CVE-2026-23666

Improper input validation in .NET Framework allows an unauthorized attacker to deny service over a network...

CVE-2026-33825

Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally...

CVE-2026-33116

Loop with unreachable exit condition 'infinite loop' in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network...

CVE-2026-33116

Loop with unreachable exit condition 'infinite loop' in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network...

CVE-2026-33096

Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to deny service over a network...

CVE-2026-32223

Heap-based buffer overflow in Windows USB Print Driver allows an unauthorized attacker to elevate privileges with a physical attack...

CVE-2026-32202

Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network...

CVE-2026-32184

Deserialization of untrusted data in Microsoft High Performance Compute Pack HPC allows an authorized attacker to elevate privileges locally...

CVE-2026-2403

CWE-1284 Improper Validation of Specified Quantity in Input vulnerability exists that could cause Event and Data Log truncation impacting log integrity when a Web Admin user alters the POST /logsettings request payload...

CVE-2026-23708

A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2 may allow an unauthenticated attacker to bypass authentication via replaying captured 2FA...

CVE-2026-23708

A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2 may allow an unauthenticated attacker to bypass authentication via replaying captured 2FA...

CVE-2026-22155

A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1,...

CVE-2026-22574

CVE-2026-22574 affects Fortinet FortiSOAR PaaS (versions 7.6.0–7.6.4, 7.5.0–7.5.2, 7.4 all, 7.3 all) and FortiSOAR on‑premise (7.6.0–7.6.4, 7.5.0–7.5.2, 7.4 all, 7.3 all). The issue is a vulnerability where passwords are stored in a recoverable format, potentially allowing an authenticated remote...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Improper Link Resolution Before File Access in filelock [CVE-2025-68146]

Summary IBM Watson Speech Services Cartridge is vulnerable to an Improper Link Resolution Before File Access in filelock, caused by a Time-of-Check-Time-of-Use TOCTOU race condition that allows local attackers to corrupt or truncate arbitrary user files through symlink attacks CVE-2025-68146...

CVE-2026-4913

Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to retain access when their account has been disabled...

Microsoft Brokering File System Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization 'race condition' in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally...

Windows Projected File System Elevation of Privilege Vulnerability

Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally...

HTTP.sys Denial of Service Vulnerability

Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to deny service over a network...

.NET Framework Denial of Service Vulnerability

Concurrent execution using shared resource with improper synchronization 'race condition' in .NET Framework allows an unauthorized attacker to deny service over a network...

Connected User Experiences and Telemetry Service Denial of Service Vulnerability

Improper privilege management in Microsoft Windows allows an authorized attacker to deny service locally...