MITRE ATT&CK CVE list for this attack path. Use risk scores and timeline to decide what to patch first and what to track next.
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2026-50398 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Media allows an authorized attacker to elevate privileges over a network. | 8.8 | 0.47% | 2026-07-14 | 2026-07-15 |
| CVE-2026-50385 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an authorized attacker to elevate privileges locally. | 8.8 | 0.19% | 2026-07-14 | 2026-07-15 |
| CVE-2026-50382 | Untrusted pointer dereference in Windows DirectX allows an authorized attacker to execute code locally. | 8.8 | 0.28% | 2026-07-14 | 2026-07-15 |
| CVE-2026-50379 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Media allows an authorized attacker to elevate privileges over a network. | 7.5 | 0.36% | 2026-07-14 | 2026-07-15 |
| CVE-2026-50378 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Key Guard allows an authorized attacker to elevate privileges locally. | 7.8 | 0.24% | 2026-07-14 | 2026-07-16 |
| CVE-2026-50376 | Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network. | 6.5 | 0.89% | 2026-07-14 | 2026-07-15 |
| CVE-2026-50371 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows LUAFV allows an authorized attacker to elevate privileges locally. | 7.0 | 0.19% | 2026-07-14 | 2026-07-14 |
| CVE-2026-50369 | Use after free in Windows Remote Desktop Services allows an authorized attacker to elevate privileges over a network. | 8.8 | 0.65% | 2026-07-14 | 2026-07-15 |
| CVE-2026-50367 | Incorrect access of indexable resource ('range error') in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally. | 7.8 | 0.24% | 2026-07-14 | 2026-07-15 |
| CVE-2026-50361 | Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | 7.8 | 0.19% | 2026-07-14 | 2026-07-15 |
| CVE-2026-50348 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an unauthorized attacker to elevate privileges over a network. | 7.0 | 0.33% | 2026-07-14 | 2026-07-15 |
| CVE-2026-50345 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an authorized attacker to elevate privileges locally. | 7.0 | 0.19% | 2026-07-14 | 2026-07-15 |
| CVE-2026-50337 | Incorrect type conversion or cast in Windows Notification allows an authorized attacker to elevate privileges locally. | 7.8 | 0.32% | 2026-07-14 | 2026-07-15 |
| CVE-2026-50322 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an authorized attacker to elevate privileges locally. | 7.0 | 0.19% | 2026-07-14 | 2026-07-16 |
| CVE-2026-50321 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Driver allows an authorized attacker to elevate privileges locally. | 7.8 | 0.19% | 2026-07-14 | 2026-07-16 |
| CVE-2026-50317 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Operating Systems allows an authorized attacker to elevate privileges locally. | 7.8 | 0.24% | 2026-07-14 | 2026-07-16 |
| CVE-2026-50305 | Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | 7.8 | 0.19% | 2026-07-14 | 2026-07-16 |
| CVE-2026-4018 | TOCTOU Race Condition in specific trace commands of the TraceEvent() system call could allow an attacker with local access and with the PROCMGR_AID_TRACE ability, to cause information disclosure, data tampering or a crash of the QNX Neutrino kernel. | 6.4 | 0.09% | 2026-07-14 | 2026-07-15 |
| CVE-2026-45077 | Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, the server:log listener (Symfony\Bridge\Monolog\Command\ServerLogCommand) binds to 0.0.0.0:9911 by default and processes each received frame with unserialize(base64_decode($message)) without authentication, integrity checks, or an allowed_classes allowlist, allowing any reachable host to submit attacker-chosen serialized PHP payloads that can crash the li | 8.3 | 0.45% | 2026-07-14 | 2026-07-15 |
| CVE-2026-58636 | Improper link resolution before file access ('link following') in Window PC Manager allows an authorized attacker to elevate privileges locally. | 7.8 | 0.27% | 2026-07-14 | 2026-07-16 |