | \n| CVE-2026-49808 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50316 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-50354 | 7.10 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50300 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-50332 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50329 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50419 | 3.30 | Toegang tot gevoelige gegevens | \n| CVE-2026-50377 | 5.50 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50390 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50463 | 7.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-50423 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50397 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50436 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50399 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50475 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-50429 | 8.20 | Toegang tot gevoelige gegevens | \n| CVE-2026-50459 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50477 | 8.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50478 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50484 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50670 | 8.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50673 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50688 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50687 | 8.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-56643 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-56644 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-58532 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-58545 | 5.50 | Omzeilen van beveiligingsmaatregel | \n|----------------|------|-------------------------------------|\n\nWindows GDI+: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-54122 | 8.40 | Uitvoeren van willekeurige code | \n| CVE-2026-49796 | 7.80 | Uitvoeren van willekeurige code | \n| CVE-2026-50380 | 9.60 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Network Policy Server SNMP: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50470 | 7.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-50496 | 7.50 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows Audio Compression Manager (ACM): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50351 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Remote Desktop Protocol: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50497 | 6.50 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nHTTP/2: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-49788 | 7.50 | Denial-of-Service | \n|----------------|------|-------------------------------------|\n\nWindows Universal Disk Format File System Driver (UDFS): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-49790 | 7.30 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50498 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows DirectX: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-49807 | 6.20 | Toegang tot gevoelige gegevens | \n| CVE-2026-50375 | 6.30 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50353 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-50382 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2026-58629 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows File History Service: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-57091 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows BitLocker: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50661 | 6.10 | Omzeilen van beveiligingsmaatregel | \n|----------------|------|-------------------------------------|\n\nWindows Telephony Service: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-50669 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows StateRepository API: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-49170 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows WalletService: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-49176 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\n```\n",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op:\n\nhttps://portal.msrc.microsoft.com/en-us/security-guidance",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"title": "Kwetsbaarheden verholpen in Microsoft Windows",
"tracking": {
"current_release_date": "2026-07-14T18:13:23.389438Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0231",
"initial_release_date": "2026-07-14T18:13:23.389438Z",
"revision_history": [
{
"date": "2026-07-14T18:13:23.389438Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Windows"
}
],
"category": "vendor",
"name": "Microsoft"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-50518",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in the Windows DHCP Server allows unauthorized remote code execution, posing a critical security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50518 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50518.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50518"
},
{
"cve": "CVE-2026-50647",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "description",
"text": "An infinite loop vulnerability in Active Directory Federation Services (AD FS) allows unauthorized attackers to cause a denial of service over a network, impacting service availability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50647 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50647.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50647"
},
{
"cve": "CVE-2026-50655",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in Windows Media allows attackers to execute unauthorized local code by exploiting memory management flaws.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50655 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50655.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50655"
},
{
"cve": "CVE-2026-50661",
"notes": [
{
"category": "description",
"text": "A vulnerability in Windows BitLocker allows an attacker with physical access to bypass its encryption protection mechanism, potentially exposing sensitive data.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50661 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50661.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50661"
},
{
"cve": "CVE-2026-50666",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges remotely over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50666 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50666.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50666"
},
{
"cve": "CVE-2026-50667",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "description",
"text": "A race condition in Windows NTFS caused by improper synchronization of shared resource access enables a local authorized attacker to elevate privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50667 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50667.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50667"
},
{
"cve": "CVE-2026-50668",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in Windows NTFS allows unauthorized attackers to perform physical attacks and elevate privileges, posing significant security risks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50668 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50668.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50668"
},
{
"cve": "CVE-2026-50669",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A race condition vulnerability in the Windows Telephony Service caused by improper synchronization of shared resources enables an authorized local attacker to elevate privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50669 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50669.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50669"
},
{
"cve": "CVE-2026-50670",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "An out-of-bounds read vulnerability in the Windows Kernel allows an authorized local attacker to elevate privileges by exploiting improper memory access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50670 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50670.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50670"
},
{
"cve": "CVE-2026-50672",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows NTFS file system allows an authorized local attacker to elevate privileges by exploiting improper memory handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50672 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50672.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50672"
},
{
"cve": "CVE-2026-50673",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"notes": [
{
"category": "other",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
"title": "CWE-367"
},
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "description",
"text": "A null pointer dereference vulnerability in the Windows Kernel allows an authorized local attacker to elevate privileges by exploiting improper handling of kernel memory references.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50673 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50673.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50673"
},
{
"cve": "CVE-2026-54115",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "description",
"text": "An integer overflow vulnerability in Windows Active Directory allows an authorized local attacker to elevate privileges by exploiting improper input validation.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-54115 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54115.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-54115"
},
{
"cve": "CVE-2026-50684",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "description",
"text": "An authorized attacker can exploit improper input neutralization in Active Directory Federation Services (AD FS) to conduct cross-site scripting and network spoofing attacks, compromising security within affected environments.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50684 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50684.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50684"
},
{
"cve": "CVE-2026-50688",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows Kernel allows an authorized local attacker to elevate privileges by exploiting improper memory management.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50688 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50688.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50688"
},
{
"cve": "CVE-2026-50680",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in Windows Hyper-V allows an authorized local attacker to escalate privileges by exploiting memory corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50680 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50680.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50680"
},
{
"cve": "CVE-2026-50681",
"notes": [
{
"category": "description",
"text": "A vulnerability in Windows Cryptographic Services allows an authorized local attacker to disclose sensitive information, potentially compromising system confidentiality.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50681 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50681.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50681"
},
{
"cve": "CVE-2026-54121",
"notes": [
{
"category": "description",
"text": "An improper authorization vulnerability in Active Directory Certificate Services (AD CS) allows an authorized attacker to escalate privileges across a network, potentially compromising domain-wide security.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-54121 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54121.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-54121"
},
{
"cve": "CVE-2026-50685",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "other",
"text": "Double Free",
"title": "CWE-415"
},
{
"category": "description",
"text": "A double free vulnerability in the Windows DHCP Server allows an authorized attacker to remotely execute code over a network, posing a critical security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50685 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50685.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50685"
},
{
"cve": "CVE-2026-50683",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in the Windows DHCP Server allows an authorized attacker on an adjacent network to escalate privileges, posing a significant security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50683 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50683.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50683"
},
{
"cve": "CVE-2026-50686",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "other",
"text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"title": "CWE-843"
},
{
"category": "description",
"text": "A type confusion vulnerability in Windows Object Linking and Embedding (OLE) allows remote attackers to execute arbitrary code over a network, posing a significant security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50686 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50686.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50686"
},
{
"cve": "CVE-2026-50689",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows Clipboard Server allows an authorized local attacker to elevate privileges by exploiting improper memory handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50689 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50689.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50689"
},
{
"cve": "CVE-2026-54125",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A race condition in Windows Runtime caused by improper synchronization of shared resources allows a local authorized attacker to elevate privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-54125 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54125.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-54125"
},
{
"cve": "CVE-2026-50690",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "other",
"text": "Use of Uninitialized Resource",
"title": "CWE-908"
},
{
"category": "description",
"text": "An uninitialized resource vulnerability in Windows SMB allows an authorized local attacker to disclose sensitive information by exploiting improper resource handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50690 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50690.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50690"
},
{
"cve": "CVE-2026-50692",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in Desktop Window Manager allows an authorized local attacker to elevate privileges by exploiting memory corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50692 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50692.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50692"
},
{
"cve": "CVE-2026-54128",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows DHCP Client allows an attacker to execute unauthorized local code, posing a significant security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-54128 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54128.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-54128"
},
{
"cve": "CVE-2026-54126",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "An out-of-bounds read vulnerability in Windows Remote Desktop Protocol (RDP) allows unauthorized attackers to disclose sensitive information over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-54126 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54126.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-54126"
},
{
"cve": "CVE-2026-56159",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in the Windows DHCP Server allows unauthorized remote code execution, posing a critical security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-56159 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-56159.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-56159"
},
{
"cve": "CVE-2026-50359",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Microsoft XML Core Services allows an authorized local attacker to elevate privileges by exploiting memory management flaws.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50359 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50359.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50359"
},
{
"cve": "CVE-2026-56173",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Windows WebView allows an authorized local attacker to elevate privileges by exploiting improper memory handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-56173 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-56173.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-56173"
},
{
"cve": "CVE-2026-56176",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "An out-of-bounds read vulnerability in the Windows Win32K GRFX component allows an authorized local attacker to elevate privileges by exploiting improper memory access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-56176 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-56176.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-56176"
},
{
"cve": "CVE-2026-56175",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in Windows NTFS allows an authorized local attacker to escalate privileges by exploiting memory corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-56175 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-56175.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-56175"
},
{
"cve": "CVE-2026-56182",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "description",
"text": "An integer overflow vulnerability in the Windows NTFS file system allows an authorized local attacker to escalate privileges by exploiting improper handling of integer values.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-56182 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-56182.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-56182"
},
{
"cve": "CVE-2026-56190",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "other",
"text": "Use of Uninitialized Resource",
"title": "CWE-908"
},
{
"category": "description",
"text": "A vulnerability in Windows Remote Desktop Protocol (RDP) involving an uninitialized resource allows remote attackers to execute arbitrary code over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-56190 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-56190.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-56190"
},
{
"cve": "CVE-2026-56186",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "An out-of-bounds read vulnerability in the Windows Schannel security package allows an authorized attacker to disclose sensitive information over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-56186 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-56186.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-56186"
},
{
"cve": "CVE-2026-56188",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "description",
"text": "A race condition in the Windows Server Network driver caused by improper synchronization of shared resources enables unauthorized remote code execution.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-56188 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-56188.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-56188"
},
{
"cve": "CVE-2026-56189",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in Microsoft Windows Media Foundation allows an attacker to execute unauthorized local code.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-56189 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-56189.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-56189"
},
{
"cve": "CVE-2026-56643",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows Kernel allows an authorized local attacker to elevate privileges by exploiting improper memory management.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-56643 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-56643.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-56643"
},
{
"cve": "CVE-2026-56644",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows Kernel allows an authorized local attacker to elevate privileges by exploiting improper memory management.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-56644 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-56644.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-56644"
},
{
"cve": "CVE-2026-56194",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in the Windows Network File System allows an authorized attacker to remotely elevate privileges over a network, posing a significant security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-56194 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-56194.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-56194"
},
{
"cve": "CVE-2026-56647",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "description",
"text": "An integer overflow vulnerability in the Windows Remote Access Service Infrastructure allows an authorized attacker to remotely elevate privileges, posing a significant security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-56647 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-56647.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-56647"
},
{
"cve": "CVE-2026-56648",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"notes": [
{
"category": "other",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
"title": "CWE-367"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A TOCTOU race condition vulnerability in the Windows Network File System allows an authorized remote attacker to elevate privileges by exploiting timing discrepancies in file system operations.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-56648 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-56648.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-56648"
},
{
"cve": "CVE-2026-56649",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A race condition vulnerability in the Windows Network File System arises from improper synchronization of shared resources, allowing attackers to execute unauthorized remote code.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-56649 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-56649.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-56649"
},
{
"cve": "CVE-2026-57083",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "other",
"text": "Use of Uninitialized Resource",
"title": "CWE-908"
},
{
"category": "description",
"text": "An uninitialized resource vulnerability in the Microsoft Windows Codecs Library allows a local unauthorized attacker to disclose sensitive information.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-57083 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-57083.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-57083"
},
{
"cve": "CVE-2026-57084",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "other",
"text": "Use of Uninitialized Resource",
"title": "CWE-908"
},
{
"category": "description",
"text": "A vulnerability in Windows File Explorer involving an uninitialized resource can enable an unauthorized local attacker to disclose sensitive information.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-57084 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-57084.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-57084"
},
{
"cve": "CVE-2026-56650",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Numeric Truncation Error",
"title": "CWE-197"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in the Windows Network File System allows an authorized local attacker to elevate privileges by exploiting memory corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-56650 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-56650.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-56650"
},
{
"cve": "CVE-2026-57095",
"notes": [
{
"category": "description",
"text": "A vulnerability in the Windows Win32K component allows unauthorized local attackers to elevate privileges by exposing sensitive information, potentially compromising system security.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-57095 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-57095.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-57095"
},
{
"cve": "CVE-2026-54992",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in the Windows Message Queuing Queue Manager allows an unauthorized local attacker to execute arbitrary code.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-54992 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54992.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-54992"
},
{
"cve": "CVE-2026-54109",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "description",
"text": "An integer overflow or wraparound vulnerability in the Windows Resilient File System (ReFS) allows an authorized attacker to execute code locally on affected systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-54109 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54109.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-54109"
},
{
"cve": "CVE-2026-54982",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"notes": [
{
"category": "other",
"text": "Integer Underflow (Wrap or Wraparound)",
"title": "CWE-191"
},
{
"category": "description",
"text": "An integer underflow vulnerability in the Reliable Multicast Transport Driver (RMCAST) allows unauthorized attackers to execute code over an adjacent network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-54982 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54982.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-54982"
},
{
"cve": "CVE-2026-54114",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows Win32K component allows an authorized local attacker to elevate privileges on the affected system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-54114 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54114.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-54114"
},
{
"cve": "CVE-2026-54119",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "description",
"text": "An infinite loop vulnerability in Windows Active Directory allows unauthorized attackers to cause a denial of service over a network by exploiting an unreachable exit condition.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-54119 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54119.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-54119"
},
{
"cve": "CVE-2026-54997",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "other",
"text": "Use of Uninitialized Resource",
"title": "CWE-908"
},
{
"category": "description",
"text": "A use of uninitialized resource vulnerability in Windows SMB allows an authorized local attacker to disclose sensitive information.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-54997 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54997.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-54997"
},
{
"cve": "CVE-2026-54999",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "description",
"text": "A race condition in Windows TCP/IP due to improper synchronization of shared resources allows unauthorized attackers to execute code over an adjacent network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-54999 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54999.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-54999"
},
{
"cve": "CVE-2026-55003",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "other",
"text": "Use of Uninitialized Resource",
"title": "CWE-908"
},
{
"category": "description",
"text": "A use of uninitialized resource vulnerability in Windows Remote Desktop Protocol (RDP) allows unauthorized attackers to disclose sensitive information over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-55003 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-55003.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-55003"
},
{
"cve": "CVE-2026-54995",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Reliable Multicast Transport Driver (RMCAST) allows unauthorized remote code execution, posing a critical security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-54995 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54995.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-54995"
},
{
"cve": "CVE-2026-54122",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in Windows GDI+ enables unauthorized local attackers to execute arbitrary code.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-54122 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54122.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-54122"
},
{
"cve": "CVE-2026-56155",
"cwe": {
"id": "CWE-1220",
"name": "Insufficient Granularity of Access Control"
},
"notes": [
{
"category": "other",
"text": "Insufficient Granularity of Access Control",
"title": "CWE-1220"
},
{
"category": "description",
"text": "Insufficient granularity of access control in Active Directory Federation Services (AD FS) allows an authorized attacker to locally elevate privileges within the system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-56155 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-56155.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-56155"
},
{
"cve": "CVE-2026-50694",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows Secure Socket Tunneling Protocol (SSTP) allows unauthorized remote code execution over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50694 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50694.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50694"
},
{
"cve": "CVE-2026-57097",
"cwe": {
"id": "CWE-426",
"name": "Untrusted Search Path"
},
"notes": [
{
"category": "other",
"text": "Untrusted Search Path",
"title": "CWE-426"
},
{
"category": "description",
"text": "An untrusted search path vulnerability in Microsoft XML allows an unauthorized attacker to bypass security features via a physical attack.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-57097 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-57097.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-57097"
},
{
"cve": "CVE-2026-57976",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "description",
"text": "A null pointer dereference vulnerability in Active Directory Domain Services allows an authorized attacker to cause a denial of service over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-57976 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-57976.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-57976"
},
{
"cve": "CVE-2026-57979",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "An out-of-bounds read vulnerability in Windows Remote Desktop Protocol (RDP) enables unauthorized attackers to disclose sensitive information over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-57979 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-57979.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-57979"
},
{
"cve": "CVE-2026-58526",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Windows Storage allows an authorized local attacker to elevate privileges by exploiting improper memory handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-58526 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-58526.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-58526"
},
{
"cve": "CVE-2026-58601",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in the Virtual Hard Disk (VHD) Miniport Driver enables an authorized local attacker to elevate privileges on the affected system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-58601 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-58601.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-58601"
},
{
"cve": "CVE-2026-58608",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A race condition in Windows Print Spooler components allows authorized attackers to execute code remotely by exploiting improper synchronization during concurrent access to shared resources.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-58608 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-58608.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-58608"
},
{
"cve": "CVE-2026-58609",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "An out-of-bounds read vulnerability in the Microsoft Graphics Component enables unauthorized local code execution by attackers.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-58609 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-58609.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-58609"
},
{
"cve": "CVE-2026-58610",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in Microsoft Windows Media Foundation enables unauthorized local code execution by an attacker.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-58610 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-58610.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-58610"
},
{
"cve": "CVE-2026-58614",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "An out-of-bounds read vulnerability in the Windows Kernel allows an authorized local attacker to bypass a security feature.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-58614 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-58614.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-58614"
},
{
"cve": "CVE-2026-58635",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
},
{
"category": "description",
"text": "Improper neutralization of special elements in Windows Narrator Braille commands enables an authorized attacker to locally elevate privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-58635 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-58635.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-58635"
},
{
"cve": "CVE-2026-58640",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in Windows NTFS allows an authorized local attacker to execute arbitrary code on the affected system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-58640 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-58640.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-58640"
},
{
"cve": "CVE-2026-33842",
"notes": [
{
"category": "description",
"text": "A vulnerability in Windows File Explorer allows an authorized local attacker to expose sensitive information, potentially leading to unauthorized data disclosure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-33842 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-33842.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-33842"
},
{
"cve": "CVE-2026-34328",
"notes": [
{
"category": "description",
"text": "An exposure of sensitive information vulnerability in the Windows Audio Service allows an authorized local attacker to disclose information.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-34328 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34328.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-34328"
},
{
"cve": "CVE-2026-40422",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "other",
"text": "Use of Uninitialized Resource",
"title": "CWE-908"
},
{
"category": "description",
"text": "An uninitialized resource vulnerability in Windows File Explorer permits an authorized local attacker to disclose sensitive information.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-40422 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40422.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-40422"
},
{
"cve": "CVE-2026-41087",
"notes": [
{
"category": "description",
"text": "A vulnerability in Windows File Explorer allows an authorized local attacker to expose sensitive information, potentially leading to unauthorized data disclosure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-41087 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-41087.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-41087"
},
{
"cve": "CVE-2026-40400",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"notes": [
{
"category": "other",
"text": "Relative Path Traversal",
"title": "CWE-23"
},
{
"category": "description",
"text": "A relative path traversal vulnerability in Windows PowerShell enables an authorized attacker to execute arbitrary code remotely over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-40400 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40400.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-40400"
},
{
"cve": "CVE-2026-34348",
"notes": [
{
"category": "description",
"text": "A protection mechanism failure in the Windows Event Logging Service enables an authorized attacker to disclose information over a network, potentially exposing sensitive data.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-34348 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34348.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-34348"
},
{
"cve": "CVE-2026-44806",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "other",
"text": "Missing Release of Memory after Effective Lifetime",
"title": "CWE-401"
},
{
"category": "description",
"text": "A memory release vulnerability in Windows Cryptographic Services after its effective lifetime allows unauthorized attackers to cause a network denial of service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-44806 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-44806.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-44806"
},
{
"cve": "CVE-2026-40378",
"cwe": {
"id": "CWE-789",
"name": "Memory Allocation with Excessive Size Value"
},
"notes": [
{
"category": "other",
"text": "Memory Allocation with Excessive Size Value",
"title": "CWE-789"
},
{
"category": "description",
"text": "A memory allocation vulnerability in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to cause a denial of service over a network by specifying an excessive size value.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-40378 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40378.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-40378"
},
{
"cve": "CVE-2026-48564",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in the Windows DHCP Server allows an authorized attacker to execute arbitrary code remotely over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-48564 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-48564.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-48564"
},
{
"cve": "CVE-2026-49178",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in Active Directory Domain Services enables an authorized attacker to execute arbitrary code remotely over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-49178 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-49178.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-49178"
},
{
"cve": "CVE-2026-49180",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"title": "CWE-59"
},
{
"category": "description",
"text": "An improper link resolution vulnerability in Universal Plug and Play (upnp.dll) allows an authorized local attacker to disclose sensitive information.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-49180 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-49180.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-49180"
},
{
"cve": "CVE-2026-49181",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"notes": [
{
"category": "other",
"text": "Integer Underflow (Wrap or Wraparound)",
"title": "CWE-191"
},
{
"category": "description",
"text": "An integer underflow vulnerability in the Windows DHCP Client allows unauthorized attackers to elevate privileges remotely over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-49181 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-49181.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-49181"
},
{
"cve": "CVE-2026-49184",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in Windows NTFS allows an unauthorized local attacker to execute arbitrary code on the affected system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-49184 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-49184.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-49184"
},
{
"cve": "CVE-2026-49183",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A race condition in the Windows Clipboard Server due to improper synchronization of shared resources allows an authorized local attacker to elevate privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-49183 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-49183.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-49183"
},
{
"cve": "CVE-2026-49783",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"notes": [
{
"category": "other",
"text": "Improperly Implemented Security Check for Standard",
"title": "CWE-358"
},
{
"category": "description",
"text": "A security flaw in Windows Secure Boot\u0027s implementation allows an authorized local attacker to bypass a critical security feature, potentially compromising system integrity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-49783 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-49783.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-49783"
},
{
"cve": "CVE-2026-49787",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "A vulnerability in Windows HTTP.sys allows unauthorized attackers to cause denial of service by allocating resources without limits or throttling over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-49787 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-49787.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-49787"
},
{
"cve": "CVE-2026-49788",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "HTTP/2\u0027s lack of resource allocation limits or throttling enables unauthorized attackers to perform denial-of-service attacks over a network by exhausting available resources.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-49788 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-49788.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-49788"
},
{
"cve": "CVE-2026-49789",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "description",
"text": "A stack-based buffer overflow vulnerability in Windows NTFS allows an authorized local attacker to elevate privileges by exploiting the flaw.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-49789 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-49789.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-49789"
},
{
"cve": "CVE-2026-49790",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Integer Underflow (Wrap or Wraparound)",
"title": "CWE-191"
},
{
"category": "description",
"text": "The Windows Universal Disk Format File System Driver (UDFS) contains an elevation of privilege vulnerability that could enable attackers to gain higher system privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-49790 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-49790.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-49790"
},
{
"cve": "CVE-2026-49791",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"title": "CWE-59"
},
{
"category": "description",
"text": "An improper link resolution vulnerability in Windows Routing and Remote Access Service (RRAS) enables an authorized local attacker to elevate privileges by exploiting link following before file access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-49791 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-49791.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-49791"
},
{
"cve": "CVE-2026-49792",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"notes": [
{
"category": "other",
"text": "Numeric Truncation Error",
"title": "CWE-197"
},
{
"category": "description",
"text": "A numeric truncation error in the Windows Resilient File System (ReFS) enables an authorized attacker to execute code locally, posing a significant security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-49792 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-49792.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-49792"
},
{
"cve": "CVE-2026-49793",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in the Windows Resilient File System (ReFS) allows an authorized attacker to execute code locally on affected systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-49793 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-49793.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-49793"
},
{
"cve": "CVE-2026-49794",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "An out-of-bounds read vulnerability in the Windows USB Audio Class driver (usbaudio.sys) allows unauthorized attackers to disclose information via a physical attack.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-49794 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-49794.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-49794"
},
{
"cve": "CVE-2026-49796",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in the Windows Graphics Device Interface (GDI) enables unauthorized local attackers to execute arbitrary code.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-49796 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-49796.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-49796"
},
{
"cve": "CVE-2026-49795",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows Kernel allows an authorized local attacker to elevate privileges by exploiting improper memory management.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-49795 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-49795.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-49795"
},
{
