214586 matches found
CVE-2026-42904
Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network...
CVE-2026-42905
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally...
CVE-2026-42911
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...
CVE-2026-42980
Integer underflow wrap or wraparound in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally...
CVE-2026-41108
Heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privileges locally...
CVE-2026-42829
Improper access control in Windows Administrator Protection allows an authorized attacker to bypass a security feature locally...
CVE-2026-42916
Integer underflow wrap or wraparound in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally...
CVE-2026-42828
Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally...
CVE-2026-42908
Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network...
CVE-2026-40404
Windows Universal Disk Format File System Driver UDFS Elevation of Privilege Vulnerability...
CVE-2026-33828
Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally...
CVE-2026-40409
Windows Universal Disk Format File System Driver UDFS Elevation of Privilege Vulnerability...
CVE-2026-34335
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...
CVE-2026-45380
The CVE-2026-45380 issue affects bit7z (a cross-platform C++ static library for archive handling). A one-byte off-by-one bug in SafeOutPathBuilder::restoreSymlink() (prior to 4.0.12) enables crafting a .7z archive that, when extracted on non-Windows, creates a symlink escaping the extraction dire...
Malicious code in requests-toolbelt-plus (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38c64ca050de4910f56bc4a652890b0a378082859cb62153762c6ae08b4b8eae The package impersonates the popular requests-toolbelt library but ships an empty requeststoolbeltplus/init.py and places its real logic in setup.py...
MAL-2026-5519 Malicious code in requests-toolbelt-plus (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38c64ca050de4910f56bc4a652890b0a378082859cb62153762c6ae08b4b8eae The package impersonates the popular requests-toolbelt library but ships an empty requeststoolbeltplus/init.py and places its real logic in setup.py...
Free Spotify Premium hacks on social media are spreading infostealers
Short-form video platforms like TikTok and Instagram Reels have become the latest way cybercriminals spread malware. We've already seen attackers move away from traditional phishing emails and toward tactics that trick people into installing malware themselves. Now they're being lured with slick...
CVE-2026-9045
During an internal security assessment, a potential vulnerability was discovered in Lenovo Accessories and Display Manager for Enterprise for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges...
CVE-2026-6090
A potential authentication bypass was reported in Lenovo Smart Connect for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges...
CVE-2026-52750
Ghidra before 12.1 contains a command injection vulnerability in URL annotation handling on Windows where cmd.exe metacharacters are not properly escaped. Attackers can execute arbitrary commands under the Ghidra user's privileges by embedding malicious URLs in program comments that victims click...