445 CVEs tracked today. 42 Critical, 218 High, 116 Medium, 4 Low.
-
CVE-2026-20963
CRITICAL
CVSS 9.8
Microsoft Office SharePoint contains a deserialization vulnerability (CVE-2026-20963) that allows authenticated users to execute arbitrary code over the network through crafted serialized objects. KEV-listed with public PoC, this CVSS 8.8 vulnerability enables any SharePoint user to escalate to server-level code execution, making it a critical threat for organizations relying on SharePoint for document management and collaboration.
Microsoft
Deserialization
-
CVE-2026-23478
CRITICAL
CVSS 9.8
Cal.com scheduling software (3.1.6 to 6.0.7) has a critical authentication bypass in the NextAuth JWT callback. Attackers can gain full access to any user account by supplying a target email via session.update(). Fixed in 6.0.7.
Information Disclosure
Cal.Com
-
CVE-2026-22871
CRITICAL
CVSS 9.8
GuardDog security scanner before 2.7.1 has a path traversal in safe_extract() that allows malicious PyPI packages to write files outside the extraction directory. Ironic vulnerability in a tool designed to detect malicious packages. Patch available.
RCE
Path Traversal
AI / ML
Guarddog
-
CVE-2026-22869
CRITICAL
CVSS 9.8
Eigent multi-agent workflow CI pipeline (ci.yml) uses pull_request_target with checkout of untrusted PR code, enabling arbitrary code execution with repository write permissions from fork PRs. PoC available, patch available.
Github
AI / ML
Eigent
-
CVE-2026-0892
CRITICAL
CVSS 9.8
Firefox 146 and Thunderbird 146 contain memory safety bugs with evidence of memory corruption that could potentially be exploited for code execution.
Memory Corruption
Firefox
Thunderbird
Redhat
Suse
-
CVE-2026-0884
CRITICAL
CVSS 9.8
Firefox JavaScript engine has a use-after-free vulnerability. Affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147 and < 140.7.
Use After Free
Firefox
Thunderbird
Redhat
Suse
-
CVE-2026-0881
CRITICAL
CVSS 10.0
Firefox Messaging System component has a sandbox escape vulnerability. Maximum CVSS 10.0 with scope change. Affects Firefox < 147 and Thunderbird < 147.
Authentication Bypass
Firefox
Thunderbird
Redhat
Suse
-
CVE-2026-0879
CRITICAL
CVSS 9.8
Firefox sandbox escape via incorrect boundary conditions in the Graphics component. Affects Firefox < 147, Firefox ESR < 115.32 and < 140.7, Thunderbird < 147 and < 140.7.
Industrial
Thunderbird
Firefox
Redhat
Suse
-
CVE-2026-0501
CRITICAL
CVSS 9.9
SAP S/4HANA General Ledger (Private Cloud and On-Premise) has SQL injection allowing authenticated users to read, modify, and delete backend database data with scope change (CVSS 9.9). Financial data is directly at risk.
Sap
-
CVE-2026-0500
CRITICAL
CVSS 9.6
SAP Wily Introscope Enterprise Manager uses a vulnerable third-party component that allows unauthenticated attackers to create malicious JNLP files at public URLs. Victims who click these URLs execute OS commands on their machines. Scope change. Patch available.
Sap
Java
Command Injection
Introscope Enterprise Manager
-
CVE-2026-0498
CRITICAL
CVSS 9.1
SAP S/4HANA (Private Cloud and On-Premise) has the same backdoor vulnerability as CVE-2026-0491 – admin-exploitable ABAP/OS command injection via RFC function module. Patch available.
Sap
Command Injection
-
CVE-2026-0491
CRITICAL
CVSS 9.1
SAP Landscape Transformation has an admin-exploitable backdoor via RFC function module that allows injection of arbitrary ABAP code and OS commands, bypassing authorization checks. Scope change enables full SAP system compromise.
Sap
Command Injection
-
CVE-2025-69992
CRITICAL
CVSS 9.8
phpgurukul News Portal V4.1 allows unauthenticated upload of any file type via upload.php. The third critical vulnerability in this application alongside file deletion and SQL injection. PoC available.
PHP
News Portal
-
CVE-2025-69991
CRITICAL
CVSS 9.8
phpgurukul News Portal V4.1 has SQL injection in check_availablity.php. PoC available.
PHP
SQLi
News Portal
-
CVE-2025-69990
CRITICAL
CVSS 9.1
phpgurukul News Portal V4.1 allows unauthenticated arbitrary file deletion via remove_file.php. Attackers can delete any file on the server. PoC available.
PHP
News Portal
-
CVE-2025-68271
CRITICAL
CVSS 10.0
OpenC3 COSMOS (space mission control software, 5.0.0-6.10.1) has unauthenticated RCE through the JSON-RPC API. String parameters are evaluated as Ruby code via convert_to_value. Maximum CVSS 10.0 with scope change.
Ruby
RCE
-
CVE-2025-65783
CRITICAL
CVSS 9.8
Hub v2.0 property management system allows unauthenticated arbitrary file upload via /utils/uploadFile. Malicious PDF files can be uploaded and may achieve code execution.
File Upload
RCE
Hub
-
CVE-2025-64155
CRITICAL
CVSS 9.8
Fortinet FortiSIEM (6.7.0 through 7.4.0) has OS command injection via crafted TCP requests. As a SIEM, compromise gives attackers access to all security logs and the ability to suppress alerts. PoC available.
Fortinet
Command Injection
Fortisiem
-
CVE-2025-47855
CRITICAL
CVSS 9.8
Fortinet FortiFone 7.0.0-7.0.1 and 3.0.13-3.0.23 allows unauthenticated attackers to download the complete device configuration via crafted HTTP/HTTPS requests. Configuration files contain credentials and network settings.
Fortinet
-
CVE-2025-40805
CRITICAL
CVSS 10.0
An API authentication bypass allows unauthenticated attackers to impersonate legitimate users. Maximum CVSS 10.0 with scope change. Requires knowledge of a legitimate user's identity.
Authentication Bypass
IoT
Industrial
-
CVE-2025-25176
CRITICAL
CVSS 9.1
A hardware vulnerability allows exfiltration of intermediate register values from secure workloads running in ARM TrustZone or similar TEE environments. Non-secure applications can read secure-world register contents.
Information Disclosure
Ddk
-
CVE-2025-14829
CRITICAL
CVSS 9.1
E-xact Hosted Payment WordPress plugin (through 2.0) allows unauthenticated arbitrary file deletion. Attackers can delete wp-config.php to trigger the WordPress installer and take over the site.
WordPress
PHP
-
CVE-2025-12548
CRITICAL
CVSS 9.0
Eclipse Che che-machine-exec exposes an unauthenticated JSON-RPC/WebSocket API on port 3333 that allows remote command execution and secret exfiltration from other users' developer workspace containers.
Ssh
Authentication Bypass
Redhat
-
CVE-2025-11250
CRITICAL
CVSS 9.1
ManageEngine ADSelfService Plus before 6519 has an authentication bypass due to improper filter configurations. As a self-service password management tool for Active Directory, compromise enables mass password resets across the enterprise. Patch available.
Authentication Bypass
Manageengine Adselfservice Plus
-
CVE-2025-10915
CRITICAL
CVSS 9.8
Dreamer Blog WordPress theme (through 1.2) allows unauthenticated arbitrary plugin/theme installations due to a missing capability check. Attackers can install malicious plugins to achieve RCE.
WordPress
PHP
-
CVE-2023-54339
CRITICAL
CVSS 9.8
Webgrind 1.1 has unauthenticated command injection via the dataFile parameter in index.php. The profiling tool executes OS commands directly from URL parameters. PoC available.
PHP
Command Injection
Webgrind
-
CVE-2023-54337
CRITICAL
CVSS 9.1
Sysax Multi Server 6.95 crashes when the admin password field receives 800 bytes, causing denial of service. PoC available.
Denial Of Service
Multi Server
-
CVE-2023-54335
CRITICAL
CVSS 9.8
eXtplorer 2.1.14 has an authentication bypass that allows passwordless login. Combined with the file manager's upload capability, this achieves unauthenticated RCE. PoC available.
PHP
Authentication Bypass
Extplorer
-
CVE-2023-54334
CRITICAL
CVSS 9.8
Explorer32++ 1.3.5.531 has a buffer overflow in filename handling that corrupts the SEH chain with filenames over 396 characters. PoC available.
Buffer Overflow
-
CVE-2023-54330
CRITICAL
CVSS 9.8
Inbit Messenger 4.6.0-4.9.0 has a second stack buffer overflow in the network handler. SEH overwrite leads to shellcode execution on Windows. PoC available.
Windows
Buffer Overflow
Stack Overflow
Inbit Messenger
-
CVE-2023-54329
CRITICAL
CVSS 9.8
Inbit Messenger 4.6.0-4.9.0 has unauthenticated RCE through a stack overflow in the XML protocol on port 10883. PoC available.
Stack Overflow
Inbit Messenger
-
CVE-2022-50935
CRITICAL
CVSS 9.8
Flame II HSPA USB Modem has an unquoted service path vulnerability that enables privilege escalation to SYSTEM on Windows. PoC available.
Windows
-
CVE-2022-50926
CRITICAL
CVSS 9.8
WAGO PFC200 G2 PLC (firmware affected) allows privilege escalation through cookie manipulation. Users can modify cookie values to gain admin privileges. PoC available.
Golang
Privilege Escalation
-
CVE-2022-50925
CRITICAL
CVSS 9.8
Prowise Reflect 1.0.9 exposes a WebSocket on port 8082 that accepts unauthenticated keyboard injection commands. Malicious web pages can type keystrokes and open applications on the display device. PoC available.
CSRF
Reflect
-
CVE-2022-50922
CRITICAL
CVSS 9.8
Audio Conversion Wizard v2.01 has a buffer overflow in the registration code field that enables RCE through a crafted payload. PoC available.
RCE
Buffer Overflow
-
CVE-2022-50919
CRITICAL
CVSS 9.8
Tdarr 2.00.15 media transcoding server has unauthenticated RCE through command injection in the Help terminal. Commands can be chained without any input filtering. PoC available.
Python
RCE
Tdarr
-
CVE-2022-50912
CRITICAL
CVSS 9.8
ImpressCMS 1.4.4 has weak file upload extension filtering that can be bypassed using alternative PHP extensions (.php2, .php6, .php7, .phps, .pht). PoC available.
PHP
Impresscms
-
CVE-2022-50910
CRITICAL
CVSS 9.8
Beehive Forum 1.5.2 has host header injection in the forgot password function that allows intercepting password reset tokens. PoC available.
Code Injection
Beehive Forum
-
CVE-2022-50905
CRITICAL
CVSS 9.8
e107 CMS 3.2.1 has multiple XSS vulnerabilities in news comments that allow executing arbitrary JavaScript. Rated CVSS 9.8 suggesting further exploitation potential beyond typical XSS. PoC available.
PHP
XSS
E107
-
CVE-2022-50895
CRITICAL
CVSS 9.8
Aero CMS 0.0.1 has SQL injection in the author parameter exploitable through boolean-based, error-based, time-based, and UNION query techniques. PoC available.