"cve": "CVE-2026-49797",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in Windows NTFS allows an unauthorized local attacker to execute arbitrary code on the affected system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-49797 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-49797.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-49797"
},
{
"cve": "CVE-2026-49798",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows Kernel allows unauthorized local privilege escalation, potentially enabling attackers to gain elevated system privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-49798 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-49798.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-49798"
},
{
"cve": "CVE-2026-50299",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "description",
"text": "An integer overflow vulnerability in Windows Storage Spaces Direct allows unauthorized attackers to execute code via physical access, posing a significant security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50299 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50299.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50299"
},
{
"cve": "CVE-2026-49800",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "description",
"text": "An integer overflow vulnerability in the Windows Web Proxy Auto-Discovery Protocol (WPAD) enables an authorized local attacker to elevate privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-49800 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-49800.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-49800"
},
{
"cve": "CVE-2026-49799",
"notes": [
{
"category": "description",
"text": "An uncontrolled resource consumption vulnerability in Windows LSASS allows an authorized attacker to cause a denial of service over a network, impacting system availability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-49799 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-49799.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-49799"
},
{
"cve": "CVE-2026-50308",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Integer Underflow (Wrap or Wraparound)",
"title": "CWE-191"
},
{
"category": "description",
"text": "An integer underflow vulnerability in the Windows NTFS file system allows unauthorized local code execution, posing a significant security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50308 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50308.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50308"
},
{
"cve": "CVE-2026-50311",
"notes": [
{
"category": "description",
"text": "Improper access control in Windows Server allows an authorized local attacker to elevate their privileges, potentially compromising system integrity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50311 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50311.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50311"
},
{
"cve": "CVE-2026-49804",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in the Windows USB Video Driver allows an attacker with physical access to escalate privileges on the affected system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-49804 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-49804.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-49804"
},
{
"cve": "CVE-2026-50294",
"cwe": {
"id": "CWE-497",
"name": "Exposure of Sensitive System Information to an Unauthorized Control Sphere"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"title": "CWE-497"
},
{
"category": "description",
"text": "A vulnerability in the Windows Kernel allows unauthorized local attackers to expose sensitive system information, potentially compromising system confidentiality.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50294 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50294.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50294"
},
{
"cve": "CVE-2026-50333",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "other",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
},
{
"category": "description",
"text": "A local privilege escalation vulnerability exists in Windows Spaceport.sys due to missing authentication, allowing authorized attackers to elevate privileges on affected systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50333 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50333.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50333"
},
{
"cve": "CVE-2026-49801",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "other",
"text": "Use of Uninitialized Resource",
"title": "CWE-908"
},
{
"category": "description",
"text": "An uninitialized resource vulnerability in Windows SMB allows an authorized local attacker to disclose sensitive information by exploiting improper resource handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-49801 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-49801.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-49801"
},
{
"cve": "CVE-2026-49805",
"notes": [
{
"category": "description",
"text": "An improper access control vulnerability in the Windows Win32K component allows authorized local attackers to elevate their privileges, potentially compromising system security.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-49805 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-49805.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-49805"
},
{
"cve": "CVE-2026-49803",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "description",
"text": "A race condition in the Windows AppX Deployment Service caused by improper synchronization of shared resources enables a local authorized attacker to elevate privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-49803 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-49803.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-49803"
},
{
"cve": "CVE-2026-50318",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "description",
"text": "A stack-based buffer overflow vulnerability in the Windows Resilient File System (ReFS) allows an authorized local attacker to escalate privileges by exploiting memory corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50318 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50318.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50318"
},
{
"cve": "CVE-2026-50351",
"notes": [
{
"category": "description",
"text": "An improper access control vulnerability in Windows Audio Compression Manager (ACM) allows a locally authorized attacker to elevate privileges on the affected system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50351 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50351.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50351"
},
{
"cve": "CVE-2026-49807",
"notes": [
{
"category": "description",
"text": "A vulnerability in Microsoft Windows DirectX enables unauthorized local attackers to access sensitive information, potentially compromising system confidentiality.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-49807 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-49807.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-49807"
},
{
"cve": "CVE-2026-50298",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "description",
"text": "An integer overflow vulnerability in Windows Spaceport.sys allows unauthorized attackers to perform physical attacks and elevate privileges on affected systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50298 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50298.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50298"
},
{
"cve": "CVE-2026-50354",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows Kernel allows an authorized local attacker to elevate privileges by exploiting improper memory management.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50354 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50354.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50354"
},
{
"cve": "CVE-2026-50296",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Graphics Kernel allows an authorized local attacker to escalate privileges by exploiting memory management flaws.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50296 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50296.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50296"
},
{
"cve": "CVE-2026-50297",
"notes": [
{
"category": "description",
"text": "An improper access control vulnerability in the Windows Win32K component allows authorized local attackers to elevate their privileges, potentially compromising system security.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50297 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50297.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50297"
},
{
"cve": "CVE-2026-50325",
"notes": [
{
"category": "description",
"text": "An improper access control vulnerability in the Windows Win32K component allows authorized local attackers to elevate their privileges, potentially compromising system security.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50325 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50325.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50325"
},
{
"cve": "CVE-2026-50356",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "description",
"text": "A race condition in Microsoft Windows App Store\u0027s shared resource management allows a local attacker with authorization to elevate privileges due to improper synchronization.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50356 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50356.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50356"
},
{
"cve": "CVE-2026-50384",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A race condition in the Windows Clip Service caused by improper synchronization of shared resources enables an authorized local attacker to elevate privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50384 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50384.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50384"
},
{
"cve": "CVE-2026-50300",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "other",
"text": "Integer Underflow (Wrap or Wraparound)",
"title": "CWE-191"
},
{
"category": "description",
"text": "An integer underflow vulnerability in the Windows Kernel allows an authorized local attacker to disclose sensitive information, potentially compromising system confidentiality.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50300 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50300.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50300"
},
{
"cve": "CVE-2026-50303",
"cwe": {
"id": "CWE-1240",
"name": "Use of a Cryptographic Primitive with a Risky Implementation"
},
"notes": [
{
"category": "other",
"text": "Use of a Cryptographic Primitive with a Risky Implementation",
"title": "CWE-1240"
},
{
"category": "description",
"text": "A cryptographic primitive in Windows Key Guard is implemented insecurely, allowing an authorized local attacker to bypass a security feature.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50303 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50303.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50303"
},
{
"cve": "CVE-2026-50332",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Numeric Truncation Error",
"title": "CWE-197"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in the Windows Kernel allows an authorized local attacker to escalate privileges by exploiting memory corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50332 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50332.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50332"
},
{
"cve": "CVE-2026-50372",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Buffer Over-read",
"title": "CWE-126"
},
{
"category": "description",
"text": "A buffer over-read vulnerability in Windows Redirected Drive Buffering allows an authorized local attacker to elevate privileges by exploiting improper memory handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50372 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50372.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50372"
},
{
"cve": "CVE-2026-50329",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows Kernel allows an authorized local attacker to elevate privileges by exploiting improper memory management.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50329 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50329.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50329"
},
{
"cve": "CVE-2026-50363",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in Windows Push Notifications allows an authorized local attacker to elevate privileges by exploiting memory corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50363 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50363.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50363"
},
{
"cve": "CVE-2026-50304",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "description",
"text": "A stack-based buffer overflow vulnerability in Active Directory Federation Services allows an unauthorized attacker to cause a denial of service over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50304 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50304.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50304"
},
{
"cve": "CVE-2026-50328",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"notes": [
{
"category": "other",
"text": "Uncaught Exception",
"title": "CWE-248"
},
{
"category": "description",
"text": "An uncaught exception vulnerability in Windows Server Update Service allows unauthorized attackers to perform tampering over a network, potentially compromising system integrity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50328 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50328.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50328"
},
{
"cve": "CVE-2026-50306",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows TCP/IP stack allows an authorized attacker to escalate privileges locally by exploiting memory management flaws.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50306 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50306.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50306"
},
{
"cve": "CVE-2026-50412",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "description",
"text": "A stack-based buffer overflow vulnerability in Windows NTFS allows an authorized local attacker to escalate privileges by exploiting improper handling of input data.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50412 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50412.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50412"
},
{
"cve": "CVE-2026-50337",
"cwe": {
"id": "CWE-704",
"name": "Incorrect Type Conversion or Cast"
},
"notes": [
{
"category": "other",
"text": "Incorrect Type Conversion or Cast",
"title": "CWE-704"
},
{
"category": "description",
"text": "A vulnerability in Windows Notification involving incorrect type conversion or casting allows an authorized local attacker to elevate privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50337 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50337.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50337"
},
{
"cve": "CVE-2026-50386",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in Windows NTFS allows an attacker to execute unauthorized local code by exploiting memory management flaws.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50386 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50386.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50386"
},
{
"cve": "CVE-2026-50400",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "description",
"text": "A stack-based buffer overflow vulnerability in Windows App Installer allows an authorized local attacker to elevate privileges by exploiting improper memory handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50400 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50400.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50400"
},
{
"cve": "CVE-2026-50309",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in Windows NTFS allows an authorized attacker to execute code locally by exploiting memory corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50309 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50309.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50309"
},
{
"cve": "CVE-2026-50419",
"notes": [
{
"category": "description",
"text": "An exposure vulnerability in the Windows Kernel allows an authorized local attacker to disclose sensitive information, potentially compromising system confidentiality.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50419 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50419.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50419"
},
{
"cve": "CVE-2026-50368",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "description",
"text": "A stack-based buffer overflow vulnerability in Active Directory Federation Services allows an unauthorized attacker to cause a denial of service over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50368 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50368.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50368"
},
{
"cve": "CVE-2026-50307",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows TCP/IP stack allows an authorized attacker to escalate privileges locally by exploiting memory management flaws.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50307 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50307.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50307"
},
{
"cve": "CVE-2026-50313",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in Windows NTFS allows an attacker to execute unauthorized local code by exploiting memory management flaws.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50313 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50313.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50313"
},
{
"cve": "CVE-2026-50380",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in Windows GDI+ allows remote attackers to execute arbitrary code over a network, posing a significant security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50380 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50380.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50380"
},
{
"cve": "CVE-2026-50341",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "other",
"text": "Buffer Over-read",
"title": "CWE-126"
},
{
"category": "description",
"text": "A buffer over-read vulnerability in the Windows NTFS file system allows an authorized local attacker to disclose sensitive information by reading beyond allocated memory bounds.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50341 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50341.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50341"
},
{
"cve": "CVE-2026-50407",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in the Windows Resilient File System (ReFS) allows an authorized local attacker to escalate privileges by exploiting memory corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50407 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50407.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50407"
},
{
"cve": "CVE-2026-50331",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows Application Model allows an authorized local attacker to elevate privileges by exploiting improper memory handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50331 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50331.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50331"
},
{
"cve": "CVE-2026-50343",
"notes": [
{
"category": "description",
"text": "An improper privilege management vulnerability in Microsoft Install Service allows an authorized local attacker to elevate their privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50343 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50343.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50343"
},
{
"cve": "CVE-2026-50370",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in the Windows DHCP Server allows unauthorized remote code execution on adjacent networks, posing a significant security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50370 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50370.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50370"
},
{
"cve": "CVE-2026-50347",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in the Windows Data DLL allows an attacker to execute unauthorized local code by exploiting memory corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50347 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50347.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50347"
},
{
"cve": "CVE-2026-50321",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A race condition in the Windows USB Driver caused by improper synchronization of shared resources allows a local authorized attacker to elevate privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50321 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50321.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50321"
},
{
"cve": "CVE-2026-50339",
"notes": [
{
"category": "description",
"text": "A vulnerability in Windows Push Notifications allows an authorized local attacker to disclose sensitive information by exposing data to unauthorized actors.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50339 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50339.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50339"
},
{
"cve": "CVE-2026-50430",
"notes": [
{
"category": "description",
"text": "A vulnerability in Windows Push Notifications allows an authorized local attacker to disclose sensitive information by exposing data to unauthorized actors.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50430 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50430.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50430"
},
{
"cve": "CVE-2026-50310",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "description",
"text": "An integer overflow vulnerability in Windows Devices Human Interface allows an authorized local attacker to disclose sensitive information by exploiting improper handling of integer operations.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50310 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50310.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50310"
},
{
"cve": "CVE-2026-50324",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "description",
