16284 matches found
CVE-2026-42936
The installer of HYPER SBI 2 insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when invoking the affected installer, arbitrary code may be executed with the privilege of the user invoking the installer...
CVE-2026-42936
The installer of HYPER SBI 2 insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when invoking the affected installer, arbitrary code may be executed with the privilege of the user invoking the installer...
CVE-2026-42936
The CVE-2026-42936 entry concerns the HYPER SBI 2 installer, which insecurely loads Dynamic Link Libraries. A local attacker can place a crafted DLL in the installer’s directory, enabling arbitrary code execution with the invoking user’s privileges during installation. The documented impact is hi...
CVE-2026-42936
The installer of HYPER SBI 2 insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when invoking the affected installer, arbitrary code may be executed with the privilege of the user invoking the installer...
EUVD-2026-44591
The installer of HYPER SBI 2 insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when invoking the affected installer, arbitrary code may be executed with the privilege of the user invoking the installer...
SiYuan Note - Cross-Site Scripting
SiYuan Note through version 3.6.1 is vulnerable to unauthenticated reflected Cross-Site Scripting XSS in the /api/icon/getDynamicIcon endpoint due to improper filtering of SVG elements with a namespace prefix such as . By using a namespaced script element, attackers can bypass the SanitizeSVG...
CVE-2026-48806
Twig is a template language for PHP. Prior to 3.27.0, ArrayExpression does not guard dynamic mapping keys that are coerced to strings, allowing PHP to invoke toString on a Stringable object used as a mapping key without calling SandboxExtension::ensureToStringAllowed. This issue is fixed in versi...
CVE-2026-46640
Twig is a template language for PHP. From 3.15.0 until 3.26.0, self. and import-alias dynamic attribute syntax can concatenate an attacker-controlled string into a MacroReferenceExpression name without identifier validation, causing raw PHP to be emitted into the generated template source and...
CVE-2026-48806 Twig: Sandbox `__toString()` policy bypass via dynamic mapping keys
Twig is a template language for PHP. Prior to 3.27.0, ArrayExpression does not guard dynamic mapping keys that are coerced to strings, allowing PHP to invoke toString on a Stringable object used as a mapping key without calling SandboxExtension::ensureToStringAllowed. This issue is fixed in versi...
CVE-2026-48806
Twig’s vulnerability CVE-2026-48806 concerns dynamic mapping keys in ArrayExpression not being wrapped for string coercion, allowing PHP to call __toString() on a Stringable key without SandboxExtension::ensureToStringAllowed(). The issue affects Twig
CVE-2026-47732
Twig Sandbox: multiple __toString() policy bypasses via unguarded string coercion points existed prior to 3.26.0, enabling string coercion of Stringable operands through various constructs (conditional expressions, matches operator, loose comparisons, tests, template-loading tags, dynamic attribu...
CVE-2026-49181
Integer underflow wrap or wraparound in Windows DHCP Client allows an unauthorized attacker to elevate privileges over a network...
CVE-2026-48564
Heap-based buffer overflow in Windows DHCP Server allows an authorized attacker to execute code over a network...
CVE-2026-58627
CVE-2026-58627 is a Windows DHCP Server Denial of Service vulnerability caused by uncontrolled resource consumption that allows a remote attacker to deny service over a network. Affected: Windows DHCP Server. Impact: availability loss (high). Mitigation: Microsoft has released updates and guidanc...
CVE-2026-56159
CVE-2026-56159 is a heap-based buffer overflow in Windows DHCP Server that can allow an unauthenticated attacker to execute code over a network (remote code execution). The vulnerability is rated CRITICAL with Network attack vector and no explicit exploit details in the provided documents. Connec...
CVE-2026-50370
CVE-2026-50370 is a heap-based buffer overflow in the Windows DHCP Server service that could allow an unauthenticated attacker on an adjacent network to execute code. The vulnerability is listed among the July 2026 Patch Tuesday disclosures and is included in Microsoft’s security updates (KB50995...
CVE-2026-50370 DHCP Server Service Remote Code Execution Vulnerability
...
CVE-2026-48564 DHCP Server Service Remote Code Execution Vulnerability
...
2026-07 Dynamic Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5099539)
2026-07 Dynamic Cumulative Update for Windows 10 Version 21H2 for x64-based Systems KB5099539...
2026-07 Dynamic Cumulative Update for Windows 10 Version 21H2 for x86-based Systems (KB5099539)
2026-07 Dynamic Cumulative Update for Windows 10 Version 21H2 for x86-based Systems KB5099539...