EUVD-2026-37125

To allow builds of Python to be run from an in-tree layout rather than an installed file layout, the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the executable, Python...

launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows

Summary The launch-editor NPM package accesses arbitrary paths including Windows UNC paths. When a UNC path is opened, Windows automatically attempts NTLM authentication to the remote host, causing the user’s NTLMv2 password hash to be leaked to an attacker-controlled SMB server. This can result ...

PT-2026-49574

Summary The contents of files that are specified by server.fs.deny can be returned to the browser on Windows. Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network using --host or server.host config option - the sensitive file...

CVE-2026-12007

Use after free in Core in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-42983

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally...

SUSE CVE-2026-11648

Use after free in FullScreen in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-44803

Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally...

CVE-2026-44807

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally...

CVE-2026-42914

Windows Kerberos Denial of Service Vulnerability...

CVE-2026-44814 Windows DWM Core Library Information Disclosure Vulnerability

...

CVE-2026-44811 Windows DWM Core Library Elevation of Privilege Vulnerability

...

CVE-2026-45608 Windows DHCP Client Information Disclosure Vulnerability

...

CVE-2026-45603 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

...

CVE-2026-45603 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

...

CVE-2026-45638 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

...

CVE-2026-45602 Windows Dynamic Host Configuration Protocol (DHCP) Tampering Vulnerability

...

CVE-2026-45601 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

...

CVE-2026-42829 Windows Administrator Protection Secure Feature Bypass Vulnerability

...

CVE-2026-42829 Windows Administrator Protection Secure Feature Bypass Vulnerability

...

CVE-2026-45640 Windows Bluetooth Port Driver Elevation of Privilege Vulnerability

...