3483 matches found
CVE-2026-43721
A flaw was found in WebKitGTK. A malicious website can silently hijack clipboard data due to improper state management...
CVE-2026-50689
Use after free in Windows Clipboard Server allows an authorized attacker to elevate privileges locally...
CVE-2026-50488
Improper neutralization of special elements used in a command 'command injection' in Windows Clipboard User Service allows an authorized attacker to elevate privileges locally...
CVE-2026-49183
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Clipboard Server allows an authorized attacker to elevate privileges locally...
CVE-2026-50689 Windows Clipboard Server Elevation of Privilege Vulnerability
...
CVE-2026-50689
CVE-2026-50689 – Windows Clipboard Server suffers a use-after-free in the Clipboard Server that enables a local, authorized attacker to elevate privileges. The CVSS 3.1 vector shows a local, low-privilege exploit with no user interaction and high confidentiality, integrity, and availability impac...
CVE-2026-50689 Windows Clipboard Server Elevation of Privilege Vulnerability
...
CVE-2026-50488
CVE-2026-50488 affects Windows Clipboard User Service and is caused by improper neutralization of special elements in a command, enabling local privilege escalation for an authorized attacker. The CVSS v3.1 vector indicates local access, low attack complexity and privileges, with high impact to c...
CVE-2026-50488 Clipboard User Service Elevation of Privilege Vulnerability
...
CVE-2026-49183 Windows Clipboard Server Elevation of Privilege Vulnerability
...
CVE-2026-49183
CVE-2026-49183 describes a race condition in Windows Clipboard Server due to improper synchronization, enabling a local attacker with low privileges to elevate to higher rights. The affected component is the Windows Clipboard Server (shared resource handling) and the root cause is concurrent exec...
CVE-2026-49183 Windows Clipboard Server Elevation of Privilege Vulnerability
...
Windows Clipboard Server Elevation of Privilege Vulnerability
Use after free in Windows Clipboard Server allows an authorized attacker to elevate privileges locally...
Clipboard User Service Elevation of Privilege Vulnerability
Improper neutralization of special elements used in a command 'command injection' in Windows Clipboard User Service allows an authorized attacker to elevate privileges locally...
MAL-2026-10560 Malicious code in clipboard-drop (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea807812d5f872524eab6c57931788239310050ffb4c477643977def9dac8fb9 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in clipboard-drop (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea807812d5f872524eab6c57931788239310050ffb4c477643977def9dac8fb9 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
PT-2026-58509
Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description A use after free issue in the Windows Clipboard Server allows an authorized attacker to elevate privileges locally. Use after free is a memory corruption flaw that occurs when an application...
EUVD-2026-42822
Path traversal in SemClipboardService prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system privilege...
freerdp: FreeRDP: Arbitrary code execution and denial of service via heap-buffer-overflow
A heap-buffer overflow vulnerability exists in the FreeRDP server's clipboard channel. A remote attacker can exploit this by sending a specially crafted message to the server, which can crash the service Denial of Service or potentially allow the attacker to execute arbitrary code...
MAL-2026-7012 Malicious code in express-mongo-limit (npm)
The npm package express-mongo-limit masquerades as an Express/MongoDB payload sanitization middleware likely typosquatting express-mongo-sanitize but is a credential stealer, remote-code-execution backdoor, crypto clipboard hijacker, and screenshot spyware. It declares a postinstall: node index.j...