21711 matches found
Microsoft Defender Elevation of Privilege Vulnerability
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally...
Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability
Use after free in Windows Container Isolation FS Filter Driver allows an authorized attacker to elevate privileges locally...
Microsoft Word Remote Code Execution Vulnerability
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally...
.NET Framework Denial of Service Vulnerability
Concurrent execution using shared resource with improper synchronization 'race condition' in .NET Framework allows an unauthorized attacker to deny service over a network...
Windows USB Printing Stack (usbprint.sys) Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows USB Print Driver allows an unauthorized attacker to elevate privileges with a physical attack...
UEFI Secure Boot Security Feature Bypass Vulnerability
Improper access control in Windows Virtualization-Based Security VBS Enclave allows an authorized attacker to bypass a security feature locally...
Windows Redirected Drive Buffering System Denial of Service Vulnerability
Null pointer dereference in Windows Redirected Drive Buffering allows an authorized attacker to deny service locally...
Windows Shell Spoofing Vulnerability
Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network...
Windows Kernel Elevation of Privilege Vulnerability
Stack-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally...
Azure Monitor Agent Elevation of Privilege Vulnerability
Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally...
Microsoft Excel Remote Code Execution Vulnerability
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally...
Microsoft High Performance Compute (HPC) Pack Elevation of Privilege Vulnerability
Deserialization of untrusted data in Microsoft High Performance Compute Pack HPC allows an authorized attacker to elevate privileges locally...
Connected User Experiences and Telemetry Service Denial of Service Vulnerability
Improper privilege management in Microsoft Windows allows an authorized attacker to deny service locally...
Windows User Interface Core Elevation of Privilege Vulnerability
Use after free in Windows User Interface Core allows an authorized attacker to elevate privileges locally...
UEFI Secure Boot Security Feature Bypass Vulnerability
Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally...
Windows Push Notifications Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Push Notifications allows an authorized attacker to elevate privileges locally...
Windows UPnP Device Host Information Disclosure Vulnerability
Use after free in Windows Universal Plug and Play UPnP Device Host allows an unauthorized attacker to disclose information over an adjacent network...
Windows UPnP Device Host Elevation of Privilege Vulnerability
Untrusted pointer dereference in Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges locally...
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally...
Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization 'race condition' in Function Discovery Service fdwsd.dll allows an authorized attacker to elevate privileges locally...
.NET Denial of Service Vulnerability
Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network...
Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability
Improper access control in Universal Plug and Play upnp.dll allows an authorized attacker to disclose information locally...
HTTP.sys Denial of Service Vulnerability
Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to deny service over a network...
.NET Spoofing Vulnerability
Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network...
HackerOne: CVE-2026-21637 TLS PSK/ALPN Callback Exceptions Bypass Error Handlers
CVE-2026-21637 is regarding a vulnerability in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError...
netfilter: ipset: drop logically empty buckets in mtype_del
...
netfilter: nfnetlink_log: fix uninitialized padding leak in NFULA_PAYLOAD
...
net/sched: cls_fw: fix NULL pointer dereference on shared blocks
...
ACPI: EC: clean up handlers on probe failure in acpi_ec_setup()
...
netfilter: nf_conntrack_sip: fix use of uninitialized rtp_addr in process_sdp
...
netfilter: nf_conntrack_expect: use expect->helper
...
net/sched: cls_flow: fix NULL pointer dereference on shared blocks
...
net/x25: Fix overflow when accumulating packets
...
netfilter: x_tables: restrict xt_check_match/xt_check_target extensions for NFPROTO_ARP
...
net/sched: sch_hfsc: fix divide-by-zero in rtsc_min()
...
netfilter: nfnetlink_log: account for netlink header size
...
In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca.
...
In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems.
...
In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs.
...
In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.
...
LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap information disclosure
...
Helm Chart extraction output directory collapse via `Chart.yaml` name dot-segment
...
Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()
...
Case-sensitive excludedSubtrees name constraints cause Auth Bypass in crypto/x509
...
Unbounded allocation for old GNU sparse in archive/tar
...
OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification)
...
OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies
...
Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo
...
Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo
...
Addressable has a Regular Expression Denial of Service in Addressable templates
...