CVE-2026-42567

Svelte is a performance oriented web framework. From version 5.51.5 to before version 5.55.7, an internal regex in the Svelte runtime can take exponential time to test in . This issue has been patched in version 5.55.7...

CVE-2026-40371

Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 on-premises allows an authorized attacker to elevate privileges over a network...

Malicious code in @oplus/obus-web-sdk-plugin-recovery (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a7435b09e6ec064fe7ff0738becd8dd3445f1a73e97427a8fb9285460bd4f723 @oplus/[email protected] publishes to a likely-private internal scope at an artificially high version to win resolution against a...

EUVD-2026-35761

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally...

CVE-2026-42987

The CVE-2026-42987 entry concerns a use-after-free in Windows Deployment Services (WDS) that enables an unauthenticated attacker to achieve remote code execution over the network . The associated CVSS 3.1 vector indicates network access, high impact on confidentiality, integrity, and availability...

EUVD-2026-35755

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

CVE-2026-42983

CVE-2026-42983 is a Windows vulnerability described across multiple sources as a use-after-free in the DWM Core Library that allows an authorized, local attacker to elevate privileges. The issue is identified consistently in Microsoft’s MSRC page and NVD records; no public exploit details or defa...

EUVD-2026-35750

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

CVE-2026-44811

CVE-2026-44811 refers to a use-after-free in the Windows DWM Core Library that enables a locally authenticated attacker to elevate privileges. Confirmed across multiple sources (NVD/MSRC/CVE listings). The vulnerability is described as a local, high-impact elevation of privilege with a CVSS v3.1 ...

CVE-2026-44805

CVE-2026-44805: Use-after-free in Windows Network Controller (NC) Host Agent enables an authorized local attacker to cause denial of service. Affected component is the Windows Network Controller Host Agent; underlying cause is use-after-free. CVSSv3.1 base score 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I...

CVE-2026-42977

CVE-2026-42977 describes a race condition in Windows Push Notifications caused by improper synchronization of a shared resource. This vulnerability enables an authorized, local attacker to elevate privileges. The CVSS 3.1 base score is 7.8 (HIGH) with Local attack vector, high complexity, and req...

CVE-2026-42981

The provided documents identify CVE-2026-42981 as a Windows Performance Monitor remote code execution vulnerability caused by an integer underflow (wrap/wraparound). The issue is exploitable over the network without user interaction and with no privileges required (AV:N/PR:N/UI:N), as indicated b...

CVE-2026-42909

CVE-2026-42909 involves a heap-based buffer overflow in the Remote Desktop Client that enables a remote attacker to execute code over the network. The vulnerability arises from improper handling of data during remote desktop operations, leading to memory corruption. The CVSS-3.1 vector (AV:N/AC:H...

CVE-2026-42916

The CVE-2026-42916 entry describes an Integer underflow in the Windows NT OS Kernel that enables local privilege escalation for an authorized attacker. Affected: Windows NT OS Kernel (kernel-level component). Root cause: wrap/underflow during arithmetic in the kernel. Impact: high across confiden...

EUVD-2026-35592

Null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a network...

CVE-2026-42903

Windows Kerberos in Windows is affected by CVE-2026-42903, a null pointer dereference that can be exploited by an authorized attacker over the network to cause a denial of service. The CVSS data indicates network access with low attack complexity, low privileges required, no user interaction, and...

CVE-2026-42904

CVE-2026-42904 is a Windows TCP/IP heap-based buffer overflow vulnerability that allows an unauthenticated attacker on an adjacent network to elevate privileges. The issue affects the Windows TCP/IP stack and is identified as a 9.6 (CRITICAL) CVSSv3.1 Base Score with attacker-friendly characteris...

CVE-2026-50507

CVE-2026-50507 concerns a Protection mechanism failure in Windows BitLocker that allows an unauthorized attacker to bypass a security feature via a physical attack . The connected documents corroborate a vulnerability affecting Windows BitLocker, with a CVSS v3.1 base score of 6.8 (Medium). The a...

EUVD-2026-35589

Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack...

CVE-2026-49160

The CVE-2026-49160 entry concerns HTTP.sys with an HTTP/2 resource consumption flaw leading to unauthenticated denial of service over the network. Exploitation details, affected versions or specific component paths aren’t provided in the connected documents. The NVD/MSRC entries confirm an uncont...