CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

388 matches found

PCTCore64.sys Windows kernel driver contains missing access control vulnerability

Overview The PCTCore64.sys Windows kernel driver from PC Tools Internet Security exposes its \.\PCTCoreDriver device interface with no access control, allowing any user-mode process to interact with the driver and invoke privileged IOCTL I/O Control commands. In a Bring Your Own Vulnerable Driver...

7.8CVSS6AI score0.00015EPSS

Exploits0

OSV•added 6 days ago•4 views

DEBIAN-CVE-2026-44421

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs. The bug is in gdiCacheToSurface: it validates a destination rectangle that is clamped to UINT16MA...

8.8CVSS5.9AI score0.00051EPSS

Exploits1References1

CVE•added 2026/05/27 7:47 p.m.•9 views

CVE-2026-8360

CVE-2026-8360 affects the Triofox server components using WOSCommonUtil.dll, specifically the function WOSSysInfoGetDeviceInterface() called by DLLs such as WOSProfileMgrModule.dll and WOSWebDavModule.dll . The vulnerability arises when these calls can return a NULL pointer (e.g., when no user is...

7.5CVSS5.8AI score0.00053EPSS

Exploits0References1

Cvelist•added 2026/05/27 7:47 p.m.•33 views

CVE-2026-8360 Gladinet Triofox Unchecked Return Value to NULL Pointer Dereference DOS

Function calls to WOSCommonUtil.dll!WOSSysInfoGetDeviceInterface in various DLLs i.e., WOSProfileMgrModule.dll, WOSWebDavModule.dll can return a NULL pointer i.e., when no user is logged into the Triofox Server Agent Management Console. The returned NULL pointer is not checked before being...

7.5CVSS0.00053EPSS

Exploits0References1

Positive Technologies•added 2026/05/27 12:0 a.m.•5 views

PT-2026-44094

7.5CVSS5.8AI score0.00053EPSS

Exploits0References2

Debian CVE•added 2026/05/26 2:8 p.m.•4 views

CVE-2026-40033

FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdiCacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16MAX but performs copy operations using unclamped cache entry...

8.8CVSS6.4AI score0.00068EPSS

Exploits1

RedhatCVE•added 2026/05/13 8:22 p.m.•2 views

CVE-2026-35421

Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally...

7.8CVSS6.1AI score0.00062EPSS

Exploits0References1

EUVD•added 2026/05/12 6:30 p.m.•14 views

EUVD-2026-29628

Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally...

7.8CVSS6.1AI score0.00062EPSS

Exploits0References2

Vulnrichment•added 2026/05/12 4:58 p.m.•4 views

CVE-2026-35421 Windows GDI Remote Code Execution Vulnerability

...

7.8CVSS5.8AI score0.00062EPSS

Exploits0References1

CVE•added 2026/05/12 4:58 p.m.•24 views

CVE-2026-35421

CVE-2026-35421 describes a heap-based buffer overflow in Windows GDI that permits a local attacker to execute arbitrary code. The entry lists a CVSS v3.1 base score of 7.8 (HIGH) with LOCAL attack vector, LOW attack complexity, NO privileges required, user interaction required, and impacts to con...

7.8CVSS6.1AI score0.00062EPSS

Exploits0References1Affected Software14

Microsoft CVE•added 2026/05/12 2:0 p.m.•9 views

Windows GDI Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally...

7.8CVSS6.1AI score0.00062EPSS

Exploits0

Kaspersky•added 2026/05/12 12:0 a.m.•9 views

KLA91038 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Security Update. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, gain privileges, execute arbitrary code, obtain sensitive information. Below is a complete list of...

9.8CVSS6.8AI score0.00257EPSS

Exploits5References65

Positive Technologies•added 2026/05/12 12:0 a.m.•5 views

PT-2026-40182

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description A heap-based buffer overflow in the Windows GDI Graphics Device Interface, which is the graphics subsystem of Windows, allows an unauthorized attacker to execute code locally. Recommendations...

7.8CVSS6.2AI score0.00062EPSS

Exploits0References4

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: serial: max310x: fix NULL pointer dereference in I2C instantiation When trying to instantiate a max14830 device from userspace: echo max14830 0x60 /sys/bus/i2c/devices/i2c-2/newdevice we get the following error: Unable to handle...

5.5CVSS6.6AI score0.00014EPSS

Exploits0References2

Debian CVE•added 2026/04/24 2:45 p.m.•3 views

CVE-2026-31650

In the Linux kernel, the following vulnerability has been resolved: mmc: vub300: fix use-after-free on disconnect The vub300 driver maintains an explicit reference count for the controller and its driver data and the last reference can in theory be dropped after the driver has been unbound. This...

7.8CVSS5.3AI score0.00015EPSS

Exploits0

Vulnrichment•added 2026/04/14 4:58 p.m.•2 views

CVE-2026-27930 Windows GDI Information Disclosure Vulnerability

...

5.5CVSS5.8AI score0.00051EPSS

Exploits0References1

Cvelist•added 2026/04/14 4:58 p.m.•22 views

CVE-2026-27930 Windows GDI Information Disclosure Vulnerability

...

5.5CVSS0.00051EPSS

Exploits0References1