CVE-2025-53680

An improper neutralization of special elements used in an OS command "OS Command Injection" vulnerability CWE-78 vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP-U 7.0.0 throug...

CVE-2025-46311

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2. An app may be able to access sensitive user data...

WordPress ilGhera Support System for WooCommerce plugin <= 1.3.0 - Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability

Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Woocommerce Support System versions = 1.3.0...

CVE-2026-2291

A heap buffer overflow was discovered in dnsmasq's DNS cache. When processing DNS responses, dnsmasq expands certain characters into longer escape sequences, but the cache buffer is not sized to hold the expanded result. A specially crafted DNS response can overflow this buffer, potentially...

CVE-2026-4893

A validation bypass was discovered in dnsmasq's RFC 7871 client subnet ECS handling. When verifying ECS source information in DNS responses, dnsmasq passes the OPT record length instead of the full packet length to the validation function.This causes all internal bounds checks to fail, completely...

CVE-2026-4890

A denial of service vulnerability was discovered in dnsmasq's DNSSEC validation. When parsing NSEC and NSEC3 bitmap records, the window iteration logic fails to account for the 2-byte window header when advancing through the bitmap data. A specially crafted DNS response with a zero-length bitmap...

CVE-2026-4891

A heap out-of-bounds read vulnerability was discovered in dnsmasq's DNSSEC validation. When processing RRSIG records, dnsmasq calculates the signature length by subtracting the fixed field size from the record's declared data length. A crafted RRSIG record with a data length smaller than the fixe...

2026-05 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Microsoft server operating system, version 23H2 for x64 (KB5087052)

2026-05 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Microsoft server operating system, version 23H2 for x64 KB5087052...

2026-05 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5087545)

2026-05 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems KB5087545...

CVE-2026-40413 Windows TCP/IP Denial of Service Vulnerability

...

CVE-2026-40397

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...

CVE-2026-40397 Windows Common Log File System Driver Elevation of Privilege Vulnerability

...

CVE-2026-40397 Windows Common Log File System Driver Elevation of Privilege Vulnerability

...

CVE-2026-40397

CVE-2026-40397 describes an integer underflow (wrap/wraparound) in the Windows Common Log File System Driver that enables a locally authenticated attacker to elevate privileges. The description indicates a local, privileges-required (low), no user interaction vulnerability with high impact to con...

CVE-2026-34340 Windows Projected File System Elevation of Privilege Vulnerability

...

CVE-2026-34340 Windows Projected File System Elevation of Privilege Vulnerability

...

CVE-2026-34340

CVE-2026-34340 : Use-after-free in the Windows Projected File System can allow an authorized local attacker to elevate privileges. The provided documents identify the affected component as Windows Projected File System and state the root cause as a use-after-free, with a CVSS v3.1 base score of 7...

CVE-2026-42896

Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally...

CVE-2026-41096

Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network...

CVE-2026-41096

CVE-2026-41096 is a heap-based buffer overflow in Microsoft Windows DNS that enables remote code execution over the network. The vulnerability affects Windows DNS handling and allows an unauthenticated attacker to execute code remotely (no user interaction). CVSS v3.1 metrics indicate networking ...