192070 matches found
CVE-2026-33714
Chamilo LMS versions 2.0.0-RC.2 are affected by a SQL injection in the statistics AJAX endpoint (public/main/inc/ajax/statistics.ajax.php) where unsanitized parameters date_start and date_end in the users_active action interpolate into SQL. This follows an incomplete fix for CVE-2026-30881, which...
USN-8138-2: tar-rs vulnerability
USN-8138-1 fixed a vulnerability in tar-rs. This update provides the corresponding update for Ubuntu 20.04 LTS. Original advisory details: It was discovered that tar-rs incorrectly handled symlinks when unpacking a tar archive. If a user or automated system were tricked into processing a speciall...
CVE-2026-5977
A weakness has been identified in Totolink A7100RU 7.4cu.2313b20191024. This impacts the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument wifiOff can lead to os command injection. It is possible to launch the attack...
CVE-2026-32203
A flaw was found in .NET. A remote attacker could exploit a stack overflow vulnerability during encrypted key nested decryption, leading to a Denial of Service DoS. This could make the affected system unavailable to legitimate users. Mitigation Mitigation for this issue is either not available or...
CVE-2026-23666
A flaw was found in .NET Framework. An unauthorized attacker can exploit a race condition, which is a concurrent execution using shared resources with improper synchronization, to deny service over a network. This vulnerability can lead to a Denial of Service DoS for affected systems. Mitigation...
EUVD-2026-22610
Untrusted pointer dereference in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally...
EUVD-2026-22563
Improper privilege management in Microsoft Windows allows an authorized attacker to deny service locally...
EUVD-2026-22540
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally...
EUVD-2026-22553
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows User Interface Core allows an authorized attacker to elevate privileges locally...
EUVD-2026-22561
Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges locally...
EUVD-2026-22515
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows SSDP Service allows an authorized attacker to elevate privileges locally...
EUVD-2026-22524
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Biometric Service allows an unauthorized attacker to bypass a security feature with a physical attack...
EUVD-2026-22489
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows SSDP Service allows an authorized attacker to elevate privileges locally...
EUVD-2026-22481
Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network...
EUVD-2026-22473
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally...
EUVD-2026-22501
Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally...
EUVD-2026-22497
Improper authentication in Windows Active Directory allows an unauthorized attacker to perform spoofing locally...
EUVD-2026-22463
Untrusted pointer dereference in Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges locally...
EUVD-2026-22446
Use after free in Windows TDI Translation Driver tdx.sys allows an authorized attacker to elevate privileges locally...
EUVD-2026-22445
Integer underflow wrap or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally...