tag
LPE
High
System Informer phsvc Trusted-Host Confused Deputy LPE
None assigned as of 2026-07-03·
System Informer (Process Hacker successor), phsvc helper process
unpatched
High
AnyDesk Printer Pipe COM Impersonation Local Privilege Escalation
None assigned as of 2026-07-03·
AnyDesk for Windows 9.7.6
unpatched
High
Linux Kernel act_pedit Partial COW Page-Cache LPE (CVE-2026-46331)
CVE-2026-46331·
Linux Kernel — net/sched/act_pedit (traffic control packet editing)
unpatched
High
Claude Desktop Cowork VM Image Integrity Bypass / Local Persistence (CVE-2026-7574)
CVE-2026-7574·
Anthropic Claude Desktop — Cowork feature
unpatched
High
Windows CTFMON Arbitrary Section Object EoP — GreenPlasma (CVE-2026-45586)
CVE-2026-45586·
Windows Collaborative Translation Framework (CTFMON service)
patched
High
DirtyClone — Linux Kernel LPE via Cloned Packet Page-Cache Overwrite (CVE-2026-43503)
CVE-2026-43503·
Linux kernel (netfilter TEE / __pskb_copy_fclone())
patched
High
CVE-2026-50656 RoguePlanet — Safe Vulnerability Checker (Resurface)
CVE-2026-50656·
Microsoft Malware Protection Engine (mpengine.dll, MsMpEng.exe)
patched
High
RoguePlanet — Windows Defender LPE via ISO Mount + Task Scheduler Race Condition
CVE-2026-50656·
Microsoft Windows Defender / Windows Error Reporting Task Scheduler
unpatched
High
ssh-keysign-pwn: pidfd_getfd FD Theft via mm-NULL Exit Window (CVE-2026-46333)
CVE-2026-46333·
Linux kernel plus privileged userland binaries (ssh-keysign, chage)
patched
High
PinTheft: RDS Double-Free → LPE
Linux kernel (RDS subsystem + io_uring)
unpatched
Critical
TossUp — TerraMaster TOS Unauthenticated Redis Root RCE + NFS LPE
N/A (vendor confirmed TOS4 is EOL; no fix planned)·
TerraMaster TOS3_A1.0 4.2.41, Redis 4.0.10
unpatched
High
DirtyDecrypt / DirtyCBC — rxgk Page-Cache Write (Dirty Pipe Variant)
N/A (reported as duplicate by kernel maintainers; patched on mainline)·
Linux kernel — net/rxrpc (rxgk_decrypt_skb)
unpatched
High
Linux vsock Use-After-Free VM Escape (CVE-2025-21756)
CVE-2025-21756·
Linux kernel (vsock / virtual socket subsystem)
patched
High
Linux nf_tables Use-After-Free Local Privilege Escalation (CVE-2024-1086)
CVE-2024-1086·
Linux kernel (netfilter nf_tables subsystem)
patched
High
Copy Fail Linux Kernel Local Privilege Escalation (CVE-2026-31431)
CVE-2026-31431·
Linux kernel (crypto / AF_ALG AEAD path)
unpatched
High
RedSun Privileged File Write (CVE-2026-33825)
CVE-2026-33825·
Microsoft Defender Antivirus (real-time protection) on Windows with Cloud Files APIs
patched
High
MiniPlasma - Windows Cloud Files Mini Filter Driver LPE (CVE-2020-17103)
CVE-2020-17103·
Windows Cloud Files Mini Filter Driver (cldflt.sys) / cldapi.dll
unpatched
High
CVE-2024-21338 — Local Privilege Escalation from Admin to Kernel
CVE-2024-21338·
Microsoft Windows AppLocker driver path (\\Device\\AppID)
patched
High
BlueHammer Defender Local Privilege Escalation (CVE-2026-33825)
CVE-2026-33825·
Microsoft Defender Antivirus update/scan workflow on Windows
patched
High
Linux XFRM ESP-in-TCP Local Privilege Escalation (Fragnesia)
CVE-2026-46300·
Linux kernel (XFRM ESP-in-TCP subsystem)
unpatched
Critical
Dirty Frag: Linux XFRM/RxRPC Page Cache Write Chain LPE
CVE-2026-43500, CVE-2026-43284·
Linux kernel
patched