SQLi
Aerocms
-
CVE-2022-50893
CRITICAL
CVSS 9.8
VIAVIWEB Wallpaper Admin 1.0 allows unauthenticated PHP file upload through the add_gallery_image.php endpoint. PoC available.
PHP
RCE
Wallpaper Admin
-
CVE-2020-36911
CRITICAL
CVSS 9.8
Covenant C2 framework (0.1.3-0.5) allows forging JWT tokens with admin roles due to hardcoded credentials. Attackers can upload and execute DLL payloads for RCE. PoC available.
RCE
Covenant
-
CVE-2026-22870
HIGH
CVSS 7.5
GuardDog versions prior to 2.7.1 fail to validate decompressed file sizes when extracting Python package archives, enabling denial of service attacks through zip bomb payloads that can consume gigabytes of disk space from minimal compressed data. Public exploit code exists for this vulnerability, affecting users who rely on GuardDog to scan PyPI packages for malicious content. Upgrade to version 2.7.1 or later to remediate this flaw.
Denial Of Service
AI / ML
Guarddog
-
CVE-2026-22868
HIGH
CVSS 7.5
Go Ethereum (geth) nodes can be remotely crashed through maliciously crafted network messages, causing denial of service to affected network participants. An unauthenticated attacker on the network can exploit this vulnerability without user interaction to force vulnerable nodes offline. A patch is available in version 1.16.8 and later.
Golang
Denial Of Service
Go Ethereum
Suse
-
CVE-2026-22862
HIGH
CVSS 7.5
Go Ethereum nodes can be remotely crashed by unauthenticated attackers sending specially crafted network messages, resulting in denial of service. This network-based attack requires no user interaction and affects Golang and Go Ethereum implementations prior to version 1.16.8. A patch is available to remediate this high-severity vulnerability.
Golang
Denial Of Service
Go Ethereum
Suse
-
CVE-2026-22861
HIGH
CVSS 8.8
Memory corruption in iccDEV library versions before 2.3.1.2 allows remote attackers to achieve code execution via maliciously crafted ICC color profiles, affecting users who process untrusted profile data. Public exploit code exists for this vulnerability. Organizations using iccDEV should upgrade to version 2.3.1.2 immediately.
Buffer Overflow
Heap Overflow
Iccdev
-
CVE-2026-22818
HIGH
CVSS 8.2
Hono versions before 4.11.4 allow JWT algorithm confusion attacks through improper algorithm validation in the JWK/JWKS verification middleware, enabling attackers to forge valid tokens when the selected JWK lacks an explicit algorithm definition. An unauthenticated remote attacker can exploit this to bypass JWT signature verification and gain unauthorized access to affected applications. The vulnerability has been patched in version 4.11.4, which now requires explicit algorithm allowlists instead of deriving algorithms from untrusted JWT headers.
Information Disclosure
Hono
-
CVE-2026-22817
HIGH
CVSS 8.2
Hono before version 4.11.4 contains a JWT algorithm confusion vulnerability in its JWK/JWKS verification middleware that allows attackers to forge authentication tokens when the JWK lacks explicit algorithm specification. An unauthenticated remote attacker can exploit this by manipulating the JWT header's alg value to bypass signature verification in affected configurations. The vulnerability is resolved in version 4.11.4, which now requires explicit algorithm specification to prevent header-driven algorithm confusion.
Information Disclosure
Hono
-
CVE-2026-21307
HIGH
CVSS 7.8
Arbitrary code execution in Substance 3D Designer 15.0.3 and earlier results from an out-of-bounds write vulnerability triggered when users open specially crafted files. An attacker can leverage this to execute code with the privileges of the affected user, though exploitation requires social engineering to deliver the malicious file. No patch is currently available.
Buffer Overflow
RCE
Substance 3d Designer
-
CVE-2026-21306
HIGH
CVSS 7.8
Arbitrary code execution in Substance 3D Sampler 5.1.0 and earlier through an out-of-bounds write vulnerability that requires a user to open a malicious file. An attacker can execute commands with the privileges of the current user on the affected system. No patch is currently available for this vulnerability.
Buffer Overflow
RCE
Substance 3d Sampler
-
CVE-2026-21305
HIGH
CVSS 7.8
Arbitrary code execution in Adobe Substance 3D Painter versions 11.0.3 and earlier through an out-of-bounds write flaw allows attackers to execute commands with user privileges when a victim opens a crafted file. The vulnerability requires user interaction but carries high impact potential across confidentiality, integrity, and availability. No patch is currently available for affected users.
Buffer Overflow
RCE
Substance 3d Painter
-
CVE-2026-21304
HIGH
CVSS 7.8
Arbitrary code execution in Adobe InDesign versions 21.0, 19.5.5 and earlier via a heap buffer overflow vulnerability when users open malicious files. The flaw requires user interaction but allows attackers to execute code with the privileges of the current user. No patch is currently available for this high-severity issue.
Adobe
Buffer Overflow
Heap Overflow
Indesign
-
CVE-2026-21299
HIGH
CVSS 7.8
Arbitrary code execution in Substance 3D Modeler 1.22.4 and earlier via out-of-bounds write vulnerability when processing malicious files. An attacker can execute code with the privileges of the user who opens a crafted file, requiring social engineering for successful exploitation. No patch is currently available for this vulnerability.
Buffer Overflow
RCE
Substance 3d Modeler
-
CVE-2026-21298
HIGH
CVSS 7.8
Arbitrary code execution in Substance 3D Modeler versions 1.22.4 and earlier results from an out-of-bounds write vulnerability triggered when users open malicious files. An attacker can leverage this to execute code with the privileges of the current user, with no patch currently available to remediate the issue.
Buffer Overflow
RCE
Substance 3d Modeler
-
CVE-2026-21287
HIGH
CVSS 7.8
Arbitrary code execution in Substance 3D Stager 3.1.5 and earlier stems from a use-after-free vulnerability that executes with the privileges of the current user. An attacker can exploit this by crafting a malicious file that triggers the vulnerability when opened by a victim, requiring user interaction to activate the attack. No patch is currently available for this vulnerability.
Use After Free
Substance 3d Stager
-
CVE-2026-21283
HIGH
CVSS 7.8
Heap buffer overflow in Bridge versions 15.1.2 and 16.0 and earlier enables arbitrary code execution when users open specially crafted files. The vulnerability requires user interaction but carries no patch availability, leaving affected systems exposed to local attack. With a CVSS score of 7.8, this poses significant risk to Bridge users until patching becomes available.
Buffer Overflow
Heap Overflow
Bridge
-
CVE-2026-21281
HIGH
CVSS 7.8
Arbitrary code execution in Adobe InCopy versions 21.0, 19.5.5 and earlier through a heap-based buffer overflow when users open malicious files. An attacker can execute commands with the privileges of the targeted user by crafting a specially designed document. No patch is currently available, requiring users to avoid opening untrusted InCopy files.
Buffer Overflow
Heap Overflow
Incopy
-
CVE-2026-21280
HIGH
CVSS 8.6
Arbitrary code execution in Adobe Illustrator 29.8.3 and 30.0 through an untrusted search path vulnerability that allows attackers to redirect application resource lookups to malicious executables. Exploitation requires local access and user interaction to open a crafted file, but executes with full user privileges and can affect the entire system. No patch is currently available.
Adobe
Illustrator
-
CVE-2026-21277
HIGH
CVSS 7.8
Arbitrary code execution in Adobe InDesign versions 21.0, 19.5.5 and earlier through a heap-based buffer overflow vulnerability triggered by opening a malicious file. Attackers can achieve code execution with the privileges of the affected user, requiring only social engineering to deliver the malicious document. No patch is currently available.
Adobe
Buffer Overflow
Heap Overflow
Indesign
-
CVE-2026-21276
HIGH
CVSS 7.8
Arbitrary code execution in Adobe InDesign versions 21.0, 19.5.5 and earlier through an uninitialized pointer vulnerability that executes with user privileges when a victim opens a crafted file. This local attack requires user interaction but offers no patch availability and affects all current InDesign users.
Adobe
Indesign
-
CVE-2026-21275
HIGH
CVSS 7.8
Arbitrary code execution in Adobe InDesign versions 21.0, 19.5.5 and earlier through an uninitialized pointer vulnerability that executes with user privileges when a victim opens a crafted file. The attack requires no special privileges or system access, making it a significant risk for InDesign users who may inadvertently open malicious documents. No patch is currently available.
Adobe
Indesign
-
CVE-2026-21274
HIGH
CVSS 7.8
Arbitrary code execution in Adobe Dreamweaver 21.6 and earlier stems from an incorrect authorization flaw that allows attackers to bypass security controls when a user opens a malicious file. An attacker can execute code with the privileges of the current user, potentially compromising the system. No patch is currently available for this vulnerability.
Authentication Bypass
RCE
Dreamweaver
-
CVE-2026-21272
HIGH
CVSS 8.6
Dreamweaver Desktop versions 21.6 and earlier suffer from improper input validation that enables arbitrary file writes when a user opens a malicious file. An attacker can exploit this to manipulate or inject malicious content into the victim's file system with broad impact across confidentiality, integrity, and availability. No patch is currently available.
Code Injection
Dreamweaver
-
CVE-2026-21271
HIGH
CVSS 8.6
Arbitrary code execution in Adobe Dreamweaver versions 21.6 and earlier allows local attackers to execute commands with user privileges by delivering malicious files that bypass input validation. Successful exploitation requires social engineering to convince a user to open a crafted file, with impact extending beyond the application context. No patch is currently available for this high-severity vulnerability.
RCE
Code Injection
Dreamweaver
-
CVE-2026-21268
HIGH
CVSS 8.6
Improper input validation in Adobe Dreamweaver 21.6 and earlier allows arbitrary code execution with user privileges through a malicious file. An attacker can exploit this vulnerability by tricking a user into opening a crafted file, with no special privileges required. A patch is currently unavailable, making this a significant risk for affected Dreamweaver users.
RCE
Code Injection
Dreamweaver
-
CVE-2026-21267
HIGH
CVSS 8.6
Arbitrary code execution in Adobe Dreamweaver 21.6 and earlier via OS command injection allows attackers to execute arbitrary commands on affected systems when a victim opens a malicious file. The vulnerability requires local access and user interaction but impacts all confidentiality, integrity, and availability of the system. No patch is currently available.
Command Injection
Dreamweaver
-
CVE-2026-21226
HIGH
CVSS 7.5
Remote code execution in Azure Core Shared Client Library for Python results from insecure deserialization of untrusted data, allowing authenticated network-based attackers to achieve arbitrary code execution. The vulnerability affects Python applications utilizing the vulnerable library versions, with no patch currently available. This represents a high-severity risk for Azure SDK consumers handling external or user-supplied serialized data.
Python
Azure
Deserialization
Azure Core Shared Client Library
Suse
-
CVE-2026-21224
HIGH
CVSS 7.8
Local privilege escalation in Azure Connected Machine Agent exploits a stack-based buffer overflow, enabling authenticated users to gain elevated system privileges. The vulnerability affects Azure and Stack Overflow deployments and requires local access with valid credentials to exploit. No patch is currently available for this high-severity issue.
