4312 matches found
CVE-2026-42881 STIGQter: Arbitrary File Write leading to Local Code Execution via Export HTML
STIGQter is an open-source reimplementation of DISA's STIG Viewer. From 0.1.2 to before 1.2.7, an attacker can achieve local code execution LCE with the privileges of the user running STIGQter. This requires user interaction: the victim must open the malicious .stigqter file and explicitly run th...
EUVD-2026-30305
STIGQter is an open-source reimplementation of DISA's STIG Viewer. From 0.1.2 to before 1.2.7, an attacker can achieve local code execution LCE with the privileges of the user running STIGQter. This requires user interaction: the victim must open the malicious .stigqter file and explicitly run th...
CVE-2026-42881 STIGQter: Arbitrary File Write leading to Local Code Execution via Export HTML
STIGQter is an open-source reimplementation of DISA's STIG Viewer. From 0.1.2 to before 1.2.7, an attacker can achieve local code execution LCE with the privileges of the user running STIGQter. This requires user interaction: the victim must open the malicious .stigqter file and explicitly run th...
CVE-2026-42881
STIGQter is an open-source reimplementation of DISA's STIG Viewer. From 0.1.2 to before 1.2.7, an attacker can achieve local code execution LCE with the privileges of the user running STIGQter. This requires user interaction: the victim must open the malicious .stigqter file and explicitly run th...
PT-2026-41182
Name of the Vulnerable Software and Affected Versions electerm versions 3.0.6 through 3.8.8 Description A local code execution issue exists where any process running under the same user can send a JSON payload to the single-instance socket or pipe of the application. This allows an attacker to...
PT-2026-40946
STIGQter is an open-source reimplementation of DISA's STIG Viewer. From 0.1.2 to before 1.2.7, an attacker can achieve local code execution LCE with the privileges of the user running STIGQter. This requires user interaction: the victim must open the malicious .stigqter file and explicitly run th...
Security Updates for Microsoft Office Products C2R (May 2026)
The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities: - Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. CVE-2026-40358 - Heap-based buffer overflow in Microsoft Office allows an unauthorized...
CVE-2026-42831
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally...
CVE-2026-41611
Improper neutralization of script-related html tags in a web page basic xss in Visual Studio Code allows an unauthorized attacker to execute code locally...
CVE-2026-40403
Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally...
CVE-2026-40366
Access of resource using incompatible type 'type confusion' in Microsoft Office Word allows an unauthorized attacker to execute code locally...
CVE-2026-40364
Access of resource using incompatible type 'type confusion' in Microsoft Office Word allows an unauthorized attacker to execute code locally...
CVE-2026-40361
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally...
CVE-2026-40363
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally...
CVE-2026-40367
Access of resource using incompatible type 'type confusion' in Microsoft Office Word allows an unauthorized attacker to execute code locally...
CVE-2026-40359
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally...
CVE-2026-40358
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally...
CVE-2026-35421
Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally...
CVE-2026-40362
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally...
CVE-2020-37221
Atomic Alarm Clock 6.3 contains a stack overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string to the display name textbox in the Time Zones Clock configuration. Attackers can craft a buffer with structured exception handling overwrite and...