CVE-2026-42443

NanaZip (open source archiver) contains a local-denial bug in its UFS/UFS2 filesystem image parser. From versions 5.0.1252.0 up to before 6.0.1698.0, an integer divide-by-zero occurs when opening a crafted UFS image where the superblock field fs_ipg (inodes per cylinder group) is zero. The parser...

CVE-2026-42442 NanaZip: Null-pointer dereference in NanaZip UFS parser when root inode is a symlink

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a null-pointer dereference exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the root inode inode 2 is set to IFLNK symlink instead of IFDIR...

EUVD-2026-29787

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a null-pointer dereference exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the root inode inode 2 is set to IFLNK symlink instead of IFDIR...

EUVD-2026-29667

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...

EUVD-2026-29659

Integer underflow wrap or wraparound in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...

EUVD-2026-29599

Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally...

EUVD-2026-29510

The TinyZero project thru commit 6652a63c57fa7e5ccde3fc9c598c7176ff15b839 2025-58-24 contains a critical command injection vulnerability CWE-78 in its HDFS file operation utilities. The vulnerability arises from the unsafe construction and execution of shell commands via os.system without proper...

CVE-2026-44343

WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there are critical vulnerabilities affecting WGDashboard that, if exploited, could allow unauthorized parties to access the host file system without authentication. This vulnerability is fixed in 4.3.2...

CVE-2026-34340

Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally...

CVE-2026-40397

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...

CVE-2026-40397 Windows Common Log File System Driver Elevation of Privilege Vulnerability

...

CVE-2026-40397

CVE-2026-40397 describes an integer underflow (wrap/wraparound) in the Windows Common Log File System Driver that enables a locally authenticated attacker to elevate privileges. The description indicates a local, privileges-required (low), no user interaction vulnerability with high impact to con...

CVE-2026-40397 Windows Common Log File System Driver Elevation of Privilege Vulnerability

...

CVE-2026-34340

CVE-2026-34340 : Use-after-free in the Windows Projected File System can allow an authorized local attacker to elevate privileges. The provided documents identify the affected component as Windows Projected File System and state the root cause as a use-after-free, with a CVSS v3.1 base score of 7...

CVE-2026-34340 Windows Projected File System Elevation of Privilege Vulnerability

...

CVE-2026-34340 Windows Projected File System Elevation of Privilege Vulnerability

...

CVE-2026-40407 Windows Common Log File System Driver Elevation of Privilege Vulnerability

...

CVE-2026-40407

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...

CVE-2026-40407

CVE-2026-40407 describes a heap-based buffer overflow in the Windows Common Log File System (CLFS) Driver that permits an authorized, local attacker to elevate privileges. The vulnerability impact is local privilege escalation with a CVSS v3.1 base score of 7.8 (HIGH) and impact to confidentialit...

CVE-2026-44343

WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there are critical vulnerabilities affecting WGDashboard that, if exploited, could allow unauthorized parties to access the host file system without authentication. This vulnerability is fixed in 4.3.2...