Azure
Buffer Overflow
Stack Overflow
Azure Connected Machine Agent
-
CVE-2026-21221
HIGH
CVSS 7.0
Privilege escalation in Windows 11 and Windows Server 2025 Capability Access Management Service results from a race condition in resource synchronization, enabling authenticated local users to gain elevated system privileges. The vulnerability affects multiple recent Windows versions (24h2 and 25h2) and currently lacks a patch. No public exploit code has been disclosed, though the attack requires local access and moderate complexity to execute.
Race Condition
Windows 11 24h2
Windows 11 25h2
Windows Server 2025
Microsoft
-
CVE-2026-21219
HIGH
CVSS 7.0
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. [CVSS 7.0 HIGH]
Use After Free
Windows Software Development Kit
-
CVE-2026-20965
HIGH
CVSS 7.5
Windows Admin Center fails to properly validate cryptographic signatures, enabling high-privileged users to bypass security controls and gain elevated system access on local machines. This vulnerability affects both Windows and Windows Admin Center installations and requires an authenticated attacker with administrative credentials to exploit. No patch is currently available for this issue.
Windows
Windows Admin Center
-
CVE-2026-20957
HIGH
CVSS 7.8
Arbitrary code execution in Microsoft Office Excel results from an integer underflow vulnerability in the Long Term Servicing Channel and Online Server editions, exploitable by local attackers with user interaction. This HIGH severity flaw (CVSS 7.8) grants full system compromise capabilities including code execution, data theft, and service disruption with no available patch.
Microsoft
Integer Overflow
Office Long Term Servicing Channel
Office Online Server
Excel
-
CVE-2026-20956
HIGH
CVSS 7.8
Memory corruption in Microsoft Excel within Office 365 Apps and Long Term Servicing Channel enables local code execution through a malicious file requiring user interaction. An attacker can achieve arbitrary code execution with full system privileges by exploiting improper pointer handling in the application. No patch is currently available, leaving affected systems vulnerable until Microsoft releases a fix.
Microsoft
365 Apps
Office Long Term Servicing Channel
-
CVE-2026-20955
HIGH
CVSS 7.8
Arbitrary code execution in Microsoft Excel through unsafe pointer handling enables local attackers to achieve full system compromise without requiring elevated privileges. This vulnerability affects Microsoft 365 Apps, Office, Office Online Server, and Office Long Term Servicing Channel across multiple versions. No patch is currently available, leaving affected systems vulnerable to exploitation via maliciously crafted spreadsheets.
Microsoft
365 Apps
Office
Office Online Server
Office Long Term Servicing Channel
-
CVE-2026-20953
HIGH
CVSS 8.4
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. [CVSS 8.4 HIGH]
Microsoft
Use After Free
365 Apps
Office Long Term Servicing Channel
Office
-
CVE-2026-20952
HIGH
CVSS 8.4
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. [CVSS 8.4 HIGH]
Microsoft
Use After Free
Office Long Term Servicing Channel
Office
365 Apps
-
CVE-2026-20951
HIGH
CVSS 7.8
Local code execution in Microsoft SharePoint Server results from inadequate input validation, enabling attackers with local access to execute arbitrary code with user interaction. The vulnerability affects SharePoint deployments and carries high impact across confidentiality, integrity, and authenticity. No patch is currently available.
Microsoft
Sharepoint Server
-
CVE-2026-20950
HIGH
CVSS 7.8
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. [CVSS 7.8 HIGH]
Microsoft
Use After Free
Excel
Office Online Server
365 Apps
-
CVE-2026-20949
HIGH
CVSS 7.8
Microsoft Office Excel in the Long Term Servicing Channel and 365 Apps contains an access control bypass vulnerability that allows a local attacker with user interaction to gain unauthorized access to sensitive data and modify or delete system resources. The vulnerability requires local access and user interaction to exploit, affecting the confidentiality, integrity, and availability of affected systems. No patch is currently available.
Microsoft
Office Long Term Servicing Channel
365 Apps
-
CVE-2026-20948
HIGH
CVSS 7.8
Local code execution in Microsoft Office Word (including 365 Apps and SharePoint Server) results from unsafe pointer dereferencing that can be triggered by user interaction with a malicious document. An attacker with local access can exploit this vulnerability to execute arbitrary code with the privileges of the affected user. No patch is currently available for this vulnerability.
Microsoft
Office Long Term Servicing Channel
Sharepoint Server
Word
365 Apps
-
CVE-2026-20947
HIGH
CVSS 8.8
SQL injection in Microsoft SharePoint Server enables authenticated attackers to execute arbitrary code remotely through improper sanitization of database queries. This vulnerability affects authorized users with network access and could allow them to compromise affected systems with high-level privileges. No patch is currently available for this issue.
Microsoft
SQLi
Sharepoint Server
-
CVE-2026-20946
HIGH
CVSS 7.8
Local code execution in Microsoft Office Excel occurs through an out-of-bounds memory read vulnerability affecting the Long Term Servicing Channel, Office 365 Apps, and standalone Office installations. An attacker with local access and user interaction can exploit this flaw to achieve arbitrary code execution with full system privileges. No patch is currently available for this high-severity vulnerability.
Microsoft
Office Long Term Servicing Channel
365 Apps
Office
Excel
-
CVE-2026-20944
HIGH
CVSS 8.4
Microsoft Office Word contains an out-of-bounds read vulnerability that enables local code execution on affected systems. Users of Microsoft 365 Apps and Office Long Term Servicing Channel are at risk, as an attacker with local access can exploit this memory safety flaw to execute arbitrary code with full system privileges. No patch is currently available for this high-severity vulnerability.
Microsoft
365 Apps
Office Long Term Servicing Channel
-
CVE-2026-20943
HIGH
CVSS 7.0
Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally. [CVSS 7.0 HIGH]
Microsoft
Office Deployment Tool
Sharepoint Server
Office
-
CVE-2026-20941
HIGH
CVSS 7.8
Privilege escalation in Windows Task Host Process affects Windows 11 and Server 2025 through unsafe symbolic link handling, allowing authenticated local users to gain elevated system privileges. An attacker with standard user access can exploit improper link resolution to bypass access controls and execute arbitrary actions with SYSTEM-level permissions. Currently no patch is available for this vulnerability.
Windows
Windows Server 2025
Windows 11 25h2
Windows 11 24h2
Microsoft
-
CVE-2026-20940
HIGH
CVSS 7.8
Windows Cloud Files Mini Filter Driver contains a heap-based buffer overflow that enables local privilege escalation on Windows 10 1809, Windows Server 2016, and Windows Server 2022. An authenticated attacker can exploit this vulnerability to gain elevated system privileges without user interaction. No patch is currently available.
Windows
Buffer Overflow
Heap Overflow
Windows 10 1809
Windows Server 2022
-
CVE-2026-20938
HIGH
CVSS 7.8
Windows Virtualization-Based Security (VBS) Enclave contains an untrusted pointer dereference vulnerability that allows authenticated local users to achieve privilege escalation. The vulnerability affects Windows 11 versions 23h2, 24h2, and 25h2, and currently has no available patch. An attacker with local access can exploit this memory safety flaw to gain elevated system privileges.
Windows
Windows 11 23h2
Windows 11 25h2
Windows 11 24h2
Microsoft
-
CVE-2026-20934
HIGH
CVSS 7.5
Privilege escalation in Windows SMB Server (Server 2025, Windows 11 24H2, Windows 10 22H2) stems from improper synchronization of shared resources during concurrent execution, enabling authenticated network attackers to gain elevated privileges. The vulnerability requires high complexity exploitation but carries high impact across confidentiality, integrity, and availability. No patch is currently available.
Windows
Race Condition
Windows Server 2025
Windows 11 24h2
Windows 10 22h2
-
CVE-2026-20931
HIGH
CVSS 8.0
Windows Telephony Service on multiple Windows versions (10, 11, Server 2008/2022) contains an improper file path control vulnerability that enables authenticated attackers on the same network to escalate privileges to system level. An attacker with local user credentials can manipulate file name or path parameters to achieve elevated privileges without user interaction. No patch is currently available, though the vulnerability has high exploitability potential (EPSS 0.8%).
Windows
Windows 11 23h2
Windows Server 2022 23h2
Windows Server 2008
Windows 10 1607
-
CVE-2026-20929
HIGH
CVSS 7.5
Windows HTTP.sys contains an access control weakness that enables authenticated network attackers to escalate privileges on affected Windows systems including Windows 10 and Windows Server 2016/2019. The vulnerability requires low attack complexity and existing user credentials but grants complete compromise of confidentiality, integrity, and availability. No patch is currently available for this HIGH severity issue.
Windows
Windows 10 22h2
Windows Server 2019
Windows Server 2016
Windows 10 1809
-
CVE-2026-20926
HIGH
CVSS 7.5
Privilege escalation in Windows SMB Server (versions 10 22h2, 11 23h2, and 11 25h2) stems from improper synchronization of shared resources, allowing authenticated network attackers to elevate privileges. The race condition vulnerability requires specific timing conditions but carries high impact across confidentiality, integrity, and availability. No patch is currently available for this vulnerability.
Windows
Race Condition
Windows 11 23h2
Windows 11 25h2
Windows 10 22h2
-
CVE-2026-20924
HIGH
CVSS 7.8
Privilege escalation in Windows Management Services via use-after-free memory corruption affects Windows 10, Windows 11, and Windows Server 2019, enabling authenticated local attackers to gain elevated system privileges. An authorized user can exploit this vulnerability through a race condition to execute arbitrary code with higher privileges. No patch is currently available for this vulnerability.
Windows
Use After Free
Windows 11 25h2
Windows Server 2019
Windows 10 22h2
-
CVE-2026-20923
HIGH
CVSS 7.8
Privilege escalation in Windows Management Services affects Windows Server 2019, 2022 23h2, and 2025 through a use-after-free vulnerability that allows authenticated local attackers to gain elevated system privileges. The flaw requires low privileges and manual user interaction to trigger, potentially giving attackers complete system control. No patch is currently available for this vulnerability.
Windows
Use After Free
Windows Server 2022 23h2
Windows Server 2025
Windows Server 2019
-
CVE-2026-20922
HIGH
CVSS 7.8
Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally. [CVSS 7.8 HIGH]
Windows
Buffer Overflow
Heap Overflow
Windows 10 1607
Windows 11 25h2
-
CVE-2026-20921
HIGH
CVSS 7.5
Privilege escalation in Windows SMB Server (2022, 2025) stems from improper synchronization of concurrent resource access, enabling authenticated network attackers to gain elevated privileges. The vulnerability requires specific conditions to trigger but provides high-impact unauthorized access when successfully exploited. No patch is currently available for affected systems.
Windows
Race Condition
Windows Server 2022 23h2
Windows Server 2022
Windows Server 2025
-
CVE-2026-20920
HIGH
CVSS 7.8
Windows Win32K use-after-free vulnerability in ICOMP affects Windows 11 23h2 and Windows Server 2022 23h2, enabling authenticated local attackers to achieve privilege escalation with high impact on confidentiality, integrity, and availability. Currently no patch is available, and exploitation requires local access with user-level privileges.
Windows
Use After Free
Windows Server 2022 23h2
Windows 11 23h2
Windows Server 2022
-
CVE-2026-20919
HIGH
CVSS 7.5
Windows SMB Server contains a race condition in concurrent resource handling that enables authenticated network attackers to escalate privileges on affected systems including Windows 10 22H2, Windows 10 1607, and Windows Server 2025. The vulnerability requires low attack complexity and network access from an authenticated user, but carries high impact across confidentiality, integrity, and availability. No patch is currently available for this HIGH severity issue (CVSS 7.5).
Windows
Race Condition
Windows 10 22h2
Windows Server 2025
Windows 10 1607
-
CVE-2026-20918
HIGH
CVSS 7.8
Windows Management Services on Windows 10 and 11 contains a race condition in shared resource synchronization that enables authenticated local users to escalate privileges to system level. The vulnerability affects multiple Windows versions including 22h2, 21h2, and 25h2 builds, with no patch currently available.
Windows
Race Condition
Windows 11 25h2
Windows 10 22h2
Windows 10 21h2
-
CVE-2026-20877
HIGH
CVSS 7.8
Privilege escalation in Windows Management Services affects Windows 10 22h2, Windows Server 2022 23h2, and Windows 11 23h2 through a use-after-free memory flaw. An authenticated local attacker can exploit this vulnerability to gain elevated system privileges. Currently, no patch is available.
Windows
Use After Free
Windows 10 22h2
Windows Server 2022 23h2
Windows 11 23h2
-
CVE-2026-20875
HIGH
CVSS 7.5
Remote denial of service in Windows LSASS affects Windows 10 and 11 through a null pointer dereference that an unauthenticated attacker can trigger over the network. The vulnerability causes service unavailability but does not enable code execution or data theft. No patch is currently available, leaving affected systems vulnerable until Microsoft releases a fix.
Windows
Null Pointer Dereference
Windows 11 24h2
Windows 10 21h2
Windows 10 1809
-
CVE-2026-20874
HIGH
CVSS 7.8
Privilege escalation in Windows Management Services on Windows 10 and 11 stems from improper synchronization of shared resources, enabling local authenticated attackers to gain elevated privileges. The race condition can be exploited without user interaction and impacts confidentiality, integrity, and availability across system boundaries. No patch is currently available for this vulnerability.
Windows
Race Condition
Windows 11 23h2
Windows 11 24h2
Windows 10 1809
-
CVE-2026-20873
HIGH
CVSS 7.8
Privilege escalation in Windows Management Services (Windows 10/11) stems from improper synchronization of shared resources, allowing authenticated local users to gain elevated privileges through race condition exploitation. The vulnerability affects multiple Windows versions including 22H2 and 24H2 builds, with no patch currently available. An attacker with valid credentials can leverage this flaw to escalate from a standard user account to system-level access.
Windows
Race Condition
Windows 10 22h2
Windows 11 24h2
Windows 10 1809
-
CVE-2026-20871
HIGH
CVSS 7.8
Local privilege escalation in Windows Desktop Window Manager (DWM) through use-after-free memory corruption affects Windows 10 22H2, Windows Server 2022, and Windows Server 2025. An authenticated local attacker can exploit this vulnerability to gain system-level privileges with no user interaction required. No patch is currently available for this high-severity vulnerability.
Windows
Use After Free
Windows Server 2022
Windows Server 2025
Windows 10 22h2
-
CVE-2026-20870
HIGH
CVSS 7.8
Privilege escalation in Windows Win32K ICOMP component via use-after-free memory corruption affects Windows 11 (24h2, 25h2) and Windows Server 2025. An authenticated local attacker can exploit this vulnerability to gain SYSTEM-level privileges with no user interaction required. Currently no patch is available and exploitation requires local access with user-level permissions.
Windows
Use After Free
Windows 11 25h2
Windows 11 24h2
Windows Server 2025
-
CVE-2026-20869
HIGH
CVSS 7.0
Local privilege escalation in Windows Local Session Manager (LSM) across Windows 11 23h2, Windows Server 2012, and 2019 stems from improper synchronization in shared resource handling, enabling authenticated attackers to elevate privileges on affected systems. The vulnerability requires local access and specific timing conditions to exploit, with no patch currently available. This affects systems running the impacted Windows and Server editions where authenticated users may achieve system-level privileges.
Windows
Race Condition
Windows 11 23h2
Windows Server 2012
Windows Server 2019
-
CVE-2026-20868
HIGH
CVSS 8.8
Remote code execution in Windows RRAS affects Windows 10 21h2 and Windows Server 2022 variants through a heap-based buffer overflow triggered over the network without authentication. An attacker can exploit this vulnerability to execute arbitrary code with high privileges, though a user interaction is required to trigger the flaw. No patch is currently available, making this a critical risk for exposed systems.
Windows
Buffer Overflow
Heap Overflow
Windows Server 2022
Windows Server 2022 23h2
-
CVE-2026-20867
HIGH
CVSS 7.8
Local privilege escalation in Windows Management Services affects Windows Server 2019, Windows 11 24h2, and Windows Server 2025 through improper synchronization of shared resources, enabling authenticated users to gain elevated system privileges. The vulnerability exploits a race condition that an attacker can trigger without user interaction, though no patch is currently available.
Windows
Race Condition
Windows Server 2019
Windows 11 24h2
Windows Server 2025
-
CVE-2026-20866
HIGH
CVSS 7.8
Windows Management Services on Windows 10 and Windows Server 2019 contains a race condition in shared resource synchronization that enables local privilege escalation for authenticated users. An attacker with local access can exploit improper locking mechanisms to gain elevated system privileges. No patch is currently available for this vulnerability.
Windows
Race Condition
Windows Server 2019
Windows 10 22h2
Windows 10 1809
-
CVE-2026-20865
HIGH
CVSS 7.8
Privilege escalation in Windows Management Services affects Windows 11 24H2, Windows Server 2022, and 2025 through a use-after-free memory vulnerability that allows authenticated local attackers to gain elevated system privileges. The vulnerability requires local access and manual user interaction is not required, making it exploitable by any authorized account on the system. Currently no patch is available to remediate this issue.
Windows
Use After Free
Windows 11 24h2
Windows Server 2025
Windows Server 2022
-
CVE-2026-20864
HIGH
CVSS 7.8
Windows Server and Windows 10/11 Connected Devices Platform Service (Cdpsvc) contains a heap buffer overflow that allows authenticated local users to escalate privileges to system level. The vulnerability requires low complexity exploitation with no user interaction, affecting multiple recent Windows versions including Server 2022, Windows 10 21h2, and Windows 11 23h2. No patch is currently available for this high-severity flaw.
Buffer Overflow
Heap Overflow
Windows Server 2022 23h2
Windows Server 2022
Windows 10 21h2
-
CVE-2026-20863
HIGH
CVSS 7.0
Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. [CVSS 7.0 HIGH]
Windows
Windows 11 24h2
Windows Server 2022
Windows 11 25h2
Windows Server 2022 23h2
-
CVE-2026-20861
HIGH
CVSS 7.8
Windows Management Services on Windows 10 and Windows Server 2022 contain a race condition in shared resource handling that permits authenticated local attackers to escalate privileges to system level. The vulnerability stems from improper synchronization during concurrent operations and affects multiple Windows versions including Windows 10 22H2 and 1809. No patch is currently available for this high-severity issue (CVSS 7.8).
Windows
Race Condition
Windows Server 2022
Windows 10 22h2
Windows 10 1809
-
CVE-2026-20860
HIGH
CVSS 7.8
Windows 10 1607 is affected by access of resource using incompatible type (type confusion) (CVSS 7.8).
Windows
Windows 10 21h2
Windows 11 25h2
Windows Server 2019
Windows Server 2022 23h2
-
CVE-2026-20859
HIGH
CVSS 7.8
Kernel-mode driver use-after-free vulnerabilities in Windows 11 24H2 and Windows Server 2025 enable authenticated local attackers to achieve privilege escalation. An attacker with standard user privileges can exploit memory corruption in kernel drivers to gain SYSTEM-level access without user interaction. No patch is currently available.
Linux
Windows
Use After Free
Windows 11 24h2
Windows Server 2025
-
CVE-2026-20858
HIGH
CVSS 7.8
Privilege escalation in Windows Management Services affects Windows 10, Windows 11, and Windows Server 2022 through a use-after-free memory vulnerability. An authenticated local attacker can exploit this flaw to gain elevated system privileges. Currently no patch is available and exploitation requires specific conditions to trigger.
Windows
Use After Free
Windows Server 2022 23h2
Windows 11 23h2
Windows 10 22h2
-
CVE-2026-20857
HIGH
CVSS 7.8
Windows Cloud Files Mini Filter Driver contains an unsafe pointer dereference vulnerability that enables authenticated local users to achieve privilege escalation on affected Windows versions including Windows 10 1809, Windows 11, and Windows Server 2022. An attacker with valid credentials can exploit this flaw to gain elevated system privileges without user interaction. No patch is currently available for this high-severity vulnerability.
Windows
Windows 10 1809
Windows Server 2022
Windows 11 23h2
Windows 11 24h2
-
CVE-2026-20856
HIGH
CVSS 8.1
Remote code execution in Windows Server Update Service affects Windows 11 25h2, Windows Server 2025, 2022, and 2016 due to inadequate input validation, enabling unauthenticated network-based attackers to execute arbitrary code with high impact. The vulnerability requires specific conditions to exploit (high complexity) but carries significant risk across widely-deployed server infrastructure with no patch currently available.
Windows
Windows Server 2025
Windows Server 2022
Windows Server 2016
Windows 11 25h2
-
CVE-2026-20854
HIGH
CVSS 7.5
Remote code execution in Windows LSASS (Local Security Authority Subsystem Service) on Windows 11 and Windows Server 2025 stems from a use-after-free memory vulnerability exploitable by authenticated attackers over the network. An attacker with valid credentials can trigger the flaw to execute arbitrary code with SYSTEM privileges, achieving complete system compromise. No patch is currently available, leaving affected systems vulnerable until Microsoft releases a security update.
Windows
Use After Free
Windows Server 2025
Windows 11 25h2
Windows 11 24h2
-
CVE-2026-20853
HIGH
CVSS 7.4
Windows WalletService contains a race condition that permits local privilege escalation on Windows 10 and Windows 11 systems. An unauthenticated attacker with local access can exploit improper synchronization of shared resources to gain elevated privileges. No patch is currently available for this vulnerability.
Windows
Race Condition
Windows 11 23h2
Windows 11 25h2
Windows 10 22h2
-
CVE-2026-20852
HIGH
CVSS 7.7
Windows Hello privilege escalation on Windows 10, 11, and Server 2019 allows local attackers without credentials to tamper with system integrity through incorrect privilege assignment. The vulnerability requires local access but no user interaction, enabling unauthorized modifications to protected resources. No patch is currently available for this HIGH severity issue affecting multiple Windows versions.
Windows
Windows 11 24h2
Windows 11 25h2
Windows Server 2019
Windows 10 21h2
-
CVE-2026-20849
HIGH
CVSS 7.5
Windows Kerberos authentication in multiple Windows versions accepts untrusted input during security decisions, enabling authenticated network attackers to escalate privileges without user interaction. The vulnerability affects Windows 10 (versions 1607 and 1809), Windows Server 2012, and Windows Server 2025, with no patch currently available. An attacker with valid credentials can exploit this to gain elevated system access across the network.
