4262 matches found
CVE-2026-32183
Improper neutralization of special elements used in a command 'command injection' in Windows Snipping Tool allows an unauthorized attacker to execute code locally...
CVE-2026-32156
Use after free in Windows Universal Plug and Play UPnP Device Host allows an unauthorized attacker to execute code locally...
Windows Hyper-V Remote Code Execution Vulnerability
Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally...
Microsoft Word Remote Code Execution Vulnerability
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally...
Microsoft Excel Remote Code Execution Vulnerability
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally...
Windows Snipping Tool Remote Code Execution Vulnerability
Improper neutralization of special elements used in a command 'command injection' in Windows Snipping Tool allows an unauthorized attacker to execute code locally...
Microsoft Word Remote Code Execution Vulnerability
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally...
Microsoft PowerPoint Remote Code Execution Vulnerability
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally...
Microsoft Word Remote Code Execution Vulnerability
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally...
Windows UPnP Device Host Remote Code Execution Vulnerability
Use after free in Windows Universal Plug and Play UPnP Device Host allows an unauthorized attacker to execute code locally...
Microsoft Excel Remote Code Execution Vulnerability
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally...
Windows Hyper-V Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Hyper-V allows an unauthorized attacker to execute code locally...
GHSA-P4H8-56QP-HPGV SSH/SCP option injection allowing local RCE in @aiondadotcom/mcp-ssh
Impact A crafted hostAlias argument such as -oProxyCommand=... was passed to ssh/scp without an argument terminator. SSH interprets arguments starting with - as options regardless of position, so the option-injection caused SSH to execute the attacker-supplied ProxyCommand locally on the machine...
PT-2026-32736
CVE-2026-26156 Heap-based buffer overflow in Windows Hyper-V allows an unauthorized attacker to execute code locally. https://t.co/WXiQEpBjLe...
Security Updates for Microsoft Word Products C2R (April 2026)
The Microsoft Word Products are missing security updates. It is, therefore, affected by multiple vulnerabilities: - Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. CVE-2026-23657, CVE-2026-33095, CVE-2026-33115 - Untrusted pointer dereference in...
PT-2026-32878
Name of the Vulnerable Software and Affected Versions Microsoft 365 Apps for Enterprise versions 16.0.1 through 16.0.1 Description Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally by tricking a user into opening a malicious document...
PT-2026-32864
Name of the Vulnerable Software and Affected Versions Microsoft Graphics Component affected versions not specified Description A heap-based buffer overflow in the Microsoft Graphics Component allows an unauthorized attacker to execute arbitrary code locally and remotely, which can affect the...
PT-2026-32841
Name of the Vulnerable Software and Affected Versions Windows Snipping Tool affected versions not specified Description Improper neutralization of special elements used in a command allows an unauthorized attacker to execute arbitrary code locally and remotely, affecting the system. Recommendatio...
PT-2026-32849
CVE-2026-32197 | Microsoft 365 Apps for Enterprise | Remote Code Execution Description Use-after-free vulnerability in Microsoft Office Excel allows unauth attacker to achieve RCE locally by tricking user into opening malicious Excel file. Severity: High Exploitation: Unknown Public PoC: Unknown...
PT-2026-32819
CVE-2026-32149 Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally. https://t.co/jAvCgQ0s60...