"text": "An infinite loop vulnerability in Active Directory Federation Services (AD FS) allows unauthorized attackers to cause a denial of service over a network, impacting service availability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50324 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50324.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50324"
},
{
"cve": "CVE-2026-50312",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows Ancillary Function Driver for WinSock allows an authorized local attacker to elevate privileges on affected systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50312 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50312.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50312"
},
{
"cve": "CVE-2026-50330",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in the Remote Desktop Client allows unauthorized remote attackers to elevate privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50330 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50330.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50330"
},
{
"cve": "CVE-2026-50357",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"notes": [
{
"category": "other",
"text": "Numeric Truncation Error",
"title": "CWE-197"
},
{
"category": "description",
"text": "A numeric truncation error in the Windows Resilient File System (ReFS) allows an authorized attacker to execute code locally, posing a significant security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50357 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50357.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50357"
},
{
"cve": "CVE-2026-50377",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "An out-of-bounds read vulnerability in the Windows Kernel allows an authorized local attacker to elevate privileges by exploiting improper memory access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50377 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50377.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50377"
},
{
"cve": "CVE-2026-50390",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "other",
"text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"title": "CWE-843"
},
{
"category": "description",
"text": "A type confusion vulnerability in the Windows Kernel allows an authorized local attacker to elevate privileges by exploiting improper type handling within the kernel.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50390 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50390.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50390"
},
{
"cve": "CVE-2026-50452",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A race condition vulnerability in Windows Runtime\u0027s concurrent execution of shared resources can be exploited remotely to elevate privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50452 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50452.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50452"
},
{
"cve": "CVE-2026-50348",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A race condition vulnerability in Windows Runtime\u0027s concurrent execution of shared resources can be exploited remotely to elevate privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50348 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50348.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50348"
},
{
"cve": "CVE-2026-50335",
"notes": [
{
"category": "description",
"text": "Improper access control vulnerabilities in Windows Operating Systems allow authorized local users to elevate their privileges, potentially compromising system integrity and security.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50335 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50335.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50335"
},
{
"cve": "CVE-2026-50375",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in Windows DirectX allows an authorized local attacker to escalate privileges by exploiting memory corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50375 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50375.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50375"
},
{
"cve": "CVE-2026-50366",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "description",
"text": "A null pointer dereference vulnerability in Active Directory Domain Services allows an authorized attacker to cause a denial of service over a network, impacting system availability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50366 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50366.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50366"
},
{
"cve": "CVE-2026-50358",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Windows Media allows an authorized local attacker to elevate privileges by exploiting improper memory handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50358 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50358.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50358"
},
{
"cve": "CVE-2026-50355",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "description",
"text": "A stack-based buffer overflow vulnerability in Active Directory Federation Services allows an unauthorized attacker to cause a denial of service over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50355 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50355.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50355"
},
{
"cve": "CVE-2026-50373",
"notes": [
{
"category": "description",
"text": "An authorized local attacker can exploit improper access control in the Microsoft Windows Search Component to elevate privileges on the affected system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50373 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50373.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50373"
},
{
"cve": "CVE-2026-50388",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "other",
"text": "Integer Underflow (Wrap or Wraparound)",
"title": "CWE-191"
},
{
"category": "description",
"text": "An out-of-bounds read vulnerability in the Windows NTFS file system allows a local attacker to execute unauthorized code by exploiting improper memory access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50388 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50388.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50388"
},
{
"cve": "CVE-2026-50410",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Windows Runtime allows an authorized local attacker to elevate privileges by exploiting improper memory handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50410 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50410.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50410"
},
{
"cve": "CVE-2026-50449",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Windows Runtime allows an authorized local attacker to elevate privileges by exploiting improper memory handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50449 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50449.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50449"
},
{
"cve": "CVE-2026-50371",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A race condition in Windows LUAFV caused by improper synchronization of shared resources enables an authorized local attacker to elevate privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50371 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50371.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50371"
},
{
"cve": "CVE-2026-50463",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "An out-of-bounds read vulnerability in the Windows Kernel allows remote attackers to disclose sensitive information over a network, posing a significant security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50463 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50463.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50463"
},
{
"cve": "CVE-2026-50460",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A race condition vulnerability in Windows Runtime\u0027s concurrent execution of shared resources can be exploited remotely to elevate privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50460 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50460.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50460"
},
{
"cve": "CVE-2026-50433",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Windows Media allows an authorized local attacker to elevate privileges by exploiting improper memory handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50433 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50433.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50433"
},
{
"cve": "CVE-2026-50391",
"notes": [
{
"category": "description",
"text": "Improper privilege management in Windows Group Policy allows an authorized attacker to escalate privileges locally, potentially compromising system security.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50391 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50391.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50391"
},
{
"cve": "CVE-2026-50378",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "description",
"text": "A race condition in Windows Key Guard caused by improper synchronization of shared resources allows a local authorized attacker to elevate privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50378 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50378.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50378"
},
{
"cve": "CVE-2026-50401",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "An out-of-bounds read vulnerability in the Windows Cloud Files Mini Filter Driver allows an authorized local attacker to disclose sensitive information by reading memory outside the intended buffer boundaries.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50401 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50401.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50401"
},
{
"cve": "CVE-2026-50346",
"notes": [
{
"category": "description",
"text": "An authorized attacker can exploit improper authorization in RPC Runtime to locally elevate privileges, potentially gaining higher-level access on the affected system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50346 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50346.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50346"
},
{
"cve": "CVE-2026-50376",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "other",
"text": "Use of Uninitialized Resource",
"title": "CWE-908"
},
{
"category": "description",
"text": "A vulnerability in Windows Remote Desktop Protocol (RDP) involving the use of an uninitialized resource can allow unauthorized attackers to disclose sensitive information over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50376 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50376.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50376"
},
{
"cve": "CVE-2026-50397",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows Kernel allows an authorized local attacker to elevate privileges by exploiting improper memory management.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50397 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50397.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50397"
},
{
"cve": "CVE-2026-50405",
"cwe": {
"id": "CWE-1220",
"name": "Insufficient Granularity of Access Control"
},
"notes": [
{
"category": "other",
"text": "Insufficient Granularity of Access Control",
"title": "CWE-1220"
},
{
"category": "description",
"text": "A vulnerability in the Windows Filtering Platform (WFP) caused by insufficient access control granularity allows an authorized local attacker to escalate privileges on affected Windows systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50405 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50405.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50405"
},
{
"cve": "CVE-2026-50448",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in Windows NTFS allows an attacker to execute unauthorized local code by exploiting memory management flaws.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50448 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50448.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50448"
},
{
"cve": "CVE-2026-50387",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "description",
"text": "A stack-based buffer overflow vulnerability in the Windows Graphics Device Interface (GDI) allows an authorized local attacker to escalate privileges by exploiting memory corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50387 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50387.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50387"
},
{
"cve": "CVE-2026-50334",
"notes": [
{
"category": "description",
"text": "A vulnerability in Windows Notification allows an authorized local attacker to expose sensitive information to unauthorized users, posing a significant security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50334 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50334.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50334"
},
{
"cve": "CVE-2026-50445",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "other",
"text": "Buffer Over-read",
"title": "CWE-126"
},
{
"category": "description",
"text": "A buffer over-read vulnerability in Windows Remote Desktop Protocol (RDP) allows unauthorized attackers to disclose sensitive information over a network, potentially compromising system confidentiality.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50445 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50445.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50445"
},
{
"cve": "CVE-2026-50344",
"notes": [
{
"category": "description",
"text": "An authorized attacker can exploit improper authorization in Windows Object Linking and Embedding (OLE) to achieve local privilege escalation, potentially compromising system integrity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50344 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50344.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50344"
},
{
"cve": "CVE-2026-50352",
"notes": [
{
"category": "description",
"text": "A vulnerability in Windows Cryptographic Services allows an authorized local attacker to disclose sensitive information, potentially compromising system confidentiality.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50352 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50352.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50352"
},
{
"cve": "CVE-2026-50382",
"cwe": {
"id": "CWE-822",
"name": "Untrusted Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "Untrusted Pointer Dereference",
"title": "CWE-822"
},
{
"category": "description",
"text": "An untrusted pointer dereference vulnerability in Microsoft Windows DirectX allows an authorized attacker to execute code locally, posing a significant security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50382 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50382.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50382"
},
{
"cve": "CVE-2026-50437",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "An out-of-bounds read vulnerability in the Windows Desktop Window Manager (DWM) Core Library allows an authorized local attacker to disclose sensitive information.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50437 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50437.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50437"
},
{
"cve": "CVE-2026-50471",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in Windows NTFS allows an attacker to execute unauthorized local code by exploiting memory management flaws.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50471 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50471.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50471"
},
{
"cve": "CVE-2026-50369",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Windows Remote Desktop Services allows an authorized attacker to remotely elevate privileges by exploiting memory management flaws.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50369 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50369.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50369"
},
{
"cve": "CVE-2026-50469",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"title": "CWE-59"
},
{
"category": "description",
"text": "A local privilege escalation vulnerability exists in Windows Projected File System\u0027s link resolution before file access, allowing authorized attackers to elevate privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50469 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50469.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50469"
},
{
"cve": "CVE-2026-50365",
"notes": [
{
"category": "description",
"text": "An improper authentication vulnerability in the Windows RPC API allows unauthorized attackers on adjacent networks to elevate their privileges, posing a significant security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50365 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50365.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50365"
},
{
"cve": "CVE-2026-50426",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"notes": [
{
"category": "other",
"text": "Relative Path Traversal",
"title": "CWE-23"
},
{
"category": "description",
"text": "A relative path traversal vulnerability in DNS Server allows an authorized attacker to execute code on a neighboring network, posing a significant security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50426 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50426.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50426"
},
{
"cve": "CVE-2026-50427",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Content Delivery Manager allows an authorized local attacker to elevate privileges by exploiting improper memory handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50427 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50427.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50427"
},
{
"cve": "CVE-2026-50422",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "An out-of-bounds read vulnerability in Windows NTFS allows an authorized local attacker to elevate privileges by exploiting improper memory access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50422 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50422.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50422"
},
{
"cve": "CVE-2026-50421",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "other",
"text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"title": "CWE-843"
},
{
"category": "description",
"text": "A type confusion vulnerability in Windows Connected User Experiences and Telemetry enables an authorized local attacker to elevate privileges by exploiting improper type handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50421 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50421.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50421"
},
{
"cve": "CVE-2026-50374",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows Cloud Files Mini Filter Driver allows an authorized attacker with physical access to elevate privileges on affected systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50374 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50374.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50374"
},
{
"cve": "CVE-2026-50367",
"cwe": {
"id": "CWE-822",
"name": "Untrusted Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "Untrusted Pointer Dereference",
"title": "CWE-822"
},
{
"category": "description",
"text": "A vulnerability in the Windows Sensor Data Service involving improper handling of an indexable resource (\u0027range error\u0027) allows an authorized local attacker to elevate privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50367 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50367.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50367"
},
{
"cve": "CVE-2026-50383",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "other",
"text": "Buffer Over-read",
"title": "CWE-126"
},
{
"category": "description",
"text": "A buffer over-read vulnerability in Windows Print Spooler Components allows an authorized local attacker to disclose sensitive information by reading beyond intended memory boundaries.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50383 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50383.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50383"
},
{
"cve": "CVE-2026-50451",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "other",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
},
{
"category": "description",
"text": "A vulnerability in Windows Routing and Remote Access Service (RRAS) allows an authorized local attacker to elevate privileges due to missing authentication controls.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50451 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50451.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50451"
},
{
"cve": "CVE-2026-50455",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "other",
"text": "Use of Uninitialized Resource",
"title": "CWE-908"
},
{
"category": "description",
"text": "An authorized attacker can exploit an uninitialized resource vulnerability in the Universal Plug and Play (upnp.dll) component to locally disclose sensitive information.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50455 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50455.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50455"
},
{
"cve": "CVE-2026-50402",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "other",
"text": "Buffer Over-read",
"title": "CWE-126"
},
{
"category": "other",
"text": "Incorrect Conversion between Numeric Types",
"title": "CWE-681"
},
{
"category": "description",
"text": "An incorrect numeric type conversion vulnerability in Windows NTFS allows authorized local attackers to elevate their privileges by exploiting the flaw in the file system\u0027s handling of numeric data.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50402 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50402.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50402"
},
{
"cve": "CVE-2026-50435",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "other",
"text": "Buffer Over-read",
"title": "CWE-126"
},
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "description",
"text": "A buffer over-read vulnerability in the Windows Overlay Filter allows an authorized local attacker to escalate privileges by exploiting improper memory handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50435 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50435.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50435"
},
{
"cve": "CVE-2026-50409",
"notes": [
{
"category": "description",