Windows
Windows Server 2025
Windows 10 1607
Windows Server 2012
Windows 10 1809
-
CVE-2026-20848
HIGH
CVSS 7.5
Privilege escalation via race condition in Windows SMB Server affects Windows 10 21h2, Windows 11 25h2, and Windows Server 2022 23h2, allowing authenticated attackers to gain elevated privileges over the network. The vulnerability stems from improper synchronization when handling concurrent access to shared resources, and no patch is currently available. With a CVSS score of 7.5, this poses a significant risk to organizations using affected Windows versions.
Windows
Race Condition
Windows 10 21h2
Windows 11 25h2
Windows Server 2022 23h2
-
CVE-2026-20844
HIGH
CVSS 7.4
Windows Clipboard Server contains a use-after-free vulnerability affecting Windows 10 (versions 21H2 and 1809) and Windows Server 2022 (23H2) that enables local privilege escalation without requiring user interaction. An attacker with local access can exploit this memory safety flaw to gain elevated system privileges. No patch is currently available for this vulnerability.
Windows
Use After Free
Windows 10 21h2
Windows 10 1809
Windows Server 2022 23h2
-
CVE-2026-20843
HIGH
CVSS 7.8
Local privilege escalation in Windows RRAS affects Windows 10, Windows 11, and Windows Server 2022, allowing authenticated users to gain system-level access through improper access control mechanisms. An attacker with local user credentials can exploit this vulnerability to obtain elevated privileges on the affected system. No patch is currently available, leaving vulnerable systems at risk until Microsoft releases a security update.
Windows
Windows 11 24h2
Windows 11 25h2
Windows Server 2022 23h2
Windows 10 21h2
-
CVE-2026-20842
HIGH
CVSS 7.0
Use after free in Windows DWM allows an authorized attacker to elevate privileges locally. [CVSS 7.0 HIGH]
Windows
Use After Free
Windows Server 2022 23h2
Windows 11 25h2
Windows Server 2025
-
CVE-2026-20840
HIGH
CVSS 7.8
Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally. [CVSS 7.8 HIGH]
Windows
Buffer Overflow
Heap Overflow
Windows 10 21h2
Windows Server 2019
-
CVE-2026-20837
HIGH
CVSS 7.8
Local code execution in Windows Media affects Windows 11 25h2, Windows Server 2019, and Windows Server 2025 through a heap buffer overflow that requires user interaction to trigger. An attacker with local access can exploit this vulnerability to achieve arbitrary code execution with full system privileges. No patch is currently available for this vulnerability.
Windows
Buffer Overflow
Heap Overflow
Windows Server 2025
Windows Server 2019
-
CVE-2026-20836
HIGH
CVSS 7.0
Privilege escalation in the Graphics Kernel on Windows 11 and Linux systems results from improper synchronization of concurrent access to shared resources, allowing authenticated local attackers to gain elevated privileges. The vulnerability requires specific timing conditions to exploit but impacts multiple Windows versions and Linux distributions. No patch is currently available for this race condition vulnerability.
Linux
Industrial
Race Condition
Windows 11 23h2
Windows 11 24h2
-
CVE-2026-20832
HIGH
CVSS 7.8
Privileged local attackers can exploit a use-after-free vulnerability in the Windows RPC IDL subsystem to gain system-level code execution on affected Windows 10, Windows 11, Windows Server 2016, and Windows Server 2022 systems. The vulnerability requires local access and valid credentials but allows complete compromise of the target system with no user interaction required. No patch is currently available, leaving vulnerable systems at risk.
Windows
Windows 11 23h2
Windows Server 2022 23h2
Windows 10 22h2
Windows Server 2016
-
CVE-2026-20831
HIGH
CVSS 7.8
Windows Ancillary Function Driver for WinSock contains a race condition that enables local privilege escalation on affected Windows systems including Server 2008, Server 2019, and Windows 10 22H2. An authenticated attacker can exploit this timing vulnerability to gain elevated privileges with high impact to confidentiality, integrity, and availability. No patch is currently available for this vulnerability.
Windows
Race Condition
Windows Server 2008
Windows Server 2019
Windows 10 22h2
-
CVE-2026-20830
HIGH
CVSS 7.0
Privilege escalation in Windows Server 2025 Capability Access Management Service stems from improper synchronization of shared resources, enabling authenticated local users to gain elevated privileges. The race condition requires specific timing conditions but no patch is currently available, leaving affected systems vulnerable to privilege escalation attacks by authorized local users.
Race Condition
Windows Server 2025
Microsoft
-
CVE-2026-20826
HIGH
CVSS 7.8
Privilege escalation in Windows Tablet UI (TWINUI) subsystem on Windows 10, Windows Server 2022, and Windows Server 2025 stems from improper synchronization of shared resources, enabling authenticated local attackers to gain elevated privileges. The race condition vulnerability affects multiple Windows versions and currently has no available patch.
Windows
Race Condition
Windows Server 2022 23h2
Windows Server 2025
Windows 10 21h2
-
CVE-2026-20822
HIGH
CVSS 7.8
Privilege escalation in Microsoft Graphics Component on Windows 11 25h2 and Windows Server 2019 exploits a use-after-free condition, enabling authenticated local attackers to gain elevated system privileges. The vulnerability requires moderate complexity to exploit and affects confidentiality, integrity, and availability of affected systems. No patch is currently available.
Microsoft
Industrial
Use After Free
Windows 11 25h2
Windows Server 2019
-
CVE-2026-20820
HIGH
CVSS 7.8
Heap buffer overflow in Windows Common Log File System Driver (affecting Windows 10 1607, Server 2016, and Server 2022 23h2) enables authenticated local users to achieve complete system compromise through privilege escalation. The vulnerability requires valid credentials but no user interaction, making it a direct path to administrative control for insiders or attackers with initial access. No patch is currently available, leaving affected systems at elevated risk pending remediation.
Windows
Buffer Overflow
Heap Overflow
Windows Server 2016
Windows Server 2022 23h2
-
CVE-2026-20817
HIGH
CVSS 7.8
Windows Error Reporting on Windows 10, Windows 11, and Windows Server 2022 fails to properly validate user privileges, enabling local authenticated users to escalate to system-level access. An attacker with valid credentials can exploit this permission handling flaw to gain full control over the affected system. Currently no patch is available for this high-severity vulnerability (CVSS 7.8).
Windows
Windows 11 23h2
Windows Server 2022 23h2
Windows 10 22h2
Windows Server 2022
-
CVE-2026-20816
HIGH
CVSS 7.8
Windows Installer contains a time-of-check time-of-use race condition that allows authenticated local attackers to escalate privileges on Windows 10 1809, Windows 11 25h2, and Windows Server 2022 23h2. An attacker with local access can exploit the window between permission validation and file operation execution to gain elevated system access. No patch is currently available for this vulnerability.
Windows
Race Condition
Windows 11 25h2
Windows 10 1809
Windows Server 2022 23h2
-
CVE-2026-20815
HIGH
CVSS 7.0
Privilege escalation in Windows 11 and Windows Server 2025 Capability Access Management Service stems from improper synchronization of shared resources, enabling a local authenticated attacker to gain elevated privileges. The vulnerability exploits a race condition that can be triggered without user interaction, though successful exploitation requires specific timing and system conditions. No patch is currently available for this high-severity issue.
Race Condition
Windows 11 25h2
Windows 11 24h2
Windows Server 2025
Microsoft
-
CVE-2026-20814
HIGH
CVSS 7.0
Privilege escalation in the Graphics Kernel affects Linux, Windows Server 2016, and Windows 10 1607 through a race condition in shared resource synchronization. A local authenticated attacker can exploit this vulnerability to gain elevated privileges on the affected system. No patch is currently available for this vulnerability.
Linux
Industrial
Race Condition
Windows Server 2016
Windows 10 1607
-
CVE-2026-20811
HIGH
CVSS 7.8
Local privilege escalation in Windows Win32K (ICOMP) via type confusion allows authenticated users to gain system-level access on Windows 11 and Windows Server 2025. The vulnerability affects multiple recent Windows versions with no available patch, requiring immediate mitigation strategies for at-risk environments. Exploitation requires local access but no user interaction, making it a significant risk for multi-user systems.
Windows
Windows Server 2025
Windows 11 23h2
Windows Server 2022 23h2
Windows 11 24h2
-
CVE-2026-20810
HIGH
CVSS 7.8
The Windows Ancillary Function Driver for WinSock contains an improper memory deallocation vulnerability (CWE-590) that allows authenticated local attackers to achieve privilege escalation on affected Windows 10 and Windows Server 2019 systems. An attacker with local user privileges can exploit this flaw to gain SYSTEM-level access without user interaction. No patch is currently available for this vulnerability.
Windows
Windows Server 2019
Windows 10 21h2
Windows 10 22h2
Windows 10 1809
-
CVE-2026-20809
HIGH
CVSS 7.8
Privilege escalation in Windows Kernel Memory affects Windows 10 21h2 and Windows Server 2022 23h2, exploitable by local authenticated users through a race condition between permission checks and memory access. An attacker with local access can leverage this window to gain elevated system privileges. No patch is currently available.
Linux
Windows
Race Condition
Windows Server 2022 23h2
Windows 10 21h2
-
CVE-2026-20808
HIGH
CVSS 7.0
Privilege escalation in Windows Printer Association Object affects Windows 11 and Windows Server 2022/2025 through a race condition in shared resource access. An authenticated local attacker can exploit improper synchronization to gain elevated system privileges. No patch is currently available for this vulnerability.
Race Condition
Windows Server 2025
Windows 11 25h2
Windows 11 24h2
Windows Server 2022 23h2
-
CVE-2026-20804
HIGH
CVSS 7.7
Windows Hello privilege elevation flaw in Windows 10 21h2, Windows Server 2019, 2022, and 2022 23h2 enables local attackers to modify system data without authorization. The vulnerability stems from improper privilege assignment that bypasses access controls, allowing an unauthenticated attacker with local access to tamper with protected resources. Currently no patch is available and exploitation requires only local access with no special conditions or user interaction.
Windows
Windows Server 2022 23h2
Windows Server 2022
Windows 10 21h2
Windows Server 2019
-
CVE-2026-20803
HIGH
CVSS 7.2
Privilege escalation in SQL Server 2022 and 2025 stems from insufficient authentication controls on critical functions, enabling authenticated network attackers to gain elevated privileges. The vulnerability affects administrators and authenticated users with network access to affected SQL Server instances. No patch is currently available, and exploitation requires high privileges but no user interaction.
Mssql
Sql Server 2022
Sql Server 2025
-
CVE-2026-0891
HIGH
CVSS 8.1
Arbitrary code execution in Firefox and Thunderbird versions prior to 147/140.7 results from memory corruption vulnerabilities that could allow remote attackers to execute malicious code with no user interaction required. Multiple memory safety flaws across Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146, and Thunderbird 146 create conditions for potential exploitation despite no patch currently being available. The high CVSS score of 8.1 reflects the critical nature of achieving full system compromise through network-based attack vectors.
