192159 matches found
CVE-2026-6117
A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1. This issue affects the function installpluginupload of the file astrbot/dashboard/routes/plugin.py of the component install-upload Endpoint. The manipulation of the argument File results in sandbox issue. The attack can be executed...
CVE-2026-32223
Heap-based buffer overflow in Windows USB Print Driver allows an unauthorized attacker to elevate privileges with a physical attack...
CVE-2026-32088
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Biometric Service allows an unauthorized attacker to bypass a security feature with a physical attack...
CVE-2026-6134
A security flaw has been discovered in Tenda F451 1.0.0.7cnsvn7958. This vulnerability affects the function fromqossetting of the file /goform/qossetting. Performing a manipulation of the argument qos results in stack-based buffer overflow. The attack is possible to be carried out remotely. The...
CVE-2026-23670
Untrusted pointer dereference in Windows Virtualization-Based Security VBS Enclave allows an authorized attacker to bypass a security feature locally...
CVE-2026-26175
Use of uninitialized resource in Windows Boot Manager allows an unauthorized attacker to bypass a security feature with a physical attack...
CVE-2026-33824
Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network...
CVE-2026-33098
Use after free in Windows Container Isolation FS Filter Driver allows an authorized attacker to elevate privileges locally...
CVE-2026-32219
Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally...
CVE-2026-32192
Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally...
CVE-2026-27926
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally...
CVE-2026-27928
Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network...
CVE-2026-26183
Improper access control in Windows RPC API allows an authorized attacker to elevate privileges locally...
CVE-2026-26160
Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally...
CVE-2026-20928
Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security feature with a physical attack...
CVE-2026-6385
A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds...
CVE-2026-6385
A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds...
CVE-2026-33877
ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a timing side-channel vulnerability in the password reset endpoint /api/v1/@apostrophecms/login/reset-request that allows unauthenticated username and email enumeration. When a user is not found,...
CVE-2026-6306
Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...
CVE-2026-6300
Google Chrome (Chromium CSS engine) contains a use-after-free in CSS that allows remote code execution inside the sandbox via a crafted HTML page. Affected versions are prior to 147.0.7727.101; remediation is to upgrade to Chrome 147.0.7727.101 or newer as indicated by the referenced Chromium upd...