Certain HP DeskJet All In One (AIO) Devices – Potential Remote Code Execution & Potential Buffer Overflow

Certain HP DeskJet All in One devices may be vulnerable to remote code execution caused by a buffer overflow when specially crafted Web Services for Devices WSD scan requests are improperly validated and handled by the MFP. As a temporary mitigation measure for the buffer overflow vulnerability,...

GHSA-W5XJ-99CG-RCCM Decidim amendments can be accepted or rejected by anyone

Impact The vulnerability allows any registered and authenticated user to accept or reject any amendments. The impact is on any users who have created proposals where the amendments feature is enabled. This also elevates the user accepting the amendment as the author of the original proposal as...

CVE-2026-27282

ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue requires us...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the APICall feature. An attacker can access sensitive internal resources and exfiltrate confidential data by supplying arbitrary URLs to the APICall feature, which are executed with elevated privilege...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the APICall feature. An attacker can access sensitive internal resources and exfiltrate confidential data by supplying arbitrary URLs to the APICall feature, which are executed with elevated privilege...

CVE-2026-26171

A flaw was found in .NET. A remote attacker could exploit a vulnerability related to unsafe transforms in EncryptedXml. This could lead to a Denial of Service DoS, making the service unavailable, and a bypass of security features. Mitigation Mitigation for this issue is either not available or th...

EUVD-2026-22455

Improper input validation in Windows BitLocker allows an unauthorized attacker to bypass a security feature locally...

EUVD-2026-22369

Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally...

EUVD-2026-22350

Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally...

CVE-2026-32225

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network...

CVE-2026-26143

Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally...

CVE-2026-23670

Untrusted pointer dereference in Windows Virtualization-Based Security VBS Enclave allows an authorized attacker to bypass a security feature locally...

CVE-2026-20928

Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security feature with a physical attack...

CVE-2026-32225

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network...

CVE-2026-32225

CVE-2026-32225 pertains to a Windows Shell security feature bypass. The entry indicates a remote-accessible vulnerability with NETWORK attack vector, requiring user interaction, and impacts confidentiality, integrity, and availability (all HIGH). The CVSSv3.1 base score is 8.8 (HIGH) with an Offi...

CVE-2026-32225 Windows Shell Security Feature Bypass Vulnerability

...

CVE-2026-32088 Windows Biometric Service Security Feature Bypass Vulnerability

...

CVE-2026-32088

CVE-2026-32088 describes a security feature bypass in the Windows Biometric Service. Affected component: Windows Biometric Framework service on Windows. The underlying root cause is not explicitly detailed in the provided documents. CVSS metrics indicate an attacker with physical access can explo...

CVE-2026-32088 Windows Biometric Service Security Feature Bypass Vulnerability

...

CVE-2026-27913

Technical details of CVE-2026-27913 are not provided in the supplied documents. Monitor for updates from Microsoft and CVE records for affected components, impact, and mitigations.