192003 matches found
CVE-2026-0300
A buffer overflow vulnerability in the User-ID™ Authentication Portal aka Captive Portal service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. T...
CVE-2026-42652
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpeverest User Registration user-registration allows Reflected XSS.This issue affects User Registration: from n/a through = 5.1.5...
CVE-2026-33603
Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the client connection. If successful, the attacker can eavesdrop communications between Dovecot and...
Visual Studio Code Elevation of Privilege Vulnerability
Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network...
Windows Filtering Platform (WFP) Security Feature Bypass Vulnerability
Improper access control in Windows Filtering Platform WFP allows an authorized attacker to bypass a security feature locally...
M365 Copilot for Desktop Spoofing Vulnerability
Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally...
Windows Storport Miniport Driver Denial of Service Vulnerability
Null pointer dereference in Windows Storport Miniport Driver allows an unauthorized attacker to deny service over a network...
Windows Print Spooler Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally...
Microsoft Office Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally...
Windows Kernel-Mode Driver Remote Code Execution Vulnerability
Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network...
Windows Rich Text Edit Elevation of Privilege Vulnerability
Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally...
GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability
Improper neutralization of special elements in output used by a downstream component 'injection' in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network...
Windows DNS Client Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network...
Windows TCP/IP Information Disclosure Vulnerability
Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network...
Windows Volume Manager Extension Driver Remote Code Execution Vulnerability
Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack...
CVE-2026-5061 Consul-template vulnerable to sandbox path bypass in file helper via a symlink attack
The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability CVE-2026-5061 is fixed in consul-template 0.42.0...
CVE-2026-5061
The affected software is consul-template. Before version 0.42.0, the library’s file template helper is vulnerable to a sandbox path bypass that may allow reading an out-of-sandbox file. The underlying issue is a path bypass in the file template helper, enabling access outside the intended sandbox...
CVE-2026-5061 Consul-template vulnerable to sandbox path bypass in file helper via a symlink attack
The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability CVE-2026-5061 is fixed in consul-template 0.42.0...
CVE-2026-40016
Attacker can upload a malicious Sieve script over ManageSieve service or locally to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to degrade server performance and bypass configured CPU time limits for Sieve scripts. Install fixed...
CVE-2026-33603
Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the client connection. If successful, the attacker can eavesdrop communications between Dovecot and...