257654 matches found
CVE-2026-45363
CVE-2026-45363 affects the ruby-jwt gem (Ruby implementation of JWT). Prior to versions 2.10.3 and 3.2.0, JWT.decode(token, '', true, algorithm: 'HS256') can accept attacker-forged tokens because OpenSSL::HMAC.digest('SHA256', '', payload) yields a valid digest with an empty key, and empty-key pa...
CVE-2026-50526
Improper link resolution before file access 'link following' in .NET allows an authorized attacker to perform tampering locally...
CVE-2026-59889
CVE-2026-59889 affects jackson-databind. UnwrappedPropertyHandler.processUnwrapped replays buffered JSON for a @JsonUnwrapped property and may bypass @JsonView guards during deserialization, enabling writes from attacker JSON under a less-privileged active view. Fixed in 2.18.9, 2.21.5, 2.22.1, 3...
CVE-2026-50526
CVE-2026-50526 describes an issue in .NET where improper link resolution before file access ("link following") can allow an authorized local attacker to tamper with files. Multiple sources document the same description and note a local attack vector with high impact on confidentiality, integrity,...
CVE-2026-47300
Incorrect implementation of authentication algorithm in ASP.NET Core allows an authorized attacker to elevate privileges over a network...
CVE-2026-48489
CVE-2026-48489 (Symfony) : A logic flaw in the DefaultAuthenticationFailureHandler with failure_forward enabled allowed an unauthenticated login failure to dispatch a subrequest to access_control-protected GET routes, bypassing firewall listeners. This affected Symfony versions prior to 5.4.53, 6...
CVE-2026-58530
Heap-based buffer overflow in Windows Resilient File System ReFS allows an unauthorized attacker to execute code locally...
CVE-2026-55134
Stack-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally...
CVE-2026-55140
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally...
CVE-2026-55022
Access of resource using incompatible type 'type confusion' in Microsoft Office allows an unauthorized attacker to execute code locally...
CVE-2026-54131
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally...
CVE-2026-50498
Windows Universal Disk Format File System Driver UDFS Elevation of Privilege Vulnerability...
CVE-2026-55001
Improper certificate validation in Windows Active Directory allows an authorized attacker to elevate privileges locally...
CVE-2026-50520
Improper neutralization of special elements used in a command 'command injection' in Visual Studio Code allows an unauthorized attacker to execute code locally...
CVE-2026-50308
Integer underflow wrap or wraparound in Windows NTFS allows an unauthorized attacker to execute code locally...
CVE-2026-49798
Use after free in Windows Kernel allows an unauthorized attacker to elevate privileges locally...
CVE-2026-57102
CVE-2026-57102 affects Visual Studio Code. Likely risk: security feature bypass via inclusion of functionality from an untrusted control sphere, exploitable over a network with user interaction required. CVSS v3.1: 8.8 ( HIGH, NETWORK, AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H ). Connected sources note...
CVE-2026-57101
Visual Studio Code is affected by CVE-2026-57101, a cross-site scripting flaw caused by improper neutralization of input during web page generation. The vulnerability allows a local attacker to bypass a security feature, requiring user interaction for exploitation (CVSS TV: Local access, Low expl...
CVE-2026-55949
CVE-2026-55949 affects Microsoft Office Excel. The issue is described as a use of an uninitialized resource enabling local code execution. CVSS 3.1 base score 7.8 (HIGH) with local attack vector, low attack complexity, no privileges required but user interaction is required. Exploitation details ...
CVE-2026-55054
CVE-2026-55054 is an information-disclosure vulnerability in Microsoft Office Excel caused by an out-of-bounds read. The issue affects Excel and can leak data over a network; exploitation requires user interaction (per CVSS metrics: Network vector, Low attack complexity, No privileges, User inter...