EUVD-2026-29624

Access of resource using incompatible type 'type confusion' in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally...

EUVD-2026-29629

Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network...

EUVD-2026-29625

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally...

EUVD-2026-29606

Null pointer dereference in Windows Storport Miniport Driver allows an unauthorized attacker to deny service over a network...

EUVD-2026-29582

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally...

EUVD-2026-29579

Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network...

EUVD-2026-29583

Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally...

EUVD-2026-29592

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network...

EUVD-2026-29587

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally...

EUVD-2026-29581

Improper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally...

EUVD-2026-29529

Unchecked return value for some IntelR QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result ma...

Apache Tomcat - AJP secret compared in non-constant time

Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.21 Apache Tomcat 10.1.0-M1 to 10.1.54 Apache Tomcat 9.0.0.M1 to 9.0.117 Older, unsupported versions may also be affected Description: The AJP secret was compared in non-constant time allowing an attacker on the local network to mount a timing...

GHSA-9M89-8FRQ-C98C Apache Tomcat - AJP secret compared in non-constant time

Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.21 Apache Tomcat 10.1.0-M1 to 10.1.54 Apache Tomcat 9.0.0.M1 to 9.0.117 Older, unsupported versions may also be affected Description: The AJP secret was compared in non-constant time allowing an attacker on the local network to mount a timing...

CVE-2026-42891

User interface ui misrepresentation of critical information in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...

CVE-2026-42899

Loop with unreachable exit condition 'infinite loop' in ASP.NET Core allows an unauthorized attacker to deny service over a network...

CVE-2026-41109

Improper neutralization of special elements in output used by a downstream component 'injection' in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network...

CVE-2026-41096

Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network...

CVE-2026-41089

Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network...

CVE-2026-41086

Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network...

CVE-2026-40405

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network...