185797 matches found
PT-2026-58877
Improper Restriction of Communication Channel to Intended Endpoints and External Control of File Name or Path in Aura Wallpaper Service allow a local user to perform file operations by sending crafted commands containing an arbitrary file path and bypassing the service’s path restrictions . On...
PT-2026-58876
Permissive Cross-domain Security Policy with Untrusted Domains in ASUS GameSDK allows a remote user to obtain a local user’s NTLM hash by convincing the user to visit a crafted web page that sends a request containing a UNC path to the application’s local service endpoint. This can result in...
PT-2026-58866
An information disclosure vulnerability was identified in TP-Link Kasa EC70 v4 and EC71 v4 in the local discovery mechanism, which exposes sensitive geolocation information without requiring authentication. This issue allows an attacker on the same local network to retrieve geolocation-related da...
PT-2026-58871
Improper Neutralization of Special Elements used in an SQL Command "SQL Injection" in the web management interface of certain ASUS router models allows a remote authenticated user to disclose confidential information via a crafted request that bypasses existing input validation Refer to the ' ...
PT-2026-58874
Untrusted Pointer Dereference in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to perform arbitrary physical memory read and write operations via crafted IOCTL requests to the driver, bypassing OS-enforced memory protection...
PT-2026-58875
Out-of-bounds Read in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to read memory regions beyond the intended firmware boundary by supplying a crafted IOCTL request that bypasses the validation. Refer to the ' Security...
PT-2026-58873
Allocation of Resources Without Limits and Throttling and Sensitive Information in Resource Not Removed Before Reuse in the ASUS System Control Interface driver and ASUS Business Manager allow a local administrator to disclose sensitive information via crafted IOCTL requests, which, in severe...
PT-2026-58867
Kasa EC71 v4 and EC70 v4 firmware contains a static cryptographic private key stored in a read-only filesystem that is shared across devices. An attacker with access to the firmware image can extract the embedded key. Successful exploitation may allow an unauthenticated attacker on the same...
PT-2026-58872
An Improper Validation of Integrity Check Value and Improper Certificate Validation in certain ASUS router models allows a remote man-in-the-middleMITM user to make the router download and execute arbitrary command via a spoofed server. Refer to the ' Security Update for ASUS Router Firmware '...
PT-2026-58508
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally...
PT-2026-58581
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information locally...
PT-2026-58441
Improper access control in Microsoft Windows DNS allows an authorized attacker to perform tampering locally...
PT-2026-58452
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally...
PT-2026-58233
Heap-based buffer overflow in Windows Overlay Filter allows an authorized attacker to elevate privileges locally...
PT-2026-58217
Exposure of sensitive information to an unauthorized actor in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...
PT-2026-58467
Use after free in Windows Graphics Kernel allows an authorized attacker to elevate privileges locally...
PT-2026-58830
CAI Content Credentials is affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue requires user interaction in that a victim must...
PT-2026-58471
Off-by-one error in Windows Remote Desktop Protocol allows an unauthorized attacker to disclose information over a network...
PT-2026-58393
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Media allows an authorized attacker to elevate privileges over a network...
PT-2026-58133
Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to execute code over a network...
PT-2026-58562
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally...
PT-2026-58249
Heap-based buffer overflow in Microsoft Exchange Server allows an authorized attacker to execute code over a network...
PT-2026-58336
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Runtime allows an unauthorized attacker to elevate privileges over a network...
PT-2026-58666
Uncontrolled resource consumption in Windows DHCP Server allows an unauthorized attacker to deny service over a network...
PT-2026-58230
Heap-based buffer overflow in Windows Kernel allows an unauthorized attacker to elevate privileges with a physical attack...
PT-2026-58464
Use after free in Windows Installer allows an authorized attacker to elevate privileges locally...
PT-2026-58202
Concurrent execution using shared resource with improper synchronization 'race condition' in Microsoft Windows App Store allows an authorized attacker to elevate privileges locally...
PT-2026-58540
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally...
PT-2026-58626
Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code over a network...
PT-2026-58234
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally...
PT-2026-58484
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally...
PT-2026-58687
Audition is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
PT-2026-58663
Improper access control in Microsoft 365 Copilot for iOS allows an unauthorized attacker to elevate privileges over a network...
PT-2026-58157
Improperly implemented security check for standard in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...
PT-2026-58358
Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network...
PT-2026-58549
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally...
PT-2026-58600
Integer overflow or wraparound in Windows NTFS allows an authorized attacker to elevate privileges locally...
PT-2026-58370
Access of resource using incompatible type 'type confusion' in Windows Kernel allows an authorized attacker to elevate privileges locally...
PT-2026-58521
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
PT-2026-58135
Use after free in Windows App Installer allows an authorized attacker to elevate privileges locally...
PT-2026-58457
Exposure of sensitive information to an unauthorized actor in Microsoft Graphics Component allows an authorized attacker to disclose information locally...
PT-2026-58516
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Runtime allows an authorized attacker to elevate privileges locally...
PT-2026-58265
Untrusted search path in Microsoft XML allows an unauthorized attacker to bypass a security feature with a physical attack...
PT-2026-58524
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
PT-2026-58548
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally...
PT-2026-58528
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally...
PT-2026-58494
Use after free in Windows NTFS allows an authorized attacker to elevate privileges locally...
PT-2026-58583
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally...
PT-2026-58328
Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally...
PT-2026-58703
Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in...