205455 matches found
CVE-2026-35438
Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network...
CVE-2026-35420
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally...
CVE-2026-40362
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally...
CVE-2026-34686
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may ...
CVE-2026-34684
Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-35415
Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally...
CVE-2026-34690
After Effects versions 26.0, 25.6.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-35227
An unauthenticated remote attacker may exhaust all available TCP connections in the CODESYS Modbus TCP Server stack if a race condition in connection handling is successfully exploited, preventing legitimate clients from establishing new connections...
CVE-2026-34345
Access of resource using incompatible type 'type confusion' in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...
CVE-2026-34645
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain...
CVE-2026-34351
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows TCP/IP allows an authorized attacker to elevate privileges locally...
CVE-2026-34647
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain...
CVE-2026-35417
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally...
CVE-2026-34338
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally...
CVE-2026-34347
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally...
CVE-2026-35416
Access of resource using incompatible type 'type confusion' in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...
CVE-2026-34342
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally...
CVE-2026-34340
Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally...
CVE-2026-34341
Double free in Windows Link-Layer Discovery Protocol LLDP allows an authorized attacker to elevate privileges locally...
CVE-2026-34343
Heap-based buffer overflow in Windows Application Identity AppID Subsystem allows an authorized attacker to elevate privileges locally...
CVE-2026-35418
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally...
CVE-2026-34334
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows TCP/IP allows an authorized attacker to elevate privileges locally...
CVE-2026-34653
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary file system read and write. An authenticated attacker...
CVE-2026-34330
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally...
CVE-2026-34683
Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-34332
Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network...
CVE-2026-33835
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally...
CVE-2026-33838
Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally...
CVE-2026-34336
Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally...
CVE-2026-34344
Access of resource using incompatible type 'type confusion' in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...
CVE-2026-33110
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...
CVE-2026-33841
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally...
CVE-2026-34331
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally...
CVE-2026-33839
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally...
CVE-2026-32161
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Native WiFi Miniport Driver allows an unauthorized attacker to execute code over an adjacent network...
CVE-2026-34337
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally...
CVE-2026-32204
External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally...
CVE-2026-33112
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...
CVE-2026-34333
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally...
CVE-2026-34329
Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network...
CVE-2026-33821
Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network...
CVE-2026-33840
Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally...
CVE-2026-33837
Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally...
CVE-2026-33117
The Java Key Vault Keys library in the Azure SDK for Java contains an issue in the local cryptographic verification path where authentication tag comparison was implemented incorrectly. In affected applications that use the vulnerable local cryptography path, specially crafted encrypted input may...
CVE-2026-33833
Improper neutralization of special elements in output used by a downstream component 'injection' in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-33834
Improper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally...
CVE-2026-23827
A heap-based buffer overflow vulnerability exists in a Network management service of AOS-8 and AOS-10 that could allow an unauthenticated remote attacker to achieve remote code execution. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code as a privileged use...
CVE-2026-23825
Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages to the affected service. Due to insufficient input validation, successful exploitation may...
CVE-2026-23826
A vulnerability in a network management service of AOS-8 Operating System could allow an unauthenticated remote attacker to exploit this vulnerability by sending specially crafted network packets to the affected device, potentially resulting in a denial-of-service condition. Successful exploitati...
CVE-2025-65719
An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a victim system via user interaction with a crafted HTML page...