"text": "A vulnerability in the Windows Overlay Filter allows an authorized local attacker to expose sensitive information to unauthorized actors, potentially compromising data confidentiality.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50409 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50409.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50409"
},
{
"cve": "CVE-2026-50441",
"cwe": {
"id": "CWE-822",
"name": "Untrusted Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "Untrusted Pointer Dereference",
"title": "CWE-822"
},
{
"category": "description",
"text": "An untrusted pointer dereference vulnerability in the Windows Resilient File System (ReFS) allows an authorized local attacker to elevate privileges on affected systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50441 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50441.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50441"
},
{
"cve": "CVE-2026-50439",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Microsoft Message Queuing Queue Manager allows remote attackers to execute arbitrary code over a network, posing a significant security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50439 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50439.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50439"
},
{
"cve": "CVE-2026-50462",
"cwe": {
"id": "CWE-73",
"name": "External Control of File Name or Path"
},
"notes": [
{
"category": "other",
"text": "External Control of File Name or Path",
"title": "CWE-73"
},
{
"category": "description",
"text": "A vulnerability in the Windows Ancillary Function Driver for WinSock enables an authorized local attacker to elevate privileges by manipulating file names or paths.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50462 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50462.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50462"
},
{
"cve": "CVE-2026-50457",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Windows Runtime allows an authorized local attacker to elevate privileges by exploiting improper memory handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50457 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50457.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50457"
},
{
"cve": "CVE-2026-50473",
"notes": [
{
"category": "description",
"text": "An authorized attacker can exploit a vulnerability in Windows File Explorer to locally disclose sensitive information, potentially compromising user data confidentiality.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50473 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50473.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50473"
},
{
"cve": "CVE-2026-50442",
"notes": [
{
"category": "description",
"text": "An authorized attacker can exploit a vulnerability in Windows File Explorer to locally disclose sensitive information, potentially compromising user data confidentiality.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50442 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50442.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50442"
},
{
"cve": "CVE-2026-50389",
"notes": [
{
"category": "description",
"text": "An authorized attacker can exploit a vulnerability in Windows File Explorer to locally disclose sensitive information, potentially compromising user data confidentiality.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50389 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50389.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50389"
},
{
"cve": "CVE-2026-50456",
"notes": [
{
"category": "description",
"text": "An authorized attacker can exploit a vulnerability in Windows File Explorer to locally disclose sensitive information, potentially compromising user data confidentiality.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50456 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50456.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50456"
},
{
"cve": "CVE-2026-50432",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows Virtual Filtering Platform (VFP) allows an authorized attacker to trigger a network denial of service condition.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50432 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50432.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50432"
},
{
"cve": "CVE-2026-50461",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in Windows NTFS allows an attacker to execute unauthorized local code by exploiting memory management flaws.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50461 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50461.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50461"
},
{
"cve": "CVE-2026-50431",
"notes": [
{
"category": "description",
"text": "A vulnerability in the Windows Quality of Service (QoS) Packet Scheduler can lead to information disclosure, potentially exposing sensitive data within affected systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50431 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50431.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50431"
},
{
"cve": "CVE-2026-50453",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "An out-of-bounds read vulnerability in the Windows USB Audio Class driver (usbaudio.sys) allows unauthorized attackers to disclose sensitive information via a physical attack.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50453 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50453.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50453"
},
{
"cve": "CVE-2026-50417",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in Windows NTFS allows an authorized attacker to execute code locally by exploiting memory corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50417 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50417.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50417"
},
{
"cve": "CVE-2026-50447",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in Windows Message Queuing allows remote attackers to execute arbitrary code over a network, posing a critical security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50447 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50447.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50447"
},
{
"cve": "CVE-2026-50362",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in the Windows Resilient File System (ReFS) allows an attacker to execute unauthorized local code by exploiting memory corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50362 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50362.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50362"
},
{
"cve": "CVE-2026-50474",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Remote Desktop Client allows unauthorized remote code execution over a network, posing significant security risks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50474 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50474.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50474"
},
{
"cve": "CVE-2026-50411",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "description",
"text": "A stack-based buffer overflow vulnerability in Active Directory Federation Services (AD FS) allows an unauthorized attacker to cause a denial of service over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50411 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50411.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50411"
},
{
"cve": "CVE-2026-50444",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "other",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
},
{
"category": "description",
"text": "A vulnerability in Windows Server Update Service allows an authorized attacker to remotely elevate privileges due to missing authentication on a critical function.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50444 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50444.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50444"
},
{
"cve": "CVE-2026-50394",
"notes": [
{
"category": "description",
"text": "A vulnerability in Windows Media enables an authorized local attacker to access sensitive information, potentially exposing it to unauthorized parties.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50394 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50394.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50394"
},
{
"cve": "CVE-2026-50415",
"notes": [
{
"category": "description",
"text": "A vulnerability in Windows Media enables unauthorized attackers to access sensitive information over a network, potentially compromising data confidentiality.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50415 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50415.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50415"
},
{
"cve": "CVE-2026-50475",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "other",
"text": "Buffer Over-read",
"title": "CWE-126"
},
{
"category": "description",
"text": "A buffer over-read vulnerability in the Windows Kernel allows an authorized local attacker to access sensitive information, potentially compromising system confidentiality.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50475 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50475.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50475"
},
{
"cve": "CVE-2026-50476",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Microsoft Windows allows an authorized local attacker to elevate privileges by exploiting improper memory handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50476 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50476.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50476"
},
{
"cve": "CVE-2026-50429",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "An out-of-bounds read vulnerability in the Windows Kernel allows remote attackers to disclose sensitive information over a network, posing a significant security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50429 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50429.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50429"
},
{
"cve": "CVE-2026-50450",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "description",
"text": "A race condition vulnerability in the Windows Wireless Wide Area Network Service allows an authorized local attacker to elevate privileges by exploiting improper synchronization of shared resources.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50450 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50450.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50450"
},
{
"cve": "CVE-2026-50470",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "An out-of-bounds read vulnerability in Windows Network Policy Server SNMP allows unauthorized attackers to disclose sensitive information over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50470 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50470.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50470"
},
{
"cve": "CVE-2026-50477",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in the Windows Kernel allows an authorized local attacker to escalate privileges by exploiting memory corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50477 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50477.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50477"
},
{
"cve": "CVE-2026-50478",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows Kernel allows an authorized local attacker to elevate privileges by exploiting improper memory management.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50478 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50478.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50478"
},
{
"cve": "CVE-2026-50479",
"cwe": {
"id": "CWE-822",
"name": "Untrusted Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "Untrusted Pointer Dereference",
"title": "CWE-822"
},
{
"category": "description",
"text": "An untrusted pointer dereference vulnerability in the Windows USB Hub Driver allows an authorized local attacker to elevate privileges on affected systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50479 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50479.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50479"
},
{
"cve": "CVE-2026-50482",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in Windows NTFS allows an authorized attacker to execute code locally by exploiting memory corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50482 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50482.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50482"
},
{
"cve": "CVE-2026-50495",
"notes": [
{
"category": "description",
"text": "An improper access control vulnerability in Microsoft Windows DNS allows an authorized local attacker to tamper with the system, potentially compromising its integrity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50495 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50495.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50495"
},
{
"cve": "CVE-2026-50484",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in the Windows Kernel allows an authorized local attacker to escalate privileges by exploiting memory corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50484 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50484.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50484"
},
{
"cve": "CVE-2026-50493",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows Graphics Kernel allows an authorized local attacker to elevate privileges by exploiting memory management flaws.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50493 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50493.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50493"
},
{
"cve": "CVE-2026-50502",
"cwe": {
"id": "CWE-1220",
"name": "Insufficient Granularity of Access Control"
},
"notes": [
{
"category": "other",
"text": "Insufficient Granularity of Access Control",
"title": "CWE-1220"
},
{
"category": "description",
"text": "A vulnerability in the Windows Event Logging Service\u0027s access control enables an authorized attacker to remotely execute code over a network, posing a significant security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50502 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50502.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50502"
},
{
"cve": "CVE-2026-50485",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "other",
"text": "Buffer Over-read",
"title": "CWE-126"
},
{
"category": "description",
"text": "A buffer over-read vulnerability in Windows Hyper-V allows an authorized attacker to cause a denial of service on an adjacent network, potentially disrupting network operations.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50485 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50485.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50485"
},
{
"cve": "CVE-2026-50500",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Windows Netlogon allows an authorized attacker to remotely elevate privileges over a network, posing a significant security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50500 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50500.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50500"
},
{
"cve": "CVE-2026-50499",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in Windows Print Spooler Components allows an authorized local attacker to elevate privileges by exploiting memory corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50499 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50499.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50499"
},
{
"cve": "CVE-2026-50489",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in the Windows Win32K component allows an authorized local attacker to escalate privileges by exploiting memory corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50489 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50489.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50489"
},
{
"cve": "CVE-2026-50494",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in Windows NTFS allows an authorized attacker to execute code locally by exploiting memory corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50494 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50494.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50494"
},
{
"cve": "CVE-2026-50490",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Windows Installer allows an authorized local attacker to elevate privileges by exploiting improper memory handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50490 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50490.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50490"
},
{
"cve": "CVE-2026-50498",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "other",
"text": "Integer Underflow (Wrap or Wraparound)",
"title": "CWE-191"
},
{
"category": "description",
"text": "The Windows Universal Disk Format File System Driver (UDFS) contains an elevation of privilege vulnerability that could enable attackers to gain higher system privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50498 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50498.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50498"
},
{
"cve": "CVE-2026-50505",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Windows Message Queuing allows an authorized attacker to remotely execute code over a network, posing a significant security risk to affected systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50505 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50505.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50505"
},
{
"cve": "CVE-2026-50491",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "other",
"text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"title": "CWE-843"
},
{
"category": "description",
"text": "An out-of-bounds read vulnerability in the Code Integrity DLL (ci.dll) allows an authorized local attacker to elevate privileges on affected Windows systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50491 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50491.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50491"
},
{
"cve": "CVE-2026-50492",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in the Windows Resilient File System (ReFS) allows unauthorized attackers to execute arbitrary code via a physical attack vector.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50492 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50492.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50492"
},
{
"cve": "CVE-2026-50497",
"cwe": {
"id": "CWE-193",
"name": "Off-by-one Error"
},
"notes": [
{
"category": "other",
"text": "Off-by-one Error",
"title": "CWE-193"
},
{
"category": "other",
"text": "Use of Uninitialized Resource",
"title": "CWE-908"
},
{
"category": "description",
"text": "An off-by-one error in the Windows Remote Desktop Protocol allows unauthorized attackers to disclose sensitive information over a network, posing a significant security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50497 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50497.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50497"
},
{
"cve": "CVE-2026-50496",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "An out-of-bounds read vulnerability in Windows Network Policy Server SNMP allows unauthorized attackers to disclose sensitive information over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50496 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50496.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50496"
},
{
"cve": "CVE-2026-50504",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "other",
"text": "Buffer Over-read",
"title": "CWE-126"
},
{
"category": "description",
"text": "A buffer over-read vulnerability in the Remote Desktop Client allows unauthorized attackers to disclose sensitive information over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50504 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50504.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50504"
},
{
"cve": "CVE-2026-50509",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "description",
"text": "A deserialization vulnerability in the Windows Wireless Wide Area Network Service allows an authorized local attacker to elevate privileges by processing untrusted data.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50509 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50509.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50509"
},
{
"cve": "CVE-2026-57090",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in Microsoft Windows Media Foundation allows unauthorized remote code execution, posing a critical security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-57090 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-57090.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-57090"
},
{
"cve": "CVE-2026-57094",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in Microsoft Windows Media Foundation allows unauthorized remote code execution, posing a critical security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-57094 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-57094.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-57094"
},
{
"cve": "CVE-2026-57091",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "description",
"text": "A stack-based buffer overflow vulnerability in the Windows File History Service allows an authorized local attacker to escalate privileges by exploiting improper memory handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-57091 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-57091.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-57091"
},
{
"cve": "CVE-2026-57089",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows SMB Server Network Transport Driver (srvnet.sys) allows remote attackers to execute arbitrary code over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-57089 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-57089.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-57089"
},
{
"cve": "CVE-2026-57085",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "An out-of-bounds read vulnerability in Windows Print Spooler components allows an authorized local attacker to disclose sensitive information.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-57085 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-57085.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-57085"
},
{
"cve": "CVE-2026-57092",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows VMSwitch component allows an authorized attacker to remotely elevate privileges over a network, posing a significant security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-57092 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-57092.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-57092"
},
{
"cve": "CVE-2026-57087",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in Microsoft Windows Media Foundation allows unauthorized remote code execution, posing a critical security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-57087 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-57087.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-57087"
},
{
"cve": "CVE-2026-57088",
"notes": [
{
"category": "description",
"text": "An improper access control vulnerability in the Extensible Storage Engine (ESENT) allows an authorized local attacker to elevate their privileges on the affected system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-57088 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-57088.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-57088"
},
{
"cve": "CVE-2026-57093",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows Ancillary Function Driver for WinSock allows an authorized local attacker to elevate privileges on affected systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-57093 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-57093.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-57093"
},
{
"cve": "CVE-2026-57096",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service (RRAS) allows an authorized local attacker to elevate privileges on affected systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-57096 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-57096.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-57096"
},
{
"cve": "CVE-2026-57982",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "other",
"text": "Use of Uninitialized Resource",
"title": "CWE-908"
},
{
"category": "description",
"text": "An uninitialized resource vulnerability in Windows Remote Desktop Protocol (RDP) allows an authorized attacker to disclose sensitive information over a network connection.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-57982 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-57982.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-57982"
},
{
"cve": "CVE-2026-58528",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "An out-of-bounds read vulnerability in the Windows USB Audio Class driver (usbaudio.sys) allows unauthorized attackers to disclose sensitive information via a physical attack.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-58528 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-58528.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-58528"
},
{
"cve": "CVE-2026-58530",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in the Windows Resilient File System (ReFS) allows an attacker to execute unauthorized local code by exploiting memory corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-58530 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-58530.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-58530"
},
{
"cve": "CVE-2026-58538",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in the Windows Bluetooth Service allows an authorized local attacker to elevate privileges, potentially compromising system security.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-58538 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-58538.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-58538"
},
{
"cve": "CVE-2026-58533",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "other",
"text": "Use of Uninitialized Resource",
"title": "CWE-908"
},
{
"category": "description",
"text": "A vulnerability in Windows Remote Desktop Protocol (RDP) involving the use of an uninitialized resource can allow unauthorized attackers to disclose sensitive information over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-58533 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-58533.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-58533"
},
{
"cve": "CVE-2026-58535",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "other",
"text": "Use of Uninitialized Resource",
"title": "CWE-908"
},
{
"category": "description",
"text": "A vulnerability in Windows Remote Desktop Protocol (RDP) involving the use of an uninitialized resource can allow unauthorized attackers to disclose sensitive information over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-58535 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-58535.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-58535"
},
{
"cve": "CVE-2026-58546",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "other",
"text": "Use of Uninitialized Resource",
"title": "CWE-908"
},
{
"category": "description",
"text": "A vulnerability in Windows Remote Desktop Protocol (RDP) involving the use of an uninitialized resource can allow unauthorized attackers to disclose sensitive information over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-58546 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-58546.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-58546"
},
{
"cve": "CVE-2026-58539",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "An out-of-bounds read vulnerability in Windows Remote Desktop Protocol (RDP) allows unauthorized attackers to disclose sensitive information over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-58539 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-58539.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-58539"
},
{
"cve": "CVE-2026-58540",
"notes": [
{
"category": "description",
"text": "An authorized attacker can exploit improper authorization in Windows Installer to locally elevate privileges, potentially gaining higher system access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-58540 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-58540.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-58540"
},
{
"cve": "CVE-2026-58531",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A race condition in Windows SMB caused by improper synchronization of shared resources enables an authorized attacker to elevate privileges over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-58531 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-58531.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-58531"
},
{
"cve": "CVE-2026-58532",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "description",
"text": "An integer overflow vulnerability in the Windows Kernel allows an authorized local attacker to escalate privileges by exploiting improper handling of integer operations.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-58532 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-58532.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-58532"
},
{
"cve": "CVE-2026-58534",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in Microsoft Input Method Editor (IME) allows an authorized local attacker to escalate privileges by exploiting memory corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-58534 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-58534.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-58534"
},
{
"cve": "CVE-2026-58536",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows Cloud Files Mini Filter Driver allows an authorized local attacker to elevate privileges on affected systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-58536 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-58536.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-58536"
},
{
"cve": "CVE-2026-58547",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in the Universal Plug and Play (upnp.dll) component allows an authorized local attacker to escalate privileges on the affected system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-58547 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-58547.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-58547"
},
{
"cve": "CVE-2026-58545",
"notes": [
{
"category": "description",
"text": "An improper access control vulnerability in the Windows Kernel allows an authorized local attacker to bypass a security feature, potentially compromising system integrity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-58545 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-58545.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-58545"
},
{
"cve": "CVE-2026-58541",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "other",
"text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"title": "CWE-843"
},
{
"category": "description",
"text": "A type confusion vulnerability in the Windows Desktop Window Manager (DWM) enables an authorized local attacker to elevate privileges by exploiting improper type handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-58541 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-58541.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-58541"
},
{
"cve": "CVE-2026-58594",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "description",
"text": "An integer overflow vulnerability in Windows Remote Desktop Protocol (RDP) allows unauthorized remote code execution, posing a critical security risk to affected systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-58594 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-58594.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-58594"
},
{
"cve": "CVE-2026-58613",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows Cloud Files Mini Filter Driver allows an authorized local attacker to elevate privileges on affected systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-58613 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-58613.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-58613"
},
{
"cve": "CVE-2026-58619",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows Sensor Data Service allows an authorized local attacker to elevate privileges on affected systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-58619 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-58619.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-58619"
},
{
"cve": "CVE-2026-58627",
"notes": [
{
"category": "description",
"text": "An uncontrolled resource consumption vulnerability in the Windows DHCP Server allows unauthorized attackers to cause a denial of service on affected networks by exhausting server resources.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-58627 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-58627.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-58627"
},
{
"cve": "CVE-2026-58628",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "description",
"text": "A race condition in Windows Wireless Networking caused by improper synchronization of shared resources enables an authorized local attacker to elevate privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-58628 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-58628.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-58628"
},
{
"cve": "CVE-2026-58629",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Windows DirectX allows an authorized local attacker to elevate privileges by exploiting improper memory handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-58629 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-58629.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-58629"
},
{
"cve": "CVE-2026-58632",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows Win32K component allows an authorized local attacker to elevate privileges by exploiting improper memory handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-58632 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-58632.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-58632"
},
{
"cve": "CVE-2026-58637",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows Client-Side Caching (CSC) Service allows an authorized local attacker to elevate privileges on affected systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-58637 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-58637.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-58637"
},
{
"cve": "CVE-2026-58638",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"notes": [
{
"category": "other",
"text": "Missing Cryptographic Step",
"title": "CWE-325"
},
{
"category": "description",
"text": "A missing cryptographic verification step in the Windows Boot Loader allows an authorized local attacker to bypass a security feature, potentially compromising system integrity during the boot process.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-58638 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-58638.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-58638"
},
{
"cve": "CVE-2026-49175",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in Windows DNS allows an authorized local attacker to elevate privileges by exploiting memory corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-49175 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-49175.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-49175"
},
{
"cve": "CVE-2026-55144",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"notes": [
{
"category": "other",
"text": "Missing Cryptographic Step",
"title": "CWE-325"
},
{
"category": "description",
"text": "A missing cryptographic step in Windows CryptoAPI enables an authorized attacker to perform local tampering, compromising the integrity of cryptographic operations.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-55144 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-55144.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-55144"
},
{
"cve": "CVE-2026-54127",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Windows Hyper-V allows an unauthorized local attacker to elevate privileges by exploiting improper memory handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-54127 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54127.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-54127"
},
{
"cve": "CVE-2026-50316",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"notes": [
{
"category": "other",
"text": "Insertion of Sensitive Information into Log File",
"title": "CWE-532"
},
{
"category": "description",
"text": "A vulnerability in the Windows Kernel permits a local authorized attacker to disclose sensitive information by embedding it into a log file, potentially exposing confidential data.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50316 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50316.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50316"
},
{
"cve": "CVE-2026-50381",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "other",
"text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"title": "CWE-843"
},
{
"category": "description",
"text": "A type confusion vulnerability in the Composite Image File System Driver allows an authorized local attacker to disclose sensitive information by exploiting improper type handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50381 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50381.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50381"
},
{
"cve": "CVE-2026-50302",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "description",
"text": "A vulnerability in Windows Cryptographic Services due to improper certificate validation allows remote attackers to bypass security mechanisms, potentially compromising system integrity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50302 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50302.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50302"
},
{
"cve": "CVE-2026-50360",
"cwe": {
"id": "CWE-303",
"name": "Incorrect Implementation of Authentication Algorithm"
},
"notes": [
{
"category": "other",
"text": "Incorrect Implementation of Authentication Algorithm",
"title": "CWE-303"
},
{
"category": "description",
"text": "An incorrect implementation of the authentication algorithm in Windows SMB Server allows an authorized attacker to remotely elevate privileges, posing a significant security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50360 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50360.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50360"
},
{
"cve": "CVE-2026-50434",
"notes": [
{
"category": "description",
"text": "A vulnerability in Windows Push Notifications allows an authorized local attacker to disclose sensitive information by exposing data to unauthorized actors.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50434 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50434.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50434"
},
{
"cve": "CVE-2026-50418",
"notes": [
{
"category": "description",
"text": "An improper access control vulnerability in the Windows operating system allows a local attacker to bypass security mechanisms without authorization, potentially compromising system integrity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50418 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50418.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50418"
},
{
"cve": "CVE-2026-50423",
"notes": [
{
"category": "description",
"text": "An improper access control vulnerability in the Windows Kernel allows a local authorized attacker to elevate privileges, potentially compromising system integrity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50423 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50423.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50423"
},
{
"cve": "CVE-2026-50399",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "An out-of-bounds read vulnerability in the Windows Kernel allows an authorized local attacker to elevate privileges by exploiting improper memory access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50399 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50399.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50399"
},
{
"cve": "CVE-2026-50459",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows Kernel allows unauthorized local attackers to escalate privileges by exploiting memory management flaws.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50459 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50459.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50459"
},
{
"cve": "CVE-2026-50682",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "An out-of-bounds read vulnerability in Windows Active Directory allows an authorized attacker to cause a denial of service over a network, potentially disrupting directory services.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50682 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50682.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50682"
},
{
"cve": "CVE-2026-56168",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "description",
"text": "A null pointer dereference vulnerability in the Windows SMB Server allows an authorized attacker to cause a denial of service over a network, impacting system availability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-56168 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-56168.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-56168"
},
{
"cve": "CVE-2026-56184",
"notes": [
{
"category": "description",
"text": "A vulnerability in the Windows Win32K component allows an authorized local attacker to disclose sensitive information, potentially compromising system confidentiality.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-56184 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-56184.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-56184"
},
{
"cve": "CVE-2026-54124",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "description",
"text": "An integer overflow vulnerability in Windows Terminal allows an attacker to execute unauthorized local code, posing a significant security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-54124 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54124.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-54124"
},
{
"cve": "CVE-2026-58527",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "description",
"text": "A race condition in Windows Runtime caused by improper synchronization of shared resources allows a local authorized attacker to elevate privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-58527 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-58527.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-58527"
},
{
"cve": "CVE-2026-58626",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Windows Remote Desktop Services allows an authorized attacker to remotely execute code over a network, posing a significant security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-58626 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-58626.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-58626"
},
{
"cve": "CVE-2026-50293",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows Internal Task Bar allows an authorized local attacker to elevate privileges on affected systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50293 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50293.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50293"
},
{
"cve": "CVE-2026-50350",
"notes": [
{
"category": "description",
"text": "A vulnerability in the Windows Trusted Runtime Interface Driver permits an authorized local attacker to expose sensitive information to unauthorized parties, posing a significant security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50350 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50350.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50350"
},
{
"cve": "CVE-2026-50364",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"title": "CWE-59"
},
{
"category": "description",
"text": "An improper link resolution vulnerability in Windows Server Backup allows an authorized local attacker to elevate privileges on the affected system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50364 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50364.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50364"
},
{
"cve": "CVE-2026-50326",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows Unified Consent System allows an authorized local attacker to elevate privileges by exploiting improper memory management.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50326 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50326.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50326"
},
{
"cve": "CVE-2026-50425",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows Internal System User Profile allows an authorized attacker to perform local privilege escalation by exploiting memory management flaws.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50425 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50425.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50425"
