219617 matches found
EUVD-2026-29680
External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...
EUVD-2026-29657
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally...
EUVD-2026-29677
Improper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally...
EUVD-2026-29647
Insufficient granularity of access control in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...
EUVD-2026-29635
Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally...
EUVD-2026-29652
External control of file name or path in SQL Server allows an authorized attacker to execute code over a network...
EUVD-2026-29574
External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally...
EUVD-2026-29575
Improper access control in Windows Filtering Platform WFP allows an authorized attacker to bypass a security feature locally...
EUVD-2026-29581
Improper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally...
EUVD-2026-29536
Missing Authorization vulnerability in WPMU DEV Hustle allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Hustle: through 7.8.10.1...
CVE-2026-44277
A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via crafted requests...
CVE-2026-44279
An improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenAndroid 6.1 all versions, FortiTokenAndroid 5.2 all versions may allow attacker to disclose information via an exported Content Provider URI...
CVE-2026-42823
Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network...
CVE-2026-42832
Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally...
CVE-2026-42300
DevGuard provides vulnerability management for the full software supply chain. Prior to 1.2.2, the SessionMiddleware accepts a client-supplied X-Admin-Token HTTP request header and uses its raw string value as the authenticated userID when no Kratos session cookie is present. An unauthenticated...
CVE-2026-41614
Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally...
CVE-2026-41107
External control of file name or path in Microsoft Edge Chromium-based allows an unauthorized attacker to disclose information over a network...
CVE-2026-41102
Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally...
CVE-2026-41101
Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally...
CVE-2026-41100
Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally...