256923 matches found
Use After Free
Overview Affected versions of this package are vulnerable to Use After Free in PKCS7verify. An attacker supplying a PKCS7 or S/MIME signed message whose SignedData digestAlgorithms field is an empty ASN.1 SET can cause a caller-owned BIO to be freed during verification. A subsequent use of that B...
EUVD-2026-35707
Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file. Attackers can exploit Git subprocess invocations in...
EUVD-2026-35519
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...
EUVD-2026-35516
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...
EUVD-2026-35518
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...
EUVD-2026-35505
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...
EUVD-2026-35501
Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network...
EUVD-2026-35697
Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network...
EUVD-2026-35699
Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network...
EUVD-2026-35681
Improper control of generation of code 'code injection' in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network...
EUVD-2026-35538
Improper limitation of a pathname to a restricted directory 'path traversal' in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...
EUVD-2026-35491
Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS7 or S/MIME signed...
EUVD-2026-35530
Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network...
EUVD-2026-35440
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution...
CVE-2026-49959
Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file. Attackers can exploit Git subprocess invocations in...
CVE-2026-47643
External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network...
CVE-2026-47654
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...
CVE-2026-47653
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...
CVE-2026-47291
Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network...
CVE-2026-47289
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...