},
{
"cve": "CVE-2026-50406",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows Backup Engine allows an authorized local attacker to elevate privileges on affected systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50406 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50406.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50406"
},
{
"cve": "CVE-2026-50486",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Windows Runtime allows an authorized local attacker to elevate privileges by exploiting improper memory handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50486 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50486.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50486"
},
{
"cve": "CVE-2026-48572",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A race condition in Windows App Installer involving concurrent execution with improper synchronization allows an authorized local attacker to elevate privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-48572 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-48572.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-48572"
},
{
"cve": "CVE-2026-48571",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows App Installer allows an authorized local attacker to elevate privileges by exploiting improper memory handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-48571 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-48571.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-48571"
},
{
"cve": "CVE-2026-49162",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Microsoft Brokering File System allows an authorized local attacker to elevate privileges on affected systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-49162 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-49162.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-49162"
},
{
"cve": "CVE-2026-49166",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Microsoft Printer Drivers allows an authorized local attacker to elevate privileges on the affected system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-49166 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-49166.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-49166"
},
{
"cve": "CVE-2026-49169",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the DNS Server allows an authorized attacker to remotely execute code over a network, posing significant security risks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-49169 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-49169.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-49169"
},
{
"cve": "CVE-2026-54990",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in the Remote Desktop Client enables unauthorized attackers to execute arbitrary code remotely over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-54990 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54990.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-54990"
},
{
"cve": "CVE-2026-55000",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows USB Print Driver allows an unauthorized attacker with physical access to elevate privileges on the affected system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-55000 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-55000.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-55000"
},
{
"cve": "CVE-2026-54111",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "description",
"text": "A race condition in the Windows USB Print Driver due to improper synchronization of shared resources allows an authorized local attacker to elevate privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-54111 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54111.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-54111"
},
{
"cve": "CVE-2026-54991",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "description",
"text": "A race condition in the Windows USB Print Driver due to improper synchronization of shared resources allows an authorized local attacker to elevate privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-54991 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54991.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-54991"
},
{
"cve": "CVE-2026-54996",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "description",
"text": "A race condition in the Windows USB Print Driver due to improper synchronization of shared resources allows an authorized local attacker to elevate privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-54996 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54996.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-54996"
},
{
"cve": "CVE-2026-58602",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows Kernel Mode Driver allows an authorized local attacker to elevate privileges on affected systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-58602 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-58602.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-58602"
},
{
"cve": "CVE-2026-44800",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A race condition in Windows Push Notifications due to improper synchronization of shared resources allows an authorized local attacker to elevate privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-44800 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-44800.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-44800"
},
{
"cve": "CVE-2026-49802",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A race condition vulnerability in the Windows USB Print Driver\u0027s management of shared resources enables an authorized local attacker to escalate privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-49802 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-49802.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-49802"
},
{
"cve": "CVE-2026-49806",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A race condition vulnerability in the Windows USB Print Driver\u0027s management of shared resources enables an authorized local attacker to escalate privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-49806 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-49806.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-49806"
},
{
"cve": "CVE-2026-50323",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Windows Runtime allows an authorized local attacker to elevate privileges by exploiting improper memory handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50323 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50323.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50323"
},
{
"cve": "CVE-2026-49808",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A race condition in the Windows Kernel due to improper synchronization during concurrent access to shared resources enables an authorized local attacker to elevate privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-49808 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-49808.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-49808"
},
{
"cve": "CVE-2026-50295",
"notes": [
{
"category": "description",
"text": "An improper privilege management vulnerability in Microsoft Windows DNS allows an authorized local attacker to bypass a security feature, potentially impacting system security controls.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50295 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50295.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50295"
},
{
"cve": "CVE-2026-50305",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Microsoft Brokering File System allows an authorized local attacker to elevate privileges on the affected system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50305 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50305.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50305"
},
{
"cve": "CVE-2026-50392",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows Secure Kernel Mode allows an authorized local attacker to elevate privileges by exploiting memory management flaws.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50392 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50392.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50392"
},
{
"cve": "CVE-2026-50393",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Windows Kernel-Mode Drivers allows an authorized local attacker to elevate privileges by exploiting improper memory handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50393 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50393.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50393"
},
{
"cve": "CVE-2026-50327",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in Windows Media allows an authorized local attacker to execute arbitrary code, posing a significant security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50327 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50327.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50327"
},
{
"cve": "CVE-2026-50396",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Windows Kernel-Mode Drivers allows an authorized local attacker to elevate privileges by exploiting improper memory handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50396 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50396.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50396"
},
{
"cve": "CVE-2026-50315",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "description",
"text": "A null pointer dereference vulnerability in Windows Image Acquisition allows an authorized local attacker to elevate privileges by exploiting improper handling of pointer references.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50315 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50315.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50315"
},
{
"cve": "CVE-2026-50345",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A race condition in Windows Runtime caused by improper synchronization of shared resources allows a local authorized attacker to elevate privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50345 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50345.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50345"
},
{
"cve": "CVE-2026-50322",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A race condition in Windows Runtime caused by improper synchronization of shared resources allows a local authorized attacker to elevate privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50322 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50322.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50322"
},
{
"cve": "CVE-2026-50361",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Double Free",
"title": "CWE-415"
},
{
"category": "description",
"text": "A double free vulnerability in the Microsoft Brokering File System allows an authorized local attacker to elevate privileges by exploiting improper memory management.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50361 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50361.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50361"
},
{
"cve": "CVE-2026-50317",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A race condition in Windows OS shared resources caused by improper synchronization allows authorized local users to escalate privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50317 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50317.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50317"
},
{
"cve": "CVE-2026-50340",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Windows Runtime allows an authorized attacker to remotely elevate privileges over a network, posing a significant security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50340 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50340.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50340"
},
{
"cve": "CVE-2026-50416",
"notes": [
{
"category": "description",
"text": "A vulnerability in the Windows Win32K component allows an authorized local attacker to disclose sensitive information, potentially compromising system confidentiality.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50416 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50416.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50416"
},
{
"cve": "CVE-2026-50353",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Windows DirectX allows an authorized local attacker to elevate privileges by exploiting improper memory handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50353 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50353.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50353"
},
{
"cve": "CVE-2026-50398",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A race condition vulnerability in Windows Media\u0027s concurrent execution with shared resources enables an authorized attacker to elevate privileges remotely over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50398 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50398.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50398"
},
{
"cve": "CVE-2026-50414",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A race condition vulnerability in Windows Media\u0027s concurrent execution with shared resources enables an authorized attacker to elevate privileges remotely over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50414 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50414.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50414"
},
{
"cve": "CVE-2026-50403",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A race condition in Windows Runtime caused by improper synchronization of shared resources allows a local authorized attacker to elevate privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50403 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50403.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50403"
},
{
"cve": "CVE-2026-50436",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows Kernel allows an authorized local attacker to elevate privileges by exploiting improper memory management.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50436 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50436.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50436"
},
{
"cve": "CVE-2026-50454",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"notes": [
{
"category": "other",
"text": "Relative Path Traversal",
"title": "CWE-23"
},
{
"category": "description",
"text": "A relative path traversal vulnerability in the Windows User Interface Core allows an authorized local attacker to elevate privileges by exploiting improper path handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50454 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50454.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50454"
},
{
"cve": "CVE-2026-50385",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A race condition in Windows Runtime caused by improper synchronization of shared resources allows a local authorized attacker to elevate privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50385 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50385.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50385"
},
{
"cve": "CVE-2026-50413",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Windows Runtime allows an authorized local attacker to elevate privileges by exploiting improper memory handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50413 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50413.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50413"
},
{
"cve": "CVE-2026-50466",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows Brokering File System allows an authorized local attacker to elevate privileges on affected systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50466 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50466.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50466"
},
{
"cve": "CVE-2026-50465",
"notes": [
{
"category": "description",
"text": "An improper access control vulnerability in Microsoft Windows DNS allows an authorized local attacker to tamper with the system, potentially compromising its integrity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50465 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50465.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50465"
},
{
"cve": "CVE-2026-50420",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "An out-of-bounds read vulnerability in Windows HTTP.sys allows unauthorized local attackers to access sensitive information, potentially compromising system confidentiality.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50420 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50420.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50420"
},
{
"cve": "CVE-2026-50458",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Microsoft Brokering File System allows an authorized local attacker to elevate privileges on the affected system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50458 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50458.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50458"
},
{
"cve": "CVE-2026-50424",
"cwe": {
"id": "CWE-822",
"name": "Untrusted Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "Untrusted Pointer Dereference",
"title": "CWE-822"
},
{
"category": "description",
"text": "An untrusted pointer dereference vulnerability in Windows Domain Controller allows unauthorized attackers to cause a denial of service over a network, impacting system availability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50424 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50424.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50424"
},
{
"cve": "CVE-2026-50483",
"notes": [
{
"category": "description",
"text": "A vulnerability in the Microsoft Graphics Component allows an authorized local attacker to disclose sensitive information, potentially compromising data confidentiality within affected systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50483 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50483.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50483"
},
{
"cve": "CVE-2026-50487",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Microsoft Windows DNS allows remote attackers to elevate privileges over a network by exploiting memory management flaws.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50487 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50487.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50487"
},
{
"cve": "CVE-2026-50488",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
},
{
"category": "description",
"text": "An authorized attacker can locally elevate privileges on Windows systems due to improper neutralization of special elements in command injection within the Clipboard User Service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50488 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50488.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50488"
},
{
"cve": "CVE-2026-50501",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "description",
"text": "A stack-based buffer overflow vulnerability in the Windows Resilient File System (ReFS) allows unauthorized local code execution, posing a critical security risk to affected systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50501 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50501.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50501"
},
{
"cve": "CVE-2026-50503",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "description",
"text": "A race condition in Windows Runtime caused by improper synchronization of shared resources allows a local authorized attacker to elevate privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50503 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50503.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50503"
},
{
"cve": "CVE-2026-50674",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows USB Print Driver allows an authorized local attacker to elevate privileges on affected systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50674 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50674.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50674"
},
{
"cve": "CVE-2026-50679",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in the Microsoft Windows Search Component allows an authorized local attacker to escalate privileges on affected systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50679 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50679.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50679"
},
{
"cve": "CVE-2026-50687",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows Kernel allows an authorized local attacker to elevate privileges by exploiting improper memory management.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50687 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50687.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50687"
},
{
"cve": "CVE-2026-58537",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Microsoft NAT Helper Components (ipnathlp.dll) allows an authorized local attacker to elevate privileges on affected systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-58537 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-58537.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-58537"
},
{
"cve": "CVE-2026-58544",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Windows Management Services allows an authorized local attacker to elevate privileges by exploiting improper memory handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-58544 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-58544.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-58544"
},
{
"cve": "CVE-2026-58542",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in Windows Media allows attackers to execute unauthorized local code by exploiting memory management flaws.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-58542 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-58542.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-58542"
},
{
"cve": "CVE-2026-58543",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A race condition vulnerability in the Windows USB Print Driver\u0027s management of shared resources allows an authorized user with physical access to escalate privileges on the affected system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-58543 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-58543.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-58543"
