192248 matches found
EUVD-2025-208465
PROBLEMTYPE in COMPONENT in VENDOR PRODUCT VERSION on PLATFORMS allows ATTACKER to IMPACT via VECTOR...
EUVD-2025-208466
PROBLEMTYPE in COMPONENT in VENDOR PRODUCT VERSION on PLATFORMS allows ATTACKER to IMPACT via VECTOR...
EUVD-2026-10453
SAP GUI for Windows allows DLL files to be loaded from arbitrary directories within the application. An unauthenticated attacker could exploit this vulnerability by persuading a victim to place a malicious DLL within one of these directories. The malicious command is executed in the victim user's...
GO-2026-4594 Traefik: tcp router clears read deadlines before tls forwarding, enabling stalled handshakes (Slowloris DOS) in github.com/traefik/traefik
Traefik: tcp router clears read deadlines before tls forwarding, enabling stalled handshakes Slowloris DOS in github.com/traefik/traefik...
GHSA-PMGJ-GMM4-JH6J Craft Commerce is vulnerable to SQL Injection in Commerce Inventory Table Sorting
Summary Craft Commerce is vulnerable to SQL Injection in the inventory levels table data endpoint. The sort0direction and sort0sortField parameters are concatenated directly into an addOrderBy clause without any validation or sanitization. An authenticated attacker with access to the Commerce...
CVE-2026-2741
Specially crafted ZIP archives can escape the intended extraction directory during Node.js download and extraction in Vaadin 14.2.0 through 14.14.0, 15.0.0 through 23.6.6, 24.0.0 through 24.9.8, and 25.0.0 through 25.0.2. Vaadin’s build process can automatically download and extract Node.js if it...
CVE-2026-26130
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network...
CVE-2026-26127
Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network...
CVE-2026-26118
Server-side request forgery ssrf in Azure MCP Server allows an authorized attacker to elevate privileges over a network...
CVE-2026-26128
Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally...
CVE-2026-26115
Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network...
CVE-2026-26116
Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...
CVE-2026-26111
Integer overflow or wraparound in Windows Routing and Remote Access Service RRAS allows an authorized attacker to execute code over a network...
CVE-2026-26105
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-25972
An improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4 may allow a remote unauthenticated attacker to provide arbitrary data enabling a social engineering attack via spoofed URL parameters...
CVE-2026-25188
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to elevate privileges over an adjacent network...
CVE-2026-25177
Improper restriction of names for files and other resources in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network...
CVE-2026-25170
Use after free in Windows Hyper-V allows an authorized attacker to elevate privileges locally...
CVE-2026-25165
Null pointer dereference in Windows Performance Counters allows an authorized attacker to elevate privileges locally...
CVE-2026-24296
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Device Association Service allows an authorized attacker to elevate privileges locally...