privilege escalation

A newly disclosed flaw in Windows Admin Center (WAC) creates a dangerous escalation path from low‑privileged, authenticated users to the administrative context that runs the management plane — a weakness that demands immediate action from anyone who runs WAC in production. The vulnerability...

A newly disclosed flaw in Windows Admin Center (WAC) — tracked as CVE‑2026‑26119 and carrying a CVSS score reported as 8.8 — creates a real and immediate risk: an authenticated but low‑privileged user could escalate their privileges across an enterprise management plane and inherit the authority...

The widely used network diagnostic utility mtr contains a dangerous privilege‑context bug that can allow an attacker to control which program is executed via an environment variable, resulting in privileged execution and serious availability and integrity risks on affected systems. The flaw is...

A denial-of-service weakness in the MySQL Server’s InnoDB/optimizer paths lets a high‑privileged, network‑connected actor repeatedly hang or crash the server process, causing sustained or persistent loss of availability for affected MySQL installations. Background / Overview MySQL remains a...

A deep, exploitable buffer overflow in the GNU C Library’s dynamic loader — triggered by specially crafted GLIBC_TUNABLES environment values — lets local attackers escalate to root on many mainstream Linux distributions unless systems are patched or mitigated. Background / Overview The GNU C...

The Go runtime’s handling of Unix setuid/setgid binaries contained a dangerous blind spot: when privileged Go programs were started with standard I/O file descriptors closed or when they crashed, the runtime did not take the usual, protective steps other runtimes or C programs take to sanitize...

The Linux kernel vulnerability tracked as CVE-2010-0291 — widely discussed at the time as the “do_mremap() mess” or the “mremap/mmap mess” — allowed an unprivileged local user to crash a system or, in some exploit scenarios, escalate to kernel privileges by abusing the kernel’s mmap/mremap logic...

A newly cataloged elevation‑of‑privilege issue affecting Windows Admin Center (WAC) — tracked under CVE‑2026‑26119 in Microsoft’s Security Update Guide — exposes a dangerous trust‑model failure in WAC’s management‑plane components that can let a local, low‑privilege user escalate to...

Millions of Windows 10 users are being urged to act now after security researchers and national incident response teams flagged a pair of escalating threats: a widespread fake browser update campaign delivering remote-access malware and an ongoing stream of high‑severity Windows vulnerabilities...

Siemens has released fixes for two high‑severity local privilege‑escalation flaws in its SINEC NMS family that allow a low‑privileged local user to modify configuration data in a way that forces the product to load attacker‑controlled DLLs — a classic uncontrolled search path (DLL hijack)...

Microsoft’s tracking entry for CVE-2026-21237 lists a new Windows Subsystem for Linux (WSL) elevation-of-privilege issue that every Windows administrator and security team should treat as a priority for triage—even if the public technical detail set is intentionally sparse at the moment...

Microsoft’s Security Update Guide records CVE‑2026‑21245 as a Windows kernel elevation‑of‑privilege issue — a classic local attack surface that can let a low‑privileged user or process gain SYSTEM rights — and the vendor’s terse advisory pairs the entry with its confidence/technical‑detail...

Microsoft has assigned CVE-2026-21522 to a newly disclosed elevation-of-privilege flaw affecting Azure Container Instances (ACI) Confidential Containers, warning that an attacker with access inside a confidential guest could potentially escalate privileges and interact with host-level resources...

Microsoft’s security database lists CVE-2026-21234 as an elevation‑of‑privilege issue tied to the Windows Connected Devices Platform Service (CDPSvc), and the entry highlights the vendor’s report confidence metric — a signal security teams must parse carefully when prioritizing remediation and...

Microsoft’s advisory entry for CVE‑2026‑24302 identifies an elevation‑of‑privilege weakness affecting Azure Arc / Azure Connected Machine (azcmagent) components, but public technical details remain intentionally sparse; defenders must therefore treat the advisory as urgent while mapping the CVE...

Microsoft’s attempt to make privilege elevation in Windows 11 a true security boundary ran into a harsh reality check: decades of legacy kernel behavior are hard to rewrite safely. Google Project Zero’s James Forshaw exposed multiple privilege‑escalation bypasses against the new Administrator...

Google Project Zero’s James Forshaw has pulled back the curtain on a subtle, multistage weakness that could have let attackers sidestep Microsoft’s new Administrator Protection model and silently obtain administrator privileges — and the discovery exposes how decades-old Windows behaviors can...

CVE-2026-21227 — Azure Logic Apps path traversal (Elevation of Privilege): what you need to know, how it works, and how to defend (feature analysis) Summary (TL;DR) Microsoft’s Security Update Guide lists CVE-2026-21227: an Azure Logic Apps vulnerability described as an improper limitation of a...

Microsoft’s advisory for CVE-2026-24304 identifies an elevation-of-privilege vulnerability in Azure Resource Manager that carries outsized operational risk because of the component’s role in the Azure management plane, but public technical detail is intentionally limited and the vendor’s...

Weintek’s cMT X Series HMI EasyWeb Service has been flagged in a coordinated advisory for two high-impact web‑interface vulnerabilities — CVE‑2025‑14750 and CVE‑2025‑14751 — that together allow a low‑privileged local or network user to alter assumed‑immutable web parameters, manipulate...