},
{
"cve": "CVE-2026-56181",
"cwe": {
"id": "CWE-346",
"name": "Origin Validation Error"
},
"notes": [
{
"category": "other",
"text": "Origin Validation Error",
"title": "CWE-346"
},
{
"category": "description",
"text": "A vulnerability in Windows Network Address Translation (NAT) origin validation allows unauthorized attackers to spoof adjacent networks, potentially compromising network security.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-56181 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-56181.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-56181"
},
{
"cve": "CVE-2026-50342",
"notes": [
{
"category": "description",
"text": "An improper access control vulnerability in the Windows MIDI Service Module allows an authorized local attacker to elevate privileges on affected systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50342 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50342.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50342"
},
{
"cve": "CVE-2026-50440",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A race condition in the Windows Audio Service caused by improper synchronization of shared resources enables a local authorized attacker to elevate privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50440 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50440.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50440"
},
{
"cve": "CVE-2026-50404",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A race condition vulnerability in Windows Media\u0027s shared resource management allows an authorized local attacker to elevate privileges due to improper synchronization.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50404 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50404.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50404"
},
{
"cve": "CVE-2026-50336",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in Windows Media allows an authorized local attacker to escalate privileges by exploiting memory corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50336 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50336.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50336"
},
{
"cve": "CVE-2026-50379",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A race condition vulnerability in Windows Media\u0027s concurrent execution with shared resources enables an authorized attacker to elevate privileges remotely over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50379 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50379.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50379"
},
{
"cve": "CVE-2026-50676",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A race condition vulnerability in Windows Media\u0027s shared resource management allows an authorized local attacker to elevate privileges due to improper synchronization.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50676 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50676.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50676"
},
{
"cve": "CVE-2026-50677",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Windows Media allows an authorized local attacker to elevate privileges by exploiting improper memory handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50677 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50677.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50677"
},
{
"cve": "CVE-2026-56183",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows MIDI Service Module allows an authorized local attacker to elevate privileges on affected systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-56183 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-56183.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-56183"
},
{
"cve": "CVE-2026-56187",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows MIDI Service Module allows an authorized local attacker to elevate privileges on affected systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-56187 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-56187.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-56187"
},
{
"cve": "CVE-2026-49173",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows Kernel allows an authorized local attacker to elevate privileges by exploiting improper memory management.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-49173 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-49173.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-49173"
},
{
"cve": "CVE-2026-50428",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "An out-of-bounds read vulnerability in the Windows Container Isolation FS Filter Driver (unionfs.sys) allows an authorized local attacker to disclose sensitive information.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50428 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50428.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50428"
},
{
"cve": "CVE-2026-58633",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Desktop Window Manager allows an authorized local attacker to elevate privileges on the affected system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-58633 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-58633.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-58633"
},
{
"cve": "CVE-2026-58634",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Desktop Window Manager allows an authorized local attacker to elevate privileges on the affected system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-58634 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-58634.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-58634"
},
{
"cve": "CVE-2026-58529",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "An out-of-bounds read vulnerability in Active Directory Federation Services (AD FS) allows an authorized attacker to disclose sensitive information over a network, potentially compromising data confidentiality.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-58529 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-58529.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-58529"
},
{
"cve": "CVE-2026-50480",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in Windows WPAD allows an authorized local attacker to elevate privileges by exploiting memory corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50480 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50480.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50480"
},
{
"cve": "CVE-2026-56169",
"notes": [
{
"category": "description",
"text": "An improper authentication vulnerability in Windows Admin Center allows an authorized attacker to elevate privileges remotely over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-56169 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-56169.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-56169"
},
{
"cve": "CVE-2026-56185",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "description",
"text": "Improper authentication in Windows Admin Center enables an authorized attacker to disclose sensitive information over a network, posing a security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-56185 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-56185.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-56185"
},
{
"cve": "CVE-2026-57107",
"notes": [
{
"category": "description",
"text": "Improper authentication in Windows Admin Center allows an authorized attacker to locally elevate privileges, posing a significant security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-57107 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-57107.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-57107"
},
{
"cve": "CVE-2026-58631",
"notes": [
{
"category": "description",
"text": "An improper authorization vulnerability in Windows Admin Center allows an authorized attacker to execute code locally, potentially compromising system integrity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-58631 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-58631.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-58631"
},
{
"cve": "CVE-2026-56196",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"notes": [
{
"category": "other",
"text": "Relative Path Traversal",
"title": "CWE-23"
},
{
"category": "description",
"text": "A relative path traversal vulnerability in Windows Admin Center allows an authorized attacker to remotely execute code over a network, posing a significant security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-56196 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-56196.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-56196"
},
{
"cve": "CVE-2026-56197",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
},
{
"category": "description",
"text": "An authorized attacker can exploit improper neutralization of special elements in Windows Admin Center to perform remote code execution via command injection.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-56197 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-56197.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-56197"
},
{
"cve": "CVE-2026-55014",
"notes": [
{
"category": "description",
"text": "An improper access control vulnerability in Windows Remote Help Defense allows an authorized attacker to locally elevate privileges, potentially compromising system integrity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-55014 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-55014.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-55014"
},
{
"cve": "CVE-2026-42982",
"cwe": {
"id": "CWE-1288",
"name": "Improper Validation of Consistency within Input"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Consistency within Input",
"title": "CWE-1288"
},
{
"category": "description",
"text": "An improper validation of input consistency in Windows Secure Kernel Mode enables an authorized local attacker to elevate privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-42982 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42982.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-42982"
},
{
"cve": "CVE-2026-34349",
"notes": [
{
"category": "description",
"text": "A vulnerability in Windows Media allows an authorized local attacker to expose sensitive information to unauthorized users through local disclosure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-34349 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34349.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-34349"
},
{
"cve": "CVE-2026-34346",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"notes": [
{
"category": "other",
"text": "Cleartext Transmission of Sensitive Information",
"title": "CWE-319"
},
{
"category": "description",
"text": "A vulnerability in the Windows Ancillary Function Driver for WinSock allows an authorized local attacker to disclose sensitive information due to cleartext transmission.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-34346 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34346.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-34346"
},
{
"cve": "CVE-2026-42900",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A race condition due to improper synchronization in the Windows App Store allows unauthorized attackers to elevate privileges remotely over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-42900 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42900.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-42900"
},
{
"cve": "CVE-2026-42975",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in the Windows Bluetooth Port Driver enables unauthorized attackers to execute arbitrary code over an adjacent network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-42975 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42975.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-42975"
},
{
"cve": "CVE-2026-42990",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in the SQL Server ODBC driver enables unauthorized attackers to execute arbitrary code remotely over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-42990 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42990.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-42990"
},
{
"cve": "CVE-2026-49164",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in Active Directory Domain Services enables unauthorized remote code execution over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-49164 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-49164.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-49164"
},
{
"cve": "CVE-2026-49165",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "other",
"text": "Use of Uninitialized Resource",
"title": "CWE-908"
},
{
"category": "description",
"text": "A use of uninitialized resource vulnerability in Microsoft Windows App Store allows an authorized local attacker to disclose sensitive information.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-49165 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-49165.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-49165"
},
{
"cve": "CVE-2026-49167",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Windows Kernel allows an authorized local attacker to elevate privileges by exploiting improper memory management.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-49167 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-49167.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-49167"
},
{
"cve": "CVE-2026-49168",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "description",
"text": "An integer overflow vulnerability in Windows Storage Spaces Direct allows an unauthorized attacker with physical access to elevate privileges by exploiting wraparound behavior.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-49168 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-49168.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-49168"
},
{
"cve": "CVE-2026-49170",
"cwe": {
"id": "CWE-1220",
"name": "Insufficient Granularity of Access Control"
},
"notes": [
{
"category": "other",
"text": "Insufficient Granularity of Access Control",
"title": "CWE-1220"
},
{
"category": "description",
"text": "An insufficient granularity of access control in the Windows StateRepository API allows an authorized local attacker to elevate privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-49170 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-49170.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-49170"
},
{
"cve": "CVE-2026-49171",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use after free vulnerability in Microsoft Windows Speech allows an authorized local attacker to elevate privileges on the affected system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-49171 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-49171.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-49171"
},
{
"cve": "CVE-2026-49176",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"title": "CWE-59"
},
{
"category": "description",
"text": "Improper privilege management in the Windows WalletService component allows an authorized local attacker to elevate their privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-49176 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-49176.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-49176"
},
{
"cve": "CVE-2026-49172",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in the Windows FTP Service enables unauthorized remote attackers to execute arbitrary code over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-49172 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-49172.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-49172"
},
{
"cve": "CVE-2026-49174",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "other",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
},
{
"category": "description",
"text": "A missing authentication vulnerability in a critical function of Microsoft Windows DNS allows an authorized attacker to perform local tampering.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-49174 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-49174.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-49174"
},
{
"cve": "CVE-2026-49177",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "An out-of-bounds read vulnerability in Windows TCP/IP allows an authorized local attacker to disclose sensitive information by exploiting improper memory access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-49177 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-49177.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-49177"
},
{
"cve": "CVE-2026-49784",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A race condition due to improper synchronization in the Microsoft Windows App Store allows an authorized attacker to locally elevate privileges, posing a significant security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-49784 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-49784.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-49784"
},
{
"cve": "CVE-2026-54983",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "description",
"text": "A stack-based buffer overflow vulnerability in Active Directory Federation Services (AD FS) enables an unauthorized attacker to cause a denial of service over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-54983 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54983.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-54983"
},
{
"cve": "CVE-2026-50695",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "description",
"text": "A stack-based buffer overflow vulnerability in Active Directory Federation Services enables an unauthorized attacker to cause a denial of service over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50695 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50695.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50695"
},
{
"cve": "CVE-2026-54129",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Windows Hyper-V allows an authorized local attacker to elevate privileges by exploiting improper memory handling within the virtualization component.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-54129 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54129.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-54129"
},
{
"cve": "CVE-2026-54989",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in the Quality Windows Audio/Video Experience (QWAVE) service allows an authorized local attacker to elevate privileges on affected Windows systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-54989 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54989.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-54989"
},
{
"cve": "CVE-2026-54987",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in the Windows Overlay Filter allows an authorized local attacker to elevate privileges on affected systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-54987 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54987.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-54987"
},
{
"cve": "CVE-2026-50696",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in the Windows Internet Key Exchange (IKE) Protocol enables unauthorized attackers to cause a denial of service over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50696 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50696.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50696"
},
{
"cve": "CVE-2026-50697",
"notes": [
{
"category": "description",
"text": "A vulnerability in the Windows Common Log File System Driver allows an authorized local attacker to expose sensitive information and elevate privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50697 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50697.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-50697"
},
{
"cve": "CVE-2026-54132",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in the Windows Kernel allows an unauthorized attacker with physical access to elevate privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-54132 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54132.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-54132"
},
{
"cve": "CVE-2026-54107",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "description",
"text": "A race condition due to improper synchronization in the Windows Win32K component allows an authorized local attacker to elevate privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-54107 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54107.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-54107"
},
{
"cve": "CVE-2026-54986",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in the Windows Win32K component allows an authorized local attacker to elevate privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-54986 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54986.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-54986"
},
{
"cve": "CVE-2026-54993",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in Microsoft Windows Media Foundation enables unauthorized local code execution by an attacker.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-54993 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54993.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-54993"
},
{
"cve": "CVE-2026-55001",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "description",
"text": "Improper certificate validation in Windows Active Directory allows an authorized attacker to locally elevate privileges by exploiting certificate handling flaws.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-55001 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-55001.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-55001"
},
{
"cve": "CVE-2026-54112",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A race condition due to improper synchronization in the Windows Win32K component allows an authorized local attacker to elevate privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-54112 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54112.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-54112"
},
{
"cve": "CVE-2026-55004",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "other",
"text": "Double Free",
"title": "CWE-415"
},
{
"category": "description",
"text": "A double free vulnerability in Microsoft Printer Drivers allows an authorized local attacker to elevate privileges by exploiting improper memory management.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-55004 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-55004.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-55004"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.