Lucene search
K

364822 matches found

NVD
NVD
•added 2026/06/09 5:17 p.m.•12 views

CVE-2026-42970

Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally...

5.5CVSS0.00404EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•19 views

CVE-2026-42971

Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally...

5.5CVSS0.00459EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•10 views

CVE-2026-42915

Incorrect calculation of buffer size in Windows VMSwitch allows an authorized attacker to deny service locally...

5.5CVSS0.00383EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•11 views

CVE-2026-42912

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Telephony Service allows an authorized attacker to elevate privileges locally...

7CVSS0.00205EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•16 views

CVE-2026-42911

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

7CVSS0.00234EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•10 views

CVE-2026-42913

Concurrent execution using shared resource with improper synchronization 'race condition' in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

7.5CVSS0.00473EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•12 views

CVE-2026-42916

Integer overflow or wraparound in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00326EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•32 views

CVE-2026-42914

Out-of-bounds read in Windows Kerberos allows an authorized attacker to deny service over a network...

5.3CVSS0.00794EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•10 views

CVE-2026-42910

Out-of-bounds write in Windows Hotpatch Monitoring Service allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00286EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•12 views

CVE-2026-42906

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally...

5.5CVSS0.00404EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•27 views

CVE-2026-42908

Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network...

7.5CVSS0.0087EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•13 views

CVE-2026-42905

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally...

7.8CVSS0.02014EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•9 views

CVE-2026-42907

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information over a network...

6.5CVSS0.00816EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•11 views

CVE-2026-42909

Concurrent execution using shared resource with improper synchronization 'race condition' in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

7.5CVSS0.00397EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•15 views

CVE-2026-42835

Improper neutralization of special elements in output used by a downstream component 'injection' in Microsoft Teams for Android allows an authorized attacker to disclose information over a network...

8.1CVSS0.01259EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•14 views

CVE-2026-42836

Concurrent execution using shared resource with improper synchronization 'race condition' in Function Discovery Service fdwsd.dll allows an authorized attacker to elevate privileges locally...

7CVSS0.00198EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•8 views

CVE-2026-42904

Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network...

9.6CVSS0.00438EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•12 views

CVE-2026-42829

Improper access control in Windows Administrator Protection allows an authorized attacker to bypass a security feature locally...

7.8CVSS0.00291EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•10 views

CVE-2026-42902

Improper authorization in Microsoft PowerToys allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00291EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•11 views

CVE-2026-42903

Null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a network...

6.5CVSS0.00903EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•16 views

CVE-2026-42837

Out-of-bounds read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00326EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•22 views

CVE-2026-42768

Issue summary: The CMSdecrypt and PKCS7decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provide the CMS or S/MIME messages and observe the error code and/or decryption output. Impact summary: The Bleichenbacher-style attack allows an attacker to use the...

3.7CVSS0.0035EPSS
Exploits0References5
NVD
NVD
•added 2026/06/09 5:17 p.m.•13 views

CVE-2026-42828

Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00326EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•10 views

CVE-2026-42769

Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol CMP message response rendered the certificate validation ineffectual, which could lead to escalation of credentials from the Registration Authority RA level to t...

5.3CVSS0.00262EPSS
Exploits0References5
NVD
NVD
•added 2026/06/09 5:17 p.m.•14 views

CVE-2026-42767

Issue summary: An attacker-controlled CMP Certificate Management Protocol server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer dereference causes a crash of the application and a Denial of Service. An attacker controlling a CMP server or acti...

5.9CVSS0.00349EPSS
Exploits0References6
NVD
NVD
•added 2026/06/09 5:17 p.m.•13 views

CVE-2026-42770

Issue summary: When EVPPKEYderivesetpeer is called with a DHX X9.42 peer key, the peer key is not properly checked for the subgroup membership. Impact summary: A malicious peer which presents an X9.42 key carrying the victim's p and g parameters, a forged q = r a small prime factor of the cofacto...

3.7CVSS0.00259EPSS
Exploits0References6
NVD
NVD
•added 2026/06/09 5:17 p.m.•12 views

CVE-2026-42771

Issue summary: When the X509VERIFYPARAMset1email is called by an application to validate a crafted e-mail address, such as during S/MIME message validation, an out of bounds read can happen. Impact summary: This out of bounds read will not directly exfiltrate the data read to the attacker so the...

6.2CVSS0.0019EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 5:17 p.m.•11 views

CVE-2026-42567

Svelte is a performance oriented web framework. From version 5.51.5 to before version 5.55.7, an internal regex in the Svelte runtime can take exponential time to test in . This issue has been patched in version 5.55.7...

