364822 matches found
CVE-2026-42970
Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally...
CVE-2026-42971
Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally...
CVE-2026-42915
Incorrect calculation of buffer size in Windows VMSwitch allows an authorized attacker to deny service locally...
CVE-2026-42912
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Telephony Service allows an authorized attacker to elevate privileges locally...
CVE-2026-42911
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...
CVE-2026-42913
Concurrent execution using shared resource with improper synchronization 'race condition' in Remote Desktop Client allows an unauthorized attacker to execute code over a network...
CVE-2026-42916
Integer overflow or wraparound in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally...
CVE-2026-42914
Out-of-bounds read in Windows Kerberos allows an authorized attacker to deny service over a network...
CVE-2026-42910
Out-of-bounds write in Windows Hotpatch Monitoring Service allows an authorized attacker to elevate privileges locally...
CVE-2026-42906
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally...
CVE-2026-42908
Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network...
CVE-2026-42905
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally...
CVE-2026-42907
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information over a network...
CVE-2026-42909
Concurrent execution using shared resource with improper synchronization 'race condition' in Remote Desktop Client allows an unauthorized attacker to execute code over a network...
CVE-2026-42835
Improper neutralization of special elements in output used by a downstream component 'injection' in Microsoft Teams for Android allows an authorized attacker to disclose information over a network...
CVE-2026-42836
Concurrent execution using shared resource with improper synchronization 'race condition' in Function Discovery Service fdwsd.dll allows an authorized attacker to elevate privileges locally...
CVE-2026-42904
Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network...
CVE-2026-42829
Improper access control in Windows Administrator Protection allows an authorized attacker to bypass a security feature locally...
CVE-2026-42902
Improper authorization in Microsoft PowerToys allows an authorized attacker to elevate privileges locally...
CVE-2026-42903
Null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a network...
CVE-2026-42837
Out-of-bounds read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally...
CVE-2026-42768
Issue summary: The CMSdecrypt and PKCS7decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provide the CMS or S/MIME messages and observe the error code and/or decryption output. Impact summary: The Bleichenbacher-style attack allows an attacker to use the...
CVE-2026-42828
Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally...
CVE-2026-42769
Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol CMP message response rendered the certificate validation ineffectual, which could lead to escalation of credentials from the Registration Authority RA level to t...
CVE-2026-42767
Issue summary: An attacker-controlled CMP Certificate Management Protocol server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer dereference causes a crash of the application and a Denial of Service. An attacker controlling a CMP server or acti...
CVE-2026-42770
Issue summary: When EVPPKEYderivesetpeer is called with a DHX X9.42 peer key, the peer key is not properly checked for the subgroup membership. Impact summary: A malicious peer which presents an X9.42 key carrying the victim's p and g parameters, a forged q = r a small prime factor of the cofacto...
CVE-2026-42771
Issue summary: When the X509VERIFYPARAMset1email is called by an application to validate a crafted e-mail address, such as during S/MIME message validation, an out of bounds read can happen. Impact summary: This out of bounds read will not directly exfiltrate the data read to the attacker so the...
CVE-2026-42567
Svelte is a performance oriented web framework. From version 5.51.5 to before version 5.55.7, an internal regex in the Svelte runtime can take exponential time to test in . This issue has been patched in version 5.55.7...
CVE-2026-42765
Issue summary: When a partial-chain certificate verification is enabled together with OCSP response checking for the whole chain, a NULL dereference will happen if the verified chain does not have a self-signed trusted anchor, crashing the process. Impact summary: A NULL pointer dereference can...
CVE-2026-42599
Svelte is a performance oriented web framework. Prior to version 5.55.7, when using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an application spreads user-controlled or external data as element attributes, an...
CVE-2026-42573
Svelte is a performance oriented web framework. Prior to version 5.55.7, Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks. This issue has been patched in version 5.55.7...
CVE-2026-42764
Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer dereference typically causes abnormal termination of the affected QUIC server process and a Denial ...
CVE-2026-42766
Issue summary: A specially crafted password-encrypted CMS message can trigger a NULL pointer dereference during CMS decryption. Impact summary: This NULL pointer dereference leads to an application crash and a Denial of Service. The CMS PasswordRecipientInfo.keyDerivationAlgorithm field is define...
CVE-2026-42570
Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From version 5.6.3 to before version 5.8.1, devalue.parse could, due to quirks in some JavaScript engines, be convinced to allocate much more memory than was needed when...
CVE-2026-41092
Improper access control in Microsoft Kinect allows an authorized attacker to elevate privileges locally...
CVE-2026-40376
Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network...
CVE-2026-41108
Heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privileges locally...
CVE-2026-40409
Windows Universal Disk Format File System Driver UDFS Elevation of Privilege Vulnerability...
CVE-2026-40404
Windows Universal Disk Format File System Driver UDFS Elevation of Privilege Vulnerability...
CVE-2026-41098
Improper neutralization of input during web page generation 'cross-site scripting' in Azure Stack Edge allows an authorized attacker to perform spoofing over a network...
CVE-2026-34335
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...
CVE-2026-38615
DedeCMS V5.7.118 is vulnerable to Command Execution in filemanagecontrol.php...
CVE-2026-3088
Unauthenticated users on the local network can cause the router to become unavailable by sending specially crafted requests...
CVE-2026-34692
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...
CVE-2026-35188
Issue summary: A malicious server can exploit TLS OCSP stapling by delivering a crafted response through the statusrequest extension, triggering a double-free in the client's certificate verification path. Impact summary: Successful exploitation allows an attacker to corrupt heap memory via a...
CVE-2026-40371
Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 on-premises allows an authorized attacker to elevate privileges over a network...
CVE-2026-34183
Issue summary: Remote peer may exhaust heap memory of the QUIC server or client by flooding it with packets containing PATHCHALLENGE frames. Impact summary: A malicious remote peer can cause an unbounded memory allocation which can lead to an abnormal termination of the application acting as a QU...
CVE-2026-33828
Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally...
CVE-2026-34182
Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...
CVE-2026-34181
Issue Summary: The PKCS12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 PBMAC1 integrity mechanism allowing a certificate and private key forgery. Impact Summary: An attacker impersonating a user can cause a service...