Memory Corruption
Thunderbird
Firefox
Redhat
Suse
-
CVE-2026-0889
HIGH
CVSS 7.5
Service Workers in Mozilla Firefox and Thunderbird versions below 147 are vulnerable to remote denial-of-service attacks that require no user interaction or authentication. An unauthenticated attacker can crash affected applications over the network, and public exploit code exists for this vulnerability. Currently no patch is available for remediation.
Mozilla
Denial Of Service
Firefox
Thunderbird
Redhat
-
CVE-2026-0882
HIGH
CVSS 8.8
A use-after-free vulnerability in the IPC component of Firefox (versions below 147 and ESR versions below 115.32/140.7) and Thunderbird (versions below 147 and 140.7) enables remote code execution when users interact with malicious content. The flaw requires user interaction and network access, allowing attackers to achieve full system compromise with high integrity and confidentiality impact. No patch is currently available for this vulnerability.
Use After Free
Thunderbird
Firefox
Redhat
Suse
-
CVE-2026-0880
HIGH
CVSS 8.8
Integer overflow in Firefox and Thunderbird's Graphics component enables sandbox escape, allowing remote attackers to execute arbitrary code with high privileges through a malicious webpage or content requiring user interaction. Affected versions include Firefox below 147, Firefox ESR below 115.32 and 140.7, and Thunderbird below 147 and 140.7. No patch is currently available.
Industrial
Integer Overflow
Thunderbird
Firefox
Redhat
-
CVE-2026-0878
HIGH
CVSS 8.0
Incorrect boundary condition validation in Firefox and Thunderbird's WebGL graphics component allows attackers to escape the sandbox and potentially execute arbitrary code through a crafted web page or malicious content. The vulnerability affects Firefox versions below 147, Firefox ESR below 140.7, Thunderbird below 147, and Thunderbird ESR below 140.7, and requires user interaction to exploit. No patch is currently available.
Mozilla
Code Injection
Firefox
Thunderbird
Redhat
-
CVE-2026-0877
HIGH
CVSS 8.1
DOM security bypass in Firefox and Thunderbird allows remote attackers to circumvent protective mitigations through user interaction, affecting multiple versions across both products. An attacker can exploit this to achieve high-impact compromise of confidentiality and integrity without requiring authentication. Currently no patch is available for affected users.
Mozilla
Authentication Bypass
Thunderbird
Firefox
Redhat
-
CVE-2026-0859
HIGH
CVSS 7.8
Arbitrary PHP code execution in TYPO3 CMS versions 10.0.0 through 14.0.1 through unsafe deserialization of mail spool files, allowing local attackers with write access to the spool directory to execute malicious code when the mailer:spool:send command is executed. Affected versions span multiple release lines including 10.x, 11.x, 12.x, 13.x, and 14.x, requiring immediate patching to prevent web server compromise.
Typo3
PHP
Deserialization
-
CVE-2026-0511
HIGH
CVSS 8.1
SAP Fiori App Intercompany Balance Reconciliation fails to enforce proper authorization controls, allowing authenticated users to escalate privileges and access or modify sensitive data they should not have permission to view. An attacker with valid credentials can exploit missing access checks to compromise the confidentiality and integrity of financial reconciliation data. No patch is currently available for this vulnerability.
Sap
Privilege Escalation
-
CVE-2026-0507
HIGH
CVSS 8.4
SAP Application Server for ABAP and NetWeaver RFCSDK contain an OS command injection vulnerability that allows authenticated administrators with adjacent network access to execute arbitrary system commands by uploading malicious content. Successful exploitation results in complete system compromise affecting confidentiality, integrity, and availability. No patch is currently available.
Sap
Command Injection
-
CVE-2026-0506
HIGH
CVSS 8.1
Netweaver Application Server Abap versions up to 700 is affected by missing authorization (CVSS 8.1).
Authentication Bypass
Netweaver Application Server Abap
-
CVE-2026-0492
HIGH
CVSS 8.8
Hana Database versions up to 2.00 is affected by missing authentication for critical function (CVSS 8.8).
Sap
Privilege Escalation
Hana Database
-
CVE-2026-0408
HIGH
CVSS 8.0
NETGEAR WiFi extenders (Ex5000, Ex6110, Ex2800, Ex3110) with improper path traversal validation allow authenticated LAN users to access the webproc configuration file and extract stored router credentials. An attacker with local network access can leverage this to obtain administrative credentials for further network compromise. A patch is available.
Netgear
Path Traversal
Ex5000 Firmware
Ex6110 Firmware
Ex2800 Firmware
-
CVE-2026-0407
HIGH
CVSS 8.0
NETGEAR WiFi extenders (Ex3110, Ex6110, Ex5000, Ex2800) contain an authentication bypass vulnerability that allows network-adjacent attackers with WiFi access or physical Ethernet connectivity to gain unauthorized admin panel access. An attacker can exploit insufficient authentication validation to fully compromise the device's confidentiality, integrity, and availability. A patch is available for affected firmware versions.
Netgear
Ex3110 Firmware
Ex6110 Firmware
Ex5000 Firmware
Ex2800 Firmware
-
CVE-2026-0406
HIGH
CVSS 8.0
NETGEAR XR1000v2 routers are vulnerable to OS command injection through inadequate input validation, enabling attackers with LAN access to execute arbitrary commands with elevated privileges. The vulnerability affects authenticated users on the local network and could allow complete router compromise including data interception and network manipulation. A patch is available.
Netgear
Command Injection
Xr1000v2 Firmware
-
CVE-2026-0405
HIGH
CVSS 7.8
Unauthenticated administrative access in NETGEAR Orbi routers (CBR750, NBR750, RBE370, RBE371) allows local network attackers to bypass authentication and gain full admin control of the web interface. This high-severity vulnerability (CVSS 7.8) impacts all users on networks connected to affected devices, enabling attackers to modify router settings, potentially compromising network security and connected devices. A patch is available.
Netgear
Authentication Bypass
Rbs750 Firmware
Rbe970 Firmware
Rbr850 Firmware
-
CVE-2026-0404
HIGH
CVSS 8.0
Authenticated attackers on the same network can execute arbitrary OS commands on NETGEAR Orbi routers (RBS860, RBR850, RBSE950) through improper validation of DHCPv6 input. The vulnerability requires local or WiFi network access but no user interaction, giving attackers full system compromise capabilities on affected devices. A patch is available for this high-severity flaw.
Netgear
Command Injection
Rbs860 Firmware
Rbr850 Firmware
Rbse950 Firmware
-
CVE-2026-0403
HIGH
CVSS 8.0
NETGEAR Orbi routers (RBS850, RBE970, RBS750) are vulnerable to OS command injection through inadequate input validation, enabling attackers on the local network to execute arbitrary commands with elevated privileges. The vulnerability requires LAN access and low privileges but provides complete system compromise through high-impact code execution capabilities. A patch is available for affected firmware versions.
Netgear
Command Injection
Rbs850 Firmware
Rbe970 Firmware
Rbs750 Firmware
-
CVE-2026-0386
HIGH
CVSS 7.5
Windows Deployment Services contains improper access control that enables unauthenticated attackers on an adjacent network to execute arbitrary code with high privileges on affected Windows and Windows Server systems. The vulnerability affects multiple Windows versions including Server 2012, 2019, and 2022 variants, with no patch currently available. An adjacent network attacker requires only network proximity to exploit this vulnerability, making lateral movement within networked environments a significant risk.
Windows
Windows Server 2019
Windows Server 2022 23h2
Windows Server 2012
Windows Server 2022
-
CVE-2025-71101
HIGH
CVSS 7.1
In the Linux kernel, the following vulnerability has been resolved:
platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing
The hp_populate_*_elements_from_package() functions in the hp-bioscfg
driver contain out-of-bounds array access vulnerabilities.
Linux
Hp
Buffer Overflow
Information Disclosure
Linux Kernel
-
CVE-2025-71100
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved:
wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc()
TID getting from ieee80211_get_tid() might be out of range of array size
of sta_entry->tids[], so check TID is less than MAX_TID_COUNT.
Linux
Buffer Overflow
Linux Kernel
Redhat
Suse
-
CVE-2025-71099
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/oa: Fix potential UAF in xe_oa_add_config_ioctl()
In xe_oa_add_config_ioctl(), we accessed oa_config->id after dropping
metrics_lock.
Linux
Use After Free
Information Disclosure
Memory Corruption
Linux Kernel
-
CVE-2025-71093
HIGH
CVSS 7.1
In the Linux kernel, the following vulnerability has been resolved:
e1000: fix OOB in e1000_tbi_should_accept()
In e1000_tbi_should_accept() we read the last byte of the frame via
'data[length - 1]' to evaluate the TBI workaround.
Linux
Information Disclosure
Buffer Overflow
Linux Kernel
Redhat
-
CVE-2025-71092
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved:
RDMA/bnxt_re: Fix OOB write in bnxt_re_copy_err_stats()
Commit ef56081d1864 ("RDMA/bnxt_re: RoCE related hardware counters
update") added three new counters and placed them after
BNXT_RE_OUT_OF_SEQ_ERR.
Linux
Buffer Overflow
Memory Corruption
Linux Kernel
Redhat
-
CVE-2025-71091
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved:
team: fix check for port enabled in team_queue_override_port_prio_changed()
There has been a syzkaller bug reported recently with the following
trace:
list_del corruption, ffff888058bea080->prev is LIST_POISON2 (dead000000000122)
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:59!
Linux
Debian
Information Disclosure
Linux Kernel
Redhat
-
CVE-2025-71089
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved:
iommu: disable SVA when CONFIG_X86 is set
Patch series "Fix stale IOTLB entries for kernel address space", v7. This proposes a fix for a security vulnerability related to IOMMU Shared
Virtual Addressing (SVA). [CVSS 7.8 HIGH]
Linux
Privilege Escalation
Redhat
Suse
-
CVE-2025-71086
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved:
net: rose: fix invalid array index in rose_kill_by_device()
rose_kill_by_device() collects sockets into a local array[] and then
iterates over them to disconnect sockets bound to a device being brought
down.
Linux
Buffer Overflow
Linux Kernel
Redhat
Suse
-
CVE-2025-71082
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: btusb: revert use of devm_kzalloc in btusb
This reverts commit 98921dbd00c4e ("Bluetooth: Use devm_kzalloc in
btusb.c file"). In btusb_probe(), we use devm_kzalloc() to allocate the btusb data.
Linux
Information Disclosure
Linux Kernel
Redhat
Suse
-
CVE-2025-71078
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved:
powerpc/64s/slb: Fix SLB multihit issue during SLB preload
On systems using the hash MMU, there is a software SLB preload cache that
mirrors the entries loaded into the hardware SLB buffer.
Linux
Information Disclosure
Linux Kernel
Redhat
Suse
-
CVE-2025-71075
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved:
scsi: aic94xx: fix use-after-free in device removal path
The asd_pci_remove() function fails to synchronize with pending tasklets
before freeing the asd_ha structure, leading to a potential
use-after-free vulnerability.
Linux
Use After Free
Memory Corruption
Information Disclosure
Linux Kernel
-
CVE-2025-71073
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved:
Input: lkkbd - disable pending work before freeing device
lkkbd_interrupt() schedules lk->tq via schedule_work(), and the work
handler lkkbd_reinit() dereferences the lkkbd structure and its
serio/input_dev fields.
