21711 matches found
GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability
Improper neutralization of special elements used in a command 'command injection' in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network...
Desktop Window Manager Elevation of Privilege Vulnerability
Access of resource using incompatible type 'type confusion' in Desktop Window Manager allows an authorized attacker to elevate privileges locally...
GDI+ Denial of Service Vulnerability
Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network...
Windows Kernel Information Disclosure Vulnerability
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally...
Azure Local Remote Code Execution Vulnerability
Improper certificate validation in Azure Local allows an unauthorized attacker to execute code over a network...
Windows Kernel Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Kernel allows an authorized attacker to elevate privileges locally...
Windows Subsystem for Linux Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally...
Windows HTTP.sys Elevation of Privilege Vulnerability
Time-of-check time-of-use toctou race condition in Windows HTTP.sys allows an authorized attacker to elevate privileges locally...
Windows Hyper-V Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally...
Windows Kernel Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally...
Windows App for Mac Installer Elevation of Privilege Vulnerability
Improper link resolution before file access 'link following' in Windows App for Mac allows an authorized attacker to elevate privileges locally...
Windows Notepad App Remote Code Execution Vulnerability
Improper neutralization of special elements used in a command 'command injection' in Windows Notepad App allows an unauthorized attacker to execute code locally...
Windows HTTP.sys Elevation of Privilege Vulnerability
Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally...
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...
Windows Kernel Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally...
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network...
Windows Storage Elevation of Privilege Vulnerability
Improper authentication in Windows Storage allows an authorized attacker to elevate privileges locally...
Chromium: CVE-2026-1862 Type Confusion in V8
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2026-1861 Heap buffer overflow in libvpx
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
User interface ui misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network...
Azure Arc Elevation of Privilege Vulnerability
Improper access control in Azure Arc allows an unauthorized attacker to elevate privileges over a network...
Azure Front Door Elevation of Privilege Vulnerability
...
Azure Function Information Disclosure Vulnerability
...
Chromium: CVE-2026-1504 Inappropriate implementation in Background Fetch API
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Microsoft Office Security Feature Bypass Vulnerability
Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally...
Chromium: CVE-2026-1220 Race in V8
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Microsoft Account Spoofing Vulnerability
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Account allows an unauthorized attacker to perform spoofing over a network...
Azure Logic Apps Elevation of Privilege Vulnerability
Improper limitation of a pathname to a restricted directory 'path traversal' in Azure Logic Apps allows an unauthorized attacker to elevate privileges over a network...
Azure Entra ID Elevation of Privilege Vulnerability
Azure Entra ID Elevation of Privilege Vulnerability...
Azure Data Explorer Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Azure Data Explorer allows an unauthorized attacker to disclose information over a network...
Azure Front Door Elevation of Privilege Vulnerability
Improper access control in Azure Front Door AFD allows an unauthorized attacker to elevate privileges over a network...
Word Copilot Information Disclosure Vulnerability
Improper neutralization of escape, meta, or control sequences in Copilot allows an unauthorized attacker to disclose information over a network...
M365 Copilot Information Disclosure Vulnerability
Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network...
Azure Resource Manager Elevation of Privilege Vulnerability
Improper access control in Azure Resource Manager allows an authorized attacker to elevate privileges over a network...
Copilot Studio Information Disclosure Vulnerability
Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector...
Capstone doesn't check Skipdata length, leading to cs_insn.bytes heap buffer overflow
...
slab allows out-of-bounds access in `get_disjoint_mut` due to incorrect bounds check
...
Libsndfile <=1.2.2 contains a memory leak vulnerability in the mpeg_l3_encoder_init() function within the mpeg_l3_encode.c file.
...
In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.
...
wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory
...
Libxml2: libxml2: denial of service via crafted xml catalogs
...
Libxml2: unbounded relaxng include recursion leading to stack overflow
...
Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing
...
netfilter: br_netfilter: do not check confirmed bit in br_nf_local_in() after confirm
...
HID: multitouch: fix slab out-of-bounds access in mt_report_fixup()
...
jbd2: prevent softlockup in jbd2_log_do_checkpoint()
...
In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow.
...
ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value
...
Libsoup: out-of-bounds read in libsoup websocket frame processing
...