CVE-2026-10745

Improper output neutralization for logs vulnerability in upKeeper Solutions upKeeper Instant Privilege Access on Windows allows Log Injection-Tampering-Forging. This issue affects upKeeper Instant Privilege Access: through 1.6.1...

EUVD-2026-38209

An insecure process execution vulnerability exists in the pc-printer-updater.exe component of the PaperCut Print Deploy Client for Windows. The application, which typically operates with high-level system privileges, attempts to perform an internal validation check by invoking a secondary system...

Astra Linux – Vulnerability in Chromium

A heap buffer overflow in ANGLE in Google Chrome on Windows, prior to version 90.0.4430.93, allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

EUVD-2026-37125

To allow builds of Python to be run from an in-tree layout rather than an installed file layout, the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the executable, Python...

NPM: launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows

NPM: launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows vulnerability discovered by ? in WordPress Npm launch-editor versions = 2.14.0...

launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows

Summary The launch-editor NPM package accesses arbitrary paths including Windows UNC paths. When a UNC path is opened, Windows automatically attempts NTLM authentication to the remote host, causing the user’s NTLMv2 password hash to be leaked to an attacker-controlled SMB server. This can result ...

PT-2026-49574

Name of the Vulnerable Software and Affected Versions Vite versions prior to 8.0.16 Vite versions prior to 7.3.5 Vite versions prior to 6.4.3 Description On Windows, the development server fails to correctly normalize NTFS Alternate Data Streams ADS path forms and 8.3 short name compatibility pat...

CVE-2026-12007

Use after free in Core in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-42983

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally...

SUSE CVE-2026-11648

Use after free in FullScreen in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-44807

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally...

CVE-2026-44803

Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally...

CVE-2026-42914

Windows Kerberos Denial of Service Vulnerability...

CVE-2026-44814 Windows DWM Core Library Information Disclosure Vulnerability

...

CVE-2026-44811 Windows DWM Core Library Elevation of Privilege Vulnerability

...

CVE-2026-45608 Windows DHCP Client Information Disclosure Vulnerability

...

CVE-2026-45603 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

...

CVE-2026-45603 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

...

CVE-2026-45638 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

...

CVE-2026-45602 Windows Dynamic Host Configuration Protocol (DHCP) Tampering Vulnerability

...