Linux
Use After Free
Information Disclosure
Memory Corruption
Linux Kernel
-
CVE-2025-71071
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved:
iommu/mediatek: fix use-after-free on probe deferral
The driver is dropping the references taken to the larb devices during
probe after successful lookup as well as on errors.
Linux
Use After Free
Mediatek
Memory Corruption
Information Disclosure
-
CVE-2025-71068
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved:
svcrdma: bound check rq_pages index in inline path
svc_rdma_copy_inline_range indexed rqstp->rq_pages[rc_curpage] without
verifying rc_curpage stays within the allocated page array.
Linux
Information Disclosure
Redhat
Suse
-
CVE-2025-71027
HIGH
CVSS 7.5
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanMTU2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Stack Overflow
Denial Of Service
Ax3 Firmware
Tenda
-
CVE-2025-71026
HIGH
CVSS 7.5
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanSpeed2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Stack Overflow
Denial Of Service
Ax3 Firmware
Tenda
-
CVE-2025-71025
HIGH
CVSS 7.5
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the cloneType2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Stack Overflow
Denial Of Service
Ax3 Firmware
Tenda
-
CVE-2025-71024
HIGH
CVSS 7.5
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the serviceName2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Stack Overflow
Denial Of Service
Ax3 Firmware
Tenda
-
CVE-2025-71023
HIGH
CVSS 7.5
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the mac2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Stack Overflow
Denial Of Service
Ax3 Firmware
Tenda
-
CVE-2025-70753
HIGH
CVSS 7.5
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security_5g parameter of the sub_4CA50 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Stack Overflow
Denial Of Service
Ax1806 Firmware
Tenda
-
CVE-2025-68931
HIGH
CVSS 7.5
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation. [CVSS 7.5 HIGH]
Jenkins
Jervis
-
CVE-2025-68817
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency
Under high concurrency, A tree-connection object (tcon) is freed on
a disconnect path while another path still holds a reference and later
executes *_put()/write on it. [CVSS 7.8 HIGH]
Linux
Use After Free
Linux Kernel
Redhat
Suse
-
CVE-2025-68707
HIGH
CVSS 8.8
Tongyu Ax1800 Firmware versions up to 1.0.0 contains a vulnerability that allows attackers to full compromise of the device (i (CVSS 8.8).
Authentication Bypass
Tongyu Ax1800 Firmware
-
CVE-2025-68704
HIGH
CVSS 7.5
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random() which is not cryptographically secure for timing attack mitigation. [CVSS 7.5 HIGH]
Java
Jenkins
Jervis
-
CVE-2025-68703
HIGH
CVSS 7.5
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the salt is derived from sha256Sum(passphrase). [CVSS 7.5 HIGH]
Jenkins
Jervis
-
CVE-2025-68702
HIGH
CVSS 7.5
Jervis versions up to 2.2 is affected by use of a broken or risky cryptographic algorithm (CVSS 7.5).
Jenkins
Jervis
-
CVE-2025-68701
HIGH
CVSS 7.5
Jervis versions up to 2.2 is affected by use of a broken or risky cryptographic algorithm (CVSS 7.5).
Jenkins
Jervis
-
CVE-2025-68698
HIGH
CVSS 7.5
Jervis versions up to 2.2 is affected by use of a broken or risky cryptographic algorithm (CVSS 7.5).
Jenkins
Jervis
-
CVE-2025-66698
HIGH
CVSS 8.6
An issue in Semantic machines v5.4.8 allows attackers to bypass authentication via sending a crafted HTTP request to various API endpoints. [CVSS 8.6 HIGH]
Authentication Bypass
Veda
-
CVE-2025-66177
HIGH
CVSS 8.8
There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision NVR/DVR/CVR/IPC models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device. [CVSS 8.8 HIGH]
Hikvision
Stack Overflow
-
CVE-2025-66176
HIGH
CVSS 8.8
There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision Access Control Products. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device. [CVSS 8.8 HIGH]
Hikvision
Stack Overflow
Buffer Overflow
Ds K5671 Firmware
Ds K1t6qt F43 Firmware
-
CVE-2025-59922
HIGH
CVSS 7.2
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.4, FortiClientEMS 7.4.0 through 7.4.1, FortiClientEMS 7.2.0 through 7.2.10, FortiClientEMS 7.0 all versions may allow an authenticated attacker with at least read-only admin permission to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests. [CVSS 7.2 HIGH]
Fortinet
SQLi
Forticlientems
-
CVE-2025-59022
HIGH
CVSS 8.1
Backend users who had access to the recycler module could delete arbitrary data from any database table defined in the TCA - regardless of whether they had permission to that particular table. [CVSS 8.1 HIGH]
Typo3
-
CVE-2025-58411
HIGH
CVSS 8.8
Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of resources reference counting creating a potential use after free scenario. [CVSS 8.8 HIGH]
Use After Free
Ddk
-
CVE-2025-46685
HIGH
CVSS 7.5
Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. [CVSS 7.5 HIGH]
Information Disclosure
Dell
Supportassist Os Recovery
-
CVE-2025-41717
HIGH
CVSS 8.8
An unauthenticated remote attacker can trick a high privileged user into uploading a malicious payload via the config-upload endpoint, leading to code injection as root. [CVSS 8.8 HIGH]
Code Injection
-
CVE-2025-40944
HIGH
CVSS 7.5
A vulnerability has been identified in SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0) (All versions), SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0) (All versions >= V4.2.0), SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0) (All versions), SIMATIC ET 200SP IM 155-6 PN HA (incl. [CVSS 7.5 HIGH]
Denial Of Service
-
CVE-2025-40942
HIGH
CVSS 8.8
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.4). Affected application contains a local privilege escalation vulnerability that could allow an attacker to run arbitrary code with elevated privileges. [CVSS 8.8 HIGH]
Privilege Escalation
Telecontrol Server Basic
-
CVE-2025-37186
HIGH
CVSS 7.8
A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking Virtual Intranet Access (VIA) client. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution with root privileges. [CVSS 7.8 HIGH]
Privilege Escalation
RCE
-
CVE-2025-37175
HIGH
CVSS 7.2
Arbitrary file upload vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. [CVSS 7.2 HIGH]
File Upload
RCE
Arubaos
-
CVE-2025-37174
HIGH
CVSS 7.2
Arubaos contains a vulnerability that allows attackers to an authenticated malicious actor to create or modify arbitrary files and execute (CVSS 7.2).
RCE
Arubaos
-
CVE-2025-37173
HIGH
CVSS 7.2
An improper input handling vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. [CVSS 7.2 HIGH]
Code Injection
Arubaos
-
CVE-2025-37172
HIGH
CVSS 7.2
Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. [CVSS 7.2 HIGH]
Command Injection
Arubaos
-
CVE-2025-37171
HIGH
CVSS 7.2
Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. [CVSS 7.2 HIGH]
Command Injection
Arubaos
-
CVE-2025-37170
HIGH
CVSS 7.2
Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. [CVSS 7.2 HIGH]
Command Injection
Arubaos
-
CVE-2025-37169
HIGH
CVSS 7.2
A stack overflow vulnerability exists in the AOS-10 web-based management interface of a Mobility Gateway. Successful exploitation could allow an authenticated malicious actor to execute arbitrary code as a privileged user on the underlying operating system. [CVSS 7.2 HIGH]
Stack Overflow
Arubaos
-
CVE-2025-37168
HIGH
CVSS 8.2
Arbitrary file deletion vulnerability have been identified in a system function of mobility conductors running AOS-8 operating system. [CVSS 8.2 HIGH]
Path Traversal
Information Disclosure
Arubaos
-
CVE-2025-37166
HIGH
CVSS 7.5
A vulnerability affecting HPE Networking Instant On Access Points has been identified where a device processing a specially crafted packet could enter a non-responsive state, in some cases requiring a hard reset to re-establish services. [CVSS 7.5 HIGH]
Denial Of Service
-
CVE-2025-37165
HIGH
CVSS 7.5
router mode configuration of HPE Instant On Access Points exposed certain network configuration details to unintended interfaces. A malicious actor is affected by information exposure (CVSS 7.5).
Hp
Information Disclosure
-
CVE-2025-36640
HIGH
CVSS 8.8
A vulnerability has been identified in the installation/uninstallation of the Nessus Agent Tray App on Windows Hosts which could lead to escalation of privileges. [CVSS 8.8 HIGH]
Windows
Privilege Escalation
-
CVE-2025-25652
HIGH
CVSS 7.5
In Eptura Archibus 2024.03.01.109, the "Run script" and "Server File" components of the "Database Update Wizard" are vulnerable to directory traversal. [CVSS 7.5 HIGH]
Path Traversal
Archibus
-
CVE-2025-25249
HIGH
CVSS 8.1
A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4 all versions, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows attacker to execute unauthorized code or commands via specially crafted packets [CVSS 8.1 HIGH]
Fortinet
Fortigate
Buffer Overflow
Heap Overflow
Fortisase
-
CVE-2025-13774
HIGH
CVSS 8.8
A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.4 and 13.0.1 where an SQL injection vulnerability allows authenticated users to execute unintended SQL queries and commands. [CVSS 8.8 HIGH]
SQLi
Flowmon Anomaly Detection System
-
CVE-2025-13447
HIGH
CVSS 8.4
OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters [CVSS 8.4 HIGH]
RCE
Command Injection
Multi Tenant Hypervisor
Loadmaster
Moveit Waf
-
CVE-2025-13444
HIGH
CVSS 8.4
OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters [CVSS 8.4 HIGH]
RCE
Command Injection
Ecs Connection Manager
Moveit Waf
Connection Manager For Objectscale
-
CVE-2025-11669
HIGH
CVSS 8.1
Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality. [CVSS 8.1 HIGH]
Authentication Bypass
Manageengine Access Manager Plus
Manageengine Password Manager Pro
Manageengine Pam360
-
CVE-2025-10865
HIGH
CVSS 7.8
Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of reference counting to cause a potential use after free. Improper reference counting on an internal resource caused scenario where potential for use after free was present. [CVSS 7.8 HIGH]
Use After Free
Ddk
-
CVE-2023-54340
HIGH
CVSS 8.2
WorkOrder CMS 0.1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login by manipulating username and password parameters. [CVSS 8.2 HIGH]
SQLi
-
CVE-2023-54338
HIGH
CVSS 8.4
Tftpd32 SE 4.60 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. [CVSS 8.4 HIGH]
RCE
-
CVE-2023-54336
HIGH
CVSS 8.4
servermedicontservice contains a vulnerability that allows attackers to potentially execute code with elevated privileges (CVSS 8.4).
Code Injection
-
CVE-2023-54333
HIGH
CVSS 8.2
Social-Share-Buttons 2.2.3 contains a critical SQL injection vulnerability in the project_id parameter that allows attackers to manipulate database queries. [CVSS 8.2 HIGH]
SQLi
-
CVE-2023-54331
HIGH
CVSS 7.8
Outline versions up to - contains a vulnerability that allows attackers to potentially execute arbitrary code with elevated system privileges (CVSS 7.8).