7.5CVSS0.00421EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 5:17 p.m.•16 views

CVE-2026-42765

Issue summary: When a partial-chain certificate verification is enabled together with OCSP response checking for the whole chain, a NULL dereference will happen if the verified chain does not have a self-signed trusted anchor, crashing the process. Impact summary: A NULL pointer dereference can...

7.5CVSS0.00419EPSS
Exploits0References3
NVD
NVD
•added 2026/06/09 5:17 p.m.•10 views

CVE-2026-42599

Svelte is a performance oriented web framework. Prior to version 5.55.7, when using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an application spreads user-controlled or external data as element attributes, an...

6.1CVSS0.00168EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 5:17 p.m.•9 views

CVE-2026-42573

Svelte is a performance oriented web framework. Prior to version 5.55.7, Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks. This issue has been patched in version 5.55.7...

8.1CVSS0.00319EPSS
Exploits0References5
NVD
NVD
•added 2026/06/09 5:17 p.m.•11 views

CVE-2026-42764

Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer dereference typically causes abnormal termination of the affected QUIC server process and a Denial ...

7.5CVSS0.00684EPSS
Exploits0References4
NVD
NVD
•added 2026/06/09 5:17 p.m.•29 views

CVE-2026-42766

Issue summary: A specially crafted password-encrypted CMS message can trigger a NULL pointer dereference during CMS decryption. Impact summary: This NULL pointer dereference leads to an application crash and a Denial of Service. The CMS PasswordRecipientInfo.keyDerivationAlgorithm field is define...

5.9CVSS0.00595EPSS
Exploits0References6
NVD
NVD
•added 2026/06/09 5:17 p.m.•13 views

CVE-2026-42570

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From version 5.6.3 to before version 5.8.1, devalue.parse could, due to quirks in some JavaScript engines, be convinced to allocate much more memory than was needed when...

7.5CVSS0.00384EPSS
Exploits0References7
NVD
NVD
•added 2026/06/09 5:17 p.m.•10 views

CVE-2026-41092

Improper access control in Microsoft Kinect allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00291EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•12 views

CVE-2026-40376

Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network...

8.1CVSS0.00671EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•11 views

CVE-2026-41108

Heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privileges locally...

7CVSS0.00274EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•10 views

CVE-2026-40409

Windows Universal Disk Format File System Driver UDFS Elevation of Privilege Vulnerability...

7.8CVSS0.00298EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•8 views

CVE-2026-40404

Windows Universal Disk Format File System Driver UDFS Elevation of Privilege Vulnerability...

7.8CVSS0.00339EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•13 views

CVE-2026-41098

Improper neutralization of input during web page generation 'cross-site scripting' in Azure Stack Edge allows an authorized attacker to perform spoofing over a network...

8.4CVSS0.00814EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•14 views

CVE-2026-34335

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

7CVSS0.00234EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•32 views

CVE-2026-38615

DedeCMS V5.7.118 is vulnerable to Command Execution in filemanagecontrol.php...

9.8CVSS0.00816EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•13 views

CVE-2026-3088

Unauthenticated users on the local network can cause the router to become unavailable by sending specially crafted requests...

7.1CVSS0.00357EPSS
Exploits0References7
NVD
NVD
•added 2026/06/09 5:17 p.m.•11 views

CVE-2026-34692

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS0.00207EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•10 views

CVE-2026-35188

Issue summary: A malicious server can exploit TLS OCSP stapling by delivering a crafted response through the statusrequest extension, triggering a double-free in the client's certificate verification path. Impact summary: Successful exploitation allows an attacker to corrupt heap memory via a...

5CVSS0.00245EPSS
Exploits0References3
NVD
NVD
•added 2026/06/09 5:17 p.m.•11 views

CVE-2026-40371

Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 on-premises allows an authorized attacker to elevate privileges over a network...

8.8CVSS0.0063EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•18 views

CVE-2026-34183

Issue summary: Remote peer may exhaust heap memory of the QUIC server or client by flooding it with packets containing PATHCHALLENGE frames. Impact summary: A malicious remote peer can cause an unbounded memory allocation which can lead to an abnormal termination of the application acting as a QU...

7.5CVSS0.00511EPSS
Exploits0References5
NVD
NVD
•added 2026/06/09 5:17 p.m.•12 views

CVE-2026-33828

Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally...

7.8CVSS0.0031EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:17 p.m.•34 views

CVE-2026-34182

Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...

9.1CVSS0.00237EPSS
Exploits0References6
NVD
NVD
•added 2026/06/09 5:17 p.m.•27 views

CVE-2026-34181

Issue Summary: The PKCS12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 PBMAC1 integrity mechanism allowing a certificate and private key forgery. Impact Summary: An attacker impersonating a user can cause a service...

7.4CVSS0.00196EPSS
Exploits0References5
Total number of security vulnerabilities364822