241415 matches found
CVE-2026-45636 Windows NTFS Remote Code Execution Vulnerability
...
CVE-2026-42828 Windows Projected File System Elevation of Privilege Vulnerability
...
CVE-2026-42828 Windows Projected File System Elevation of Privilege Vulnerability
...
CVE-2026-47291 HTTP.sys Remote Code Execution Vulnerability
...
CVE-2026-40404
CVE-2026-40404 concerns a Windows Universal Disk Format (UDFS) File System Driver Elevation of Privilege. The vulnerability affects the UDFS component, with a local attack vector, requiring low privileges and no user interaction, and yields high impact to confidentiality, integrity, and availabil...
CVE-2026-40404 Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
...
CVE-2026-40404 Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
...
CVE-2026-40409 Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
...
CVE-2026-40409
Technical details for CVE-2026-40409 are not publicly available in the provided documents. Monitor for updates from Microsoft/NVD for affected products, root cause, impact, and remediation.
CVE-2026-40409 Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
...
2026-06 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5094128)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...
CVE-2026-46330
A flaw was found in the Linux kernel's TCP User-Level Protocol ULP support for SMC. This vulnerability arises when an active TCP socket is converted into an SMC socket, as the implementation attempts to modify core Virtual File System VFS structures in-place. This action violates fundamental VFS...
CVE-2026-22926
Technical details about CVE-2026-22926 are not publicly available in the provided documents. No affected versions, root cause, or remediation are specified. Monitor for updates from Omnissa and CVE listings.
CVE-2026-49957 Hermes WebUI < 0.51.296 Workspace Boundary Bypass via api/workspace.py
Hermes WebUI before version 0.51.296 contains a workspace boundary bypass vulnerability that allows authenticated attackers to circumvent blocked-root path checks by exploiting an early return in the SSH/remote terminal profile workspace resolution logic within remoteterminalworkspacecandidate...
MAL-2026-5387 Malicious code in @0xlr/sentry-web (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6cda998358d5cfe20dc0c060f7e212e44ee41e6f369f42c15badbfdd7b796744 On npm install, this package automatically executes postinstall.js, which enumerates the entire process.env every environment variable, including CI...
Malicious code in screenpipe-mcp-http (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 28109405008c1eaee3b3702337a3278723bb7e70e01929a4b76132b19c705790 [email protected] is a dependency-confusion lure that beacons installer-identifying data to an attacker-controlled domain on npm install...
Malicious code in t-invest-mcp-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46c186ac158f68845fc995a94d15d44c2b65a521d2619d2850232e58f4a61419 Package is a dependency-confusion squat: package.json sets version 9999.99.99 the canonical max-version trick used to win resolution against any...
MAL-2026-5403 Malicious code in t-invest-mcp-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46c186ac158f68845fc995a94d15d44c2b65a521d2619d2850232e58f4a61419 Package is a dependency-confusion squat: package.json sets version 9999.99.99 the canonical max-version trick used to win resolution against any...
CVE-2026-45447
Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS7 or S/MIME signed...
CVE-2026-42766
Issue summary: A specially crafted password-encrypted CMS message can trigger a NULL pointer dereference during CMS decryption. Impact summary: This NULL pointer dereference leads to an application crash and a Denial of Service. The CMS PasswordRecipientInfo.keyDerivationAlgorithm field is define...