192003 matches found
CVE-2026-40398
Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally...
CVE-2026-40370
External control of file name or path in SQL Server allows an authorized attacker to execute code over a network...
CVE-2026-42899
Loop with unreachable exit condition 'infinite loop' in ASP.NET Core allows an unauthorized attacker to deny service over a network...
CVE-2026-42825
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally...
CVE-2026-41101
Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally...
CVE-2026-41095
Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally...
CVE-2026-40417
Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally...
CVE-2026-40415
Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network...
CVE-2026-40406
Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network...
CVE-2026-40405
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network...
CVE-2026-35433
Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally...
EUVD-2026-29572
Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally...
CVE-2026-40379 Azure Entra ID Spoofing Vulnerability
...
Extending Security to MCP Servers: Closing a Critical Gap
The Model Context Protocol MCP is a de facto standard for providing structured access to privileged systems for AI agents and external integrations. It acts as a USB-C port for AI, enabling faster innovation by allowing organizations to expose tools, resources, and workflows without the...
CVE-2025-35990
Improper input validation for some Intel Endpoint Management Assistant EMA software before version 1.14.5 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable escalation...
CVE-2026-20717
CVE-2026-20717 describes improper input validation in some Intel QAT software drivers for Windows prior to version 1.13, exploitable in Ring 3 (local). An authenticated, low-privilege user could cause a denial of service with a low=confidentiality and integrity impact and a high availability impa...
Fake Claude search results lure Mac users into ClickFix attack
Researchers found that cybercriminals are using sponsored search results and shared Claude chats to lure victims into a typical ClickFix attack to install malware on macOS devices. ClickFix is a social engineering method that tricks users into infecting their own device with malware. Users are...
CVE-2026-8109
An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials...
Security Bulletin: Consul-template vulnerable to sandbox path bypass in file helper via a symlink attack
Summary The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability CVE-2026-5061 is fixed in consul-template 0.42.0. Vulnerability Details CVEID:CVE-2026-5061 DESCRIPTION:...
RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded
RubyGems , the standard package manager for the Ruby programming language, has temporarily paused account sign ups following what has been described as a "major malicious attack." "We're dealing with a major malicious attack on RubyGems right now," Maciej Mensfeld, senior product manager for...