412103 matches found
EUVD-2026-35668
Access of resource using incompatible type 'type confusion' in Microsoft Office allows an unauthorized attacker to execute code locally...
EUVD-2026-35666
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally...
EUVD-2026-35665
Integer underflow wrap or wraparound in Microsoft Office Excel allows an unauthorized attacker to execute code locally...
EUVD-2026-35664
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally...
EUVD-2026-35489
Issue summary: When an application drives an AES-OCB context through the public EVPCipher one-shot interface, the application-supplied initialisation vector IV is silently discarded. Impact summary: Every message encrypted under the same key uses the same effective nonce regardless of the IV...
EUVD-2026-35491
Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS7 or S/MIME signed...
EUVD-2026-35490
Issue summary: The implementations of AES-SIV RFC 5297 and AES-GCM-SIV RFC 8452 mishandle the authentication of AAD Additional Authenticated Data with an empty ciphertext allowing a forgery of such messages. Impact summary: An attacker can forge empty messages with arbitrary AAD to the victim's...
EUVD-2026-35662
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally...
EUVD-2026-35663
Integer underflow wrap or wraparound in Microsoft Office Excel allows an unauthorized attacker to execute code locally...
EUVD-2026-35661
Integer underflow wrap or wraparound in Microsoft Office Excel allows an unauthorized attacker to execute code locally...
EUVD-2026-35660
Integer underflow wrap or wraparound in Microsoft Office Excel allows an unauthorized attacker to execute code locally...
EUVD-2026-35659
Improper authorization in Microsoft PowerToys allows an authorized attacker to elevate privileges locally...
EUVD-2026-35488
Issue summary: When the X509VERIFYPARAMset1email is called by an application to validate a crafted e-mail address, such as during S/MIME message validation, an out of bounds read can happen. Impact summary: This out of bounds read will not directly exfiltrate the data read to the attacker so the...
EUVD-2026-35482
Issue summary: When a partial-chain certificate verification is enabled together with OCSP response checking for the whole chain, a NULL dereference will happen if the verified chain does not have a self-signed trusted anchor, crashing the process. Impact summary: A NULL pointer dereference can...
EUVD-2026-35535
Improper neutralization of special elements in output used by a downstream component 'injection' in Microsoft Teams for Android allows an authorized attacker to disclose information over a network...
EUVD-2026-35534
Improper access control in Windows Administrator Protection allows an authorized attacker to bypass a security feature locally...
EUVD-2026-35533
Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally...
EUVD-2026-35643
Heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privileges locally...
EUVD-2026-35481
Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer dereference typically causes abnormal termination of the affected QUIC server process and a Denial ...
EUVD-2026-35484
Issue summary: An attacker-controlled CMP Certificate Management Protocol server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer dereference causes a crash of the application and a Denial of Service. An attacker controlling a CMP server or acti...
EUVD-2026-35487
Issue summary: When EVPPKEYderivesetpeer is called with a DHX X9.42 peer key, the peer key is not properly checked for the subgroup membership. Impact summary: A malicious peer which presents an X9.42 key carrying the victim's p and g parameters, a forged q = r a small prime factor of the cofacto...
EUVD-2026-35486
Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol CMP message response rendered the certificate validation ineffectual, which could lead to escalation of credentials from the Registration Authority RA level to t...
EUVD-2026-35483
Issue summary: A specially crafted password-encrypted CMS message can trigger a NULL pointer dereference during CMS decryption. Impact summary: This NULL pointer dereference leads to an application crash and a Denial of Service. The CMS PasswordRecipientInfo.keyDerivationAlgorithm field is define...
EUVD-2026-35485
Issue summary: The CMSdecrypt and PKCS7decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provide the CMS or S/MIME messages and observe the error code and/or decryption output. Impact summary: The Bleichenbacher-style attack allows an attacker to use the...
EUVD-2026-35456
Unauthenticated users on the local network can cause the router to become unavailable by sending specially crafted requests...
EUVD-2026-35536
Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network...
EUVD-2026-35532
Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 on-premises allows an authorized attacker to elevate privileges over a network...
EUVD-2026-35507
Improper neutralization of input during web page generation 'cross-site scripting' in Azure Stack Edge allows an authorized attacker to perform spoofing over a network...
EUVD-2026-35503
Improper access control in Microsoft Kinect allows an authorized attacker to elevate privileges locally...
EUVD-2026-35656
Windows Universal Disk Format File System Driver UDFS Elevation of Privilege Vulnerability...
EUVD-2026-35655
Windows Universal Disk Format File System Driver UDFS Elevation of Privilege Vulnerability...
EUVD-2026-35658
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...
EUVD-2026-35477
Issue Summary: The PKCS12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 PBMAC1 integrity mechanism allowing a certificate and private key forgery. Impact Summary: An attacker impersonating a user can cause a service...
EUVD-2026-35478
Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...
EUVD-2026-35498
NVIDIA DALI contains a vulnerability in a component where an attacker could cause an improper index validation. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure...
EUVD-2026-35499
NVIDIA DALI contains a vulnerability in a component where an attacker could cause a heap-based buffer overflow. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure...
EUVD-2026-35480
Issue summary: A malicious server can exploit TLS OCSP stapling by delivering a crafted response through the statusrequest extension, triggering a double-free in the client's certificate verification path. Impact summary: Successful exploitation allows an attacker to corrupt heap memory via a...
EUVD-2026-35461
Insufficient configuration management in the listed devices allows authenticated administrators connected to the local network to tamper with the system...
EUVD-2026-35451
A vulnerability in which an attacker can provide a crafted external URL that may redirect a user to an unintended website...
EUVD-2026-35530
Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network...
EUVD-2026-35531
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
EUVD-2026-35504
Improper limitation of a pathname to a restricted directory 'path traversal' in Microsoft Azure Kubernetes Service allows an authorized attacker to execute code locally...
EUVD-2026-35657
Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally...
EUVD-2026-35604
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...
EUVD-2026-35476
Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause a heap buffer over-read on 64-bit Unix and Unix-like platforms. Impact summary: The heap buffer over-read may crash the application Denial of Service or to...
EUVD-2026-35479
Issue summary: Remote peer may exhaust heap memory of the QUIC server or client by flooding it with packets containing PATHCHALLENGE frames. Impact summary: A malicious remote peer can cause an unbounded memory allocation which can lead to an abnormal termination of the application acting as a QU...
EUVD-2026-35446
CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints...
EUVD-2026-35467
An improper implementation of TLS certificate validation vulnerability found in ReadyCloud client app which can allow an attacker to perform attacker-in-the-middle MiTM style attacks impacting product's confidentiality. This vulnerability affects the listed NETGEAR models...
EUVD-2026-35465
An information disclosure vulnerability in the NETGEAR Orbi satellites could allow a user connected to your network to gain administrator access to the Orbi router. The listed NETGEAR models are affected by this vulnerability. Orbi WiFi Systems without satellite devices are not impacted by this...
EUVD-2026-35463
Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality...