3687 matches found
CVE-2026-40418
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally...
CVE-2026-35436
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally...
EUVD-2026-30065
A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS® Software allows an unauthenticated attacker with network access to cause a denial of service DoS condition all PAN-OS platforms except Cloud NGFW and Prisma Access or potentially execute arbitra...
EUVD-2026-29997
A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are...
CVE-2026-32643
CVE-2026-32643 affects BIG-IP and BIG-IQ. An authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Impact includes execution of system commands, file creation/deletion, and potential Appliance mode restrictions by...
Malicious code in openai-spellcheckers (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 195e6ac284c1a3e97b7683250a5514ed89d903819d2a3c97987782d4725e0e9f Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...
PT-2026-40876
Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.7 through 18.9.6 GitLab EE versions 18.10 through 18.10.5 GitLab EE versions 18.11 through 18.11.2 Description An issue in customizable analytics dashboards allows an authenticated user to execute arbitrary JavaScript in...
CVE-2026-31246
GPT-Pilot thru commit 0819827ce20346ef5f25b3fe29293cb448840565 2025-09-03 contains a command injection vulnerability CWE-78 in the Executor.run method. During project execution, when the system prompts the user to confirm or modify a command to be run, it accepts free-text input without proper...
CVE-2026-44866
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system...
EUVD-2026-29677
Improper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally...
EUVD-2026-29675
Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally...
CVE-2026-40420
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally...
CVE-2026-40418
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally...
CVE-2026-35436
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally...
CVE-2026-40420
CVE-2026-40420 : Affected product: Microsoft Office Click-To-Run. Description: Improper access control allows an authorized attacker to elevate privileges locally. The vulnerability is described across multiple sources (NVD, CVE lists) with a high impact score (CVSS 3.1: AV:L/AC:L/PR:L/UI:N/S:C/C...
CVE-2026-40420 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
...
CVE-2026-40420 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
...
CVE-2026-40420
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally...
CVE-2026-35436
CVE-2026-35436 describes an elevation of privilege vulnerability in Microsoft Office Click-To-Run caused by insufficient granularity of access control. The CVE affects Office Click-To-Run components, enabling an attacker with LOCAL access and LOW privileges, and with NO user interaction, to achie...
CVE-2026-35436 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
...