191851 matches found
CVE-2026-33113
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
CVE-2026-47298
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...
CVE-2026-47291
Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network...
CVE-2026-45588
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...
CVE-2026-45592
Integer overflow or wraparound in Windows Internet wininet.dll allows an authorized attacker to elevate privileges locally...
CVE-2026-42993
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...
CVE-2026-42992
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...
CVE-2026-42983
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally...
CVE-2026-42978
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Push Notifications allows an authorized attacker to elevate privileges locally...
CVE-2026-40371
Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 on-premises allows an authorized attacker to elevate privileges over a network...
dotnet: .NET: Local file tampering via link following vulnerability
A flaw was found in .NET. This vulnerability, related to improper link resolution before file access also known as 'link following', allows an unauthorized local attacker to perform unauthorized tampering. This could lead to integrity compromise of local files...
CVE-2026-0268
Prisma Access Agent for Linux contains a local authentication bypass that enables a local attacker to route traffic outside the VPN tunnel. The issue is limited to Linux; Windows, macOS, iOS, Android, and ChromeOS variants are not affected. The CVE entry notes a local attack vector with low privi...
dotnet: ASP.NET Core: Denial of Service via uncontrolled resource consumption
A flaw was found in ASP.NET Core. This vulnerability allows an unauthorized attacker to exploit uncontrolled resource consumption, leading to a Denial of Service DoS over a network. This means that an attacker can make the affected system unavailable to legitimate users by consuming its resources...
dotnet: ASP.NET Core: Denial of Service via uncontrolled resource consumption
A flaw was found in ASP.NET Core. This vulnerability allows an unauthorized attacker to exploit uncontrolled resource consumption, leading to a Denial of Service DoS over a network. This means that an attacker can make the affected system unavailable to legitimate users by consuming its resources...
CVE-2026-6893
A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP Dynamic Host Configuration Protocol options, such as a malicious hostname, to a system using dracut's legacy DHCP path. These options are improperly handled and...
CVE-2026-48011 Shopware: Timing-attack on admin panel allowing enumeration of administrator usernames
Shopware is an open commerce platform. Prior to versions 6.6.10.18 and 6.7.10.1, an attacker is able to enumerate the usernames of administrator users by performing a timing attack. Versions 6.6.10.18 and 6.7.10.1 fix the issue...
EUVD-2026-36120
Shopware is an open commerce platform. Prior to versions 6.6.10.18 and 6.7.10.1, an attacker is able to enumerate the usernames of administrator users by performing a timing attack. Versions 6.6.10.18 and 6.7.10.1 fix the issue...
CVE-2026-48011 Shopware: Timing-attack on admin panel allowing enumeration of administrator usernames
Shopware is an open commerce platform. Prior to versions 6.6.10.18 and 6.7.10.1, an attacker is able to enumerate the usernames of administrator users by performing a timing attack. Versions 6.6.10.18 and 6.7.10.1 fix the issue...
CVE-2026-48011
Summary of CVE-2026-48011 (Shopware) : A timing-attack in the admin authentication flow enables an attacker to enumerate administrator usernames. The issue is in the OAuth user lookup path (UserRepository::getUserEntityByUserCredentials). If a username is not found, the code returns quickly; if f...
CVE-2026-45384 bit7z: Arbitrary File Overwrite via Symlink Attack on Predictable Temp File During Archive Update
bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, there is an arbitrary file overwrite vulnerability via symlink attack on predictable temp files during archive update. This issue has been patched in version 4.0.12...