PoC Archive PoC Archive

tag

LPE

High
System Informer phsvc Trusted-Host Confused Deputy LPE
None assigned as of 2026-07-03· System Informer (Process Hacker successor), phsvc helper process unpatched
High
AnyDesk Printer Pipe COM Impersonation Local Privilege Escalation
None assigned as of 2026-07-03· AnyDesk for Windows 9.7.6 unpatched
High
Linux Kernel act_pedit Partial COW Page-Cache LPE (CVE-2026-46331)
CVE-2026-46331· Linux Kernel — net/sched/act_pedit (traffic control packet editing) unpatched
High
Claude Desktop Cowork VM Image Integrity Bypass / Local Persistence (CVE-2026-7574)
CVE-2026-7574· Anthropic Claude Desktop — Cowork feature unpatched
High
Windows CTFMON Arbitrary Section Object EoP — GreenPlasma (CVE-2026-45586)
CVE-2026-45586· Windows Collaborative Translation Framework (CTFMON service) patched
High
DirtyClone — Linux Kernel LPE via Cloned Packet Page-Cache Overwrite (CVE-2026-43503)
CVE-2026-43503· Linux kernel (netfilter TEE / __pskb_copy_fclone()) patched
High
CVE-2026-50656 RoguePlanet — Safe Vulnerability Checker (Resurface)
CVE-2026-50656· Microsoft Malware Protection Engine (mpengine.dll, MsMpEng.exe) patched
High
RoguePlanet — Windows Defender LPE via ISO Mount + Task Scheduler Race Condition
CVE-2026-50656· Microsoft Windows Defender / Windows Error Reporting Task Scheduler unpatched
High
ssh-keysign-pwn: pidfd_getfd FD Theft via mm-NULL Exit Window (CVE-2026-46333)
CVE-2026-46333· Linux kernel plus privileged userland binaries (ssh-keysign, chage) patched
High
PinTheft: RDS Double-Free → LPE
Linux kernel (RDS subsystem + io_uring) unpatched
Critical
TossUp — TerraMaster TOS Unauthenticated Redis Root RCE + NFS LPE
N/A (vendor confirmed TOS4 is EOL; no fix planned)· TerraMaster TOS3_A1.0 4.2.41, Redis 4.0.10 unpatched
High
DirtyDecrypt / DirtyCBC — rxgk Page-Cache Write (Dirty Pipe Variant)
N/A (reported as duplicate by kernel maintainers; patched on mainline)· Linux kernel — net/rxrpc (rxgk_decrypt_skb) unpatched
High
Linux vsock Use-After-Free VM Escape (CVE-2025-21756)
CVE-2025-21756· Linux kernel (vsock / virtual socket subsystem) patched
High
Linux nf_tables Use-After-Free Local Privilege Escalation (CVE-2024-1086)
CVE-2024-1086· Linux kernel (netfilter nf_tables subsystem) patched
High
Copy Fail Linux Kernel Local Privilege Escalation (CVE-2026-31431)
CVE-2026-31431· Linux kernel (crypto / AF_ALG AEAD path) unpatched
High
RedSun Privileged File Write (CVE-2026-33825)
CVE-2026-33825· Microsoft Defender Antivirus (real-time protection) on Windows with Cloud Files APIs patched
High
MiniPlasma - Windows Cloud Files Mini Filter Driver LPE (CVE-2020-17103)
CVE-2020-17103· Windows Cloud Files Mini Filter Driver (cldflt.sys) / cldapi.dll unpatched
High
CVE-2024-21338 — Local Privilege Escalation from Admin to Kernel
CVE-2024-21338· Microsoft Windows AppLocker driver path (\\Device\\AppID) patched
High
BlueHammer Defender Local Privilege Escalation (CVE-2026-33825)
CVE-2026-33825· Microsoft Defender Antivirus update/scan workflow on Windows patched
High
Linux XFRM ESP-in-TCP Local Privilege Escalation (Fragnesia)
CVE-2026-46300· Linux kernel (XFRM ESP-in-TCP subsystem) unpatched
Critical
Dirty Frag: Linux XFRM/RxRPC Page Cache Write Chain LPE
CVE-2026-43500, CVE-2026-43284· Linux kernel patched