CVE-2026-40408 Windows WAN ARP Driver Elevation of Privilege Vulnerability

...

CVE-2026-40407 Windows Common Log File System Driver Elevation of Privilege Vulnerability

...

CVE-2026-40407

CVE-2026-40407 describes a heap-based buffer overflow in the Windows Common Log File System (CLFS) Driver that permits an authorized, local attacker to elevate privileges. The vulnerability impact is local privilege escalation with a CVSS v3.1 base score of 7.8 (HIGH) and impact to confidentialit...

CVE-2026-40407

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...

CVE-2026-40407 Windows Common Log File System Driver Elevation of Privilege Vulnerability

...

CVE-2026-40405 Windows TCP/IP Denial of Service Vulnerability

...

CVE-2026-34333

CVE-2026-34333 describes a use-after-free in Windows Win32K GRFX that enables a locally authenticated user to elevate privileges. The CVSSv3.1 base score is 7.8 (HIGH) with LOCAL attack vector, LOW attack complexity, LOW privileges required, and no user interaction, affecting confidentiality, int...

CVE-2025-67604

A use of potentially dangerous function vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4....

CVE-2025-67604

Summary : CVE-2025-67604 affects Fortinet FortiAnalyzer and FortiManager across multiple versions (FortiAnalyzer 6.4; 7.0, 7.2, 7.4, 7.6; FortiManager 6.4; 7.0, 7.2, 7.4, 7.6). A vulnerability in a potentially dangerous function may allow an authenticated attacker to cause a system hang via multi...

CVE-2025-67604

A use of potentially dangerous function vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4....

MINI-WPHC-9F2G-98FW

Bulletin has no description...

CVE-2026-44343

WGDashboard (WireGuard VPN dashboard) contains a critical vulnerability prior to version 4.3.2 that could allow unauthenticated parties to access the host filesystem. The root cause details are not provided beyond the high‑level impact in the CVE record, and exploitation details are not disclosed...

CVE-2026-44343 WGDashboard: Critical Vulnerability in 4.3.2

WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there are critical vulnerabilities affecting WGDashboard that, if exploited, could allow unauthorized parties to access the host file system without authentication. This vulnerability is fixed in 4.3.2...

CVE-2026-44343

WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there are critical vulnerabilities affecting WGDashboard that, if exploited, could allow unauthorized parties to access the host file system without authentication. This vulnerability is fixed in 4.3.2...

EUVD-2026-29732

WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there are critical vulnerabilities affecting WGDashboard that, if exploited, could allow unauthorized parties to access the host file system without authentication. This vulnerability is fixed in 4.3.2...

CVE-2026-31226

The TinyZero project thru commit 6652a63c57fa7e5ccde3fc9c598c7176ff15b839 2025-58-24 contains a critical command injection vulnerability CWE-78 in its HDFS file operation utilities. The vulnerability arises from the unsafe construction and execution of shell commands via os.system without proper...

EUVD-2026-29486

A race condition in Ivanti Secure Access Client before 22.8R6 allows a locally authenticated user to escalate privileges to SYSTEM...

EUVD-2026-29469

Dell PowerScale InsightIQ, versions 6.0.0 through 6.2.0, contains an improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution...

CVE-2026-42260

Open-WebSearch is a multi-engine MCP server, CLI, and local daemon for agent web search and content retrieval. Prior to 2.1.7, isPublicHttpUrl / assertPublicHttpUrl in src/utils/urlSafety.ts do not recognize bracketed IPv6 literals and do not resolve DNS, which combine to allow non-blind SSRF wit...

CVE-2026-7432

A race condition in Ivanti Secure Access Client before 22.8R6 allows a locally authenticated user to escalate privileges to SYSTEM...