CVE-2026-45472

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally...

CVE-2026-45475 Microsoft Office Remote Code Execution Vulnerability

...

CVE-2026-45469

CVE-2026-45469 affects Microsoft Excel (Office) and is caused by an integer underflow/wraparound in Excel. The vulnerability can allow a local attacker to execute code on the affected system; the CVSS indicates LOCAL access, required user interaction, and high impact to confidentiality, integrity...

CVE-2026-45469 Microsoft Excel Remote Code Execution Vulnerability

...

CVE-2026-45469 Microsoft Excel Remote Code Execution Vulnerability

...

CVE-2026-49959 Hermes WebUI < 0.51.311 RCE via Git Configuration Injection

Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file. Attackers can exploit Git subprocess invocations in...

CVE-2026-49959

Hermes WebUI prior to 0.51.311 is affected by a remote code execution vulnerability. Authenticated attackers can trigger arbitrary commands by placing a malicious executable Git configuration in a workspace repo’s .git/config. The issue arises from Git subprocess invocations in api/workspace_git....

CVE-2026-49959 Hermes WebUI < 0.51.311 RCE via Git Configuration Injection

Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file. Attackers can exploit Git subprocess invocations in...

Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code

Veeam has released security patches to address a critical flaw in its Backup & Replication software that could result in remote code execution. Tracked as CVE-2026-44963 , the vulnerability carries a CVSS score of 9.4 out of a maximum of 10.0. "A vulnerability allowing remote code execution RCE o...

Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues

Microsoft on Monday confirmed that it temporarily removed some GitHub repositories in response to a recent security incident that led to 73 of its open-source projects being compromised to inject an information stealer into the code. "Our priority is to protect customers and the broader ecosystem...

Exploit for CVE-2017-20251

CVE-2017-20251: Insert PHP Plugin PHP Code Injection Vulne...

CVE-2026-24064

Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed with hardened runtime entitlements that permit dynamic library injection. A local attacker can set the DYLDINSERTLIBRARIES...

CVE-2026-24180

CVE-2026-24180 affects NVIDIA DALI. The bulletin and CVE list describe a heap-based buffer overflow in a DALI component that could enable code execution, data tampering, denial of service, and information disclosure. Affected versions are 0.0–2.0, with the security update addressing this issue in...

CVE-2026-24180

NVIDIA DALI contains a vulnerability in a component where an attacker could cause a heap-based buffer overflow. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure...

CVE-2026-24180

NVIDIA DALI contains a vulnerability in a component where an attacker could cause a heap-based buffer overflow. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure...

CVE-2026-24181

NVIDIA DALI contains a vulnerability in a component where an attacker could cause an improper index validation. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure...

CVE-2026-24181

NVIDIA DALI contains a vulnerability in a component where an attacker could cause an improper index validation. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure...

CVE-2026-24181

CVE-2026-24181 affects NVIDIA DALI. The issue is due to improper index validation in a component, enabling a local attacker with low privileges and user interaction to potentially cause code execution, data tampering, DoS, or information disclosure. NVIDIA’s security bulletin confirms the vulnera...

CVE-2026-45447 Heap Use-After-Free in the PKCS7_verify() Function

Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS7 or S/MIME signed...

CVE-2026-45447 Heap Use-After-Free in the PKCS7_verify() Function

Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS7 or S/MIME signed...