84 matches found
CVE-2026-54118
Deserialization of untrusted data in SQL Server allows an authorized attacker to execute code over a network...
CVE-2026-48561
Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to execute code over a network...
CVE-2026-54117
CVE-2026-54117 affects Microsoft SQL Server and is caused by deserialization of untrusted data, enabling an authorized attacker to execute code over a network. The CVSS v3.1 base score is 8.8 (HIGH) with network access, low attack complexity, and privileges required as LOW; impact to confidential...
CVE-2026-58287
Use after free in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
CVE-2026-57984
Use after free in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
CVE-2026-57974
Integer overflow or wraparound in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
EUVD-2026-41571
Use after free in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
PT-2026-54783
Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based versions prior to 149.0.4022.98 Description A use-after-free issue exists in Microsoft Edge Chromium-based. This flaw allows an authorized attacker to execute arbitrary code over a network. Use-after-free is a...
EUVD-2026-35413
In the Linux kernel, the following vulnerability has been resolved: net: gro: don't merge zcopy skbs skbgroreceive can currently copy frags between the source and GRO skb, without checking the zerocopy status, and in particular the SKBFLMANAGEDFRAGREFS flag. When SKBFLMANAGEDFRAGREFS is set, the...
CVE-2026-45497
Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an authorized attacker to execute code over a network...
CVE-2026-40412
Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network...
SUSE-SU-2026:21836-1 Security update for cups
This update for cups fixes the following issues - CVE-2026-27447: Authorization bypass via case-insensitive group-member lookup bsc1261572. - CVE-2026-34978: Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss bsc1261571. - CVE-2026-34979: Heap overflow in getoption...
SUSE-SU-2026:21871-1 Security update for cups
This update for cups fixes the following issues - CVE-2026-27447: Authorization bypass via case-insensitive group-member lookup bsc1261572. - CVE-2026-34978: Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss bsc1261571. - CVE-2026-34979: Heap overflow in getoption...
CVE-2026-33844
Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network...
CVE-2026-33120
Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network...
CVE-2026-25172
Integer overflow or wraparound in Windows Routing and Remote Access Service RRAS allows an authorized attacker to execute code over a network...
CVE-2026-25173
Integer overflow or wraparound in Windows Routing and Remote Access Service RRAS allows an authorized attacker to execute code over a network...
CVE-2026-26111
Integer overflow or wraparound in Windows Routing and Remote Access Service RRAS allows an authorized attacker to execute code over a network...
KB5078885: Windows 10 version 21H2 / Windows 10 Version 22H2 Security Update (March 2026)
The remote Windows host is missing security update 5078885. It is, therefore, affected by multiple vulnerabilities - Use after free in Broadcast DVR allows an authorized attacker to elevate privileges locally. CVE-2026-23667 - Use after free in Windows Print Spooler Components allows an authorize...
Azure SDK for Python Remote Code Execution Vulnerability
Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network...