RCE
Outline
-
CVE-2023-53984
HIGH
CVSS 8.4
Clevo HotKey Clipboard 2.1.0.6 contains an unquoted service path vulnerability in the HKClipSvc service that allows local non-privileged users to potentially execute code with system privileges. [CVSS 8.4 HIGH]
RCE
-
CVE-2022-50939
HIGH
CVSS 7.2
e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated administrators to override arbitrary server files through path traversal. [CVSS 7.2 HIGH]
PHP
Path Traversal
E107
-
CVE-2022-50938
HIGH
CVSS 8.4
CONTPAQi AdminPAQ 14.0.0 contains an unquoted service path vulnerability in the AppKeyLicenseServer service running with LocalSystem privileges. [CVSS 8.4 HIGH]
RCE
-
CVE-2022-50936
HIGH
CVSS 8.8
Wbce Cms versions up to 1.5.2 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).
PHP
RCE
Wbce Cms
-
CVE-2022-50933
HIGH
CVSS 7.8
Cain \& Abel versions up to 4.9.56 contains a vulnerability that allows attackers to potentially execute arbitrary code with elevated privileges (CVSS 7.8).
RCE
-
CVE-2022-50932
HIGH
CVSS 7.5
Kyocera Command Center RX ECOSYS M2035dn contains a directory traversal vulnerability that allows unauthenticated attackers to read sensitive system files by manipulating file paths under the /js/ path. [CVSS 7.5 HIGH]
Path Traversal
Command Center Rx
-
CVE-2022-50931
HIGH
CVSS 7.8
Teamspeak versions up to 3.5.6 is affected by incorrect permission assignment for critical resource (CVSS 7.8).
Privilege Escalation
Teamspeak
-
CVE-2022-50930
HIGH
CVSS 8.4
TrapiServer service contains a vulnerability that allows attackers to potentially execute code with elevated privileges (CVSS 8.4).
Code Injection
-
CVE-2022-50929
HIGH
CVSS 8.4
its ConnectifyService executable contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 8.4).
RCE
-
CVE-2022-50928
HIGH
CVSS 7.8
Bluesoleilcs versions up to 5.4.277 contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).
Windows
Bluesoleilcs
-
CVE-2022-50924
HIGH
CVSS 8.4
Private Internet Access 3.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. [CVSS 8.4 HIGH]
RCE
-
CVE-2022-50923
HIGH
CVSS 7.8
Cobian Backup versions up to 0.9.93 contains a vulnerability that allows attackers to execute arbitrary code with elevated system privileges (CVSS 7.8).
RCE
Cobian Backup
-
CVE-2022-50921
HIGH
CVSS 7.8
Wow21 versions up to 5.0.1.9 contains a vulnerability that allows attackers to potentially execute arbitrary code with elevated system privileges (CVSS 7.8).
RCE
Wow21
-
CVE-2022-50920
HIGH
CVSS 8.4
SbieSvc Windows service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 8.4).
Windows
-
CVE-2022-50918
HIGH
CVSS 8.4
VIVE Runtime Service 1.0.0.4 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. [CVSS 8.4 HIGH]
RCE
-
CVE-2022-50917
HIGH
CVSS 7.8
Protonvpn versions up to 1.26.0 contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).
Wireguard
Protonvpn
-
CVE-2022-50916
HIGH
CVSS 7.2
e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrators to override server files through the Media Manager import functionality. [CVSS 7.2 HIGH]
PHP
E107
-
CVE-2022-50915
HIGH
CVSS 7.8
Ptpublisher versions up to 2.3.4 contains a vulnerability that allows attackers to potentially execute arbitrary code with elevated privileges (CVSS 7.8).
RCE
Ptpublisher
-
CVE-2022-50914
HIGH
CVSS 8.4
EaseUS Data Recovery 15.1.0.0 contains an unquoted service path vulnerability in the EaseUS UPDATE SERVICE executable. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges. [CVSS 8.4 HIGH]
Code Injection
-
CVE-2022-50913
HIGH
CVSS 8.4
ITeC ITeCProteccioAppServer contains an unquoted service path vulnerability that allows local attackers to execute code with elevated system privileges. Attackers can insert a malicious executable in the service path to gain elevated access during service restart or system reboot. [CVSS 8.4 HIGH]
Information Disclosure
-
CVE-2022-50909
HIGH
CVSS 8.8
Algo 8028 Control Panel version 3.3.3 contains a command injection vulnerability in the fm-data.lua endpoint that allows authenticated attackers to execute arbitrary commands. [CVSS 8.8 HIGH]
Golang
RCE
Command Injection
-
CVE-2022-50908
HIGH
CVSS 7.2
Mailhog 1.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through email attachments. Attackers can send crafted emails with XSS payloads to execute arbitrary API calls, including message deletion and browser manipulation. [CVSS 7.2 HIGH]
XSS
-
CVE-2022-50907
HIGH
CVSS 7.2
e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrative users to bypass upload restrictions and execute PHP files. [CVSS 7.2 HIGH]
PHP
RCE
E107
-
CVE-2022-50904
HIGH
CVSS 8.4
Wondershare UBackit 2.0.5 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. [CVSS 8.4 HIGH]
RCE
-
CVE-2022-50903
HIGH
CVSS 8.4
Mobiletrans versions up to 3.5.9 contains a vulnerability that allows attackers to potentially execute code with elevated system privileges (CVSS 8.4).
Information Disclosure
Mobiletrans
-
CVE-2022-50902
HIGH
CVSS 8.4
FSService contains a vulnerability that allows attackers to potentially execute code with elevated privileges (CVSS 8.4).
Code Injection
-
CVE-2022-50901
HIGH
CVSS 8.4
Dr.Fone versions up to 11.4.9 contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 8.4).
RCE
Dr.Fone
-
CVE-2022-50900
HIGH
CVSS 8.4
Dr.Fone versions up to 12.0.18 contains a vulnerability that allows attackers to execute arbitrary code with elevated system privileges (CVSS 8.4).
RCE
Dr.Fone
-
CVE-2022-50898
HIGH
CVSS 8.8
Nanocms versions up to 0.4 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).
PHP
RCE
Nanocms
-
CVE-2022-50892
HIGH
CVSS 8.2
VIAVIWEB Wallpaper Admin 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating login credentials. Attackers can exploit the login page by injecting 'admin' or 1=1-- - payload to gain unauthorized access to the administrative interface. [CVSS 8.2 HIGH]
SQLi
Authentication Bypass
Wallpaper Admin
-
CVE-2022-50890
HIGH
CVSS 7.5
Owlfiles File Manager 12.0.1 contains a path traversal vulnerability in its built-in HTTP server that allows attackers to access system directories. [CVSS 7.5 HIGH]
Path Traversal
Owlfiles
-
CVE-2022-50808
HIGH
CVSS 8.4
CoolerMaster MasterPlus 1.8.5 contains an unquoted service path vulnerability in the MPService that allows local attackers to execute code with elevated system privileges. [CVSS 8.4 HIGH]
Privilege Escalation
RCE
-
CVE-2022-50806
HIGH
CVSS 7.2
4images 1.9 contains a remote command execution vulnerability that allows authenticated administrators to inject reverse shell code through template editing functionality. [CVSS 7.2 HIGH]
PHP
4images
-
CVE-2022-50805
HIGH
CVSS 8.2
Senayan Library Management System 9.0.0 contains a SQL injection vulnerability in the 'class' parameter that allows attackers to inject malicious SQL queries. [CVSS 8.2 HIGH]
SQLi
-
CVE-2022-50693
HIGH
CVSS 8.4
Splashtop Software Updater Service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 8.4).
RCE
-
CVE-2021-47751
HIGH
CVSS 7.5
CuteEditor for PHP (now referred to as Rich Text Editor) 6.6 contains a directory traversal vulnerability in the browse template feature that allows attackers to write files to arbitrary web root directories. [CVSS 7.5 HIGH]
PHP
Path Traversal
Rich Text Editor
-
CVE-2026-22809
MEDIUM
CVSS 4.4
Tarteaucitronjs versions up to 1.29.0 is affected by inefficient regular expression complexity (redos) (CVSS 4.4).
Denial Of Service
Tarteaucitronjs
-
CVE-2026-22791
MEDIUM
CVSS 6.6
openCryptoki is a PKCS#11 library and tools for Linux and AIX. [CVSS 6.6 MEDIUM]
Linux
Buffer Overflow
Opencryptoki
Redhat
Suse
-
CVE-2026-21308
MEDIUM
CVSS 5.5
Out-of-bounds memory read in Substance 3D Designer 15.0.3 and earlier allows attackers to disclose sensitive information from application memory by tricking users into opening malicious files. The vulnerability requires local access and user interaction but carries no patch availability. This medium-severity flaw affects designers and creative professionals using vulnerable versions of the software.
Buffer Overflow
Information Disclosure
Substance 3d Designer
-
CVE-2026-21303
MEDIUM
CVSS 5.5
Out-of-bounds memory read in Substance 3D Modeler 1.22.4 and earlier allows disclosure of sensitive information from application memory. Exploitation requires a local user to open a specially crafted malicious file. No patch is currently available for this vulnerability.
Buffer Overflow
Information Disclosure
Substance 3d Modeler
-
CVE-2026-21302
MEDIUM
CVSS 5.5
Out-of-bounds memory read in Substance 3D Modeler 1.22.4 and earlier enables disclosure of sensitive data from process memory when a user opens a crafted file. The vulnerability requires user interaction to exploit but carries no availability or integrity impact. No patch is currently available for affected versions.
Buffer Overflow
Information Disclosure
Substance 3d Modeler
-
CVE-2026-21301
MEDIUM
CVSS 5.5
Substance 3D Modeler versions 1.22.4 and earlier contain a null pointer dereference vulnerability that causes application crashes when processing specially crafted files. An attacker can exploit this denial-of-service condition by tricking users into opening a malicious project file, requiring no special privileges but user interaction to trigger the crash.
Null Pointer Dereference
Substance 3d Modeler
-
CVE-2026-21300
MEDIUM
CVSS 5.5
Substance 3D Modeler versions 1.22.4 and earlier contain a null pointer dereference flaw that causes application crashes when a user opens a specially crafted file. This local denial-of-service vulnerability requires user interaction and currently lacks a security patch. The medium severity issue (CVSS 5.5) impacts availability but does not compromise confidentiality or integrity.
Null Pointer Dereference
Substance 3d Modeler
-
CVE-2026-21288
MEDIUM
CVSS 5.5
Adobe Illustrator versions 29.8.3 and 30.0 and earlier are vulnerable to a null pointer dereference that enables local denial-of-service attacks when users open crafted files. An attacker can crash the application by supplying a malicious file, disrupting workflow for targeted users. No patch is currently available for this vulnerability.
Adobe
Null Pointer Dereference
Denial Of Service
Illustrator
-
CVE-2026-21278
MEDIUM
CVSS 5.5
Memory disclosure in Adobe InDesign versions 21.0, 19.5.5 and earlier through out-of-bounds read allows attackers to access sensitive information from application memory when users open specially crafted malicious files. This vulnerability requires user interaction to exploit but requires no special privileges to trigger. No patch is currently available for affected versions.
Adobe
Indesign
-
CVE-2026-21265
MEDIUM
CVSS 6.4
Windows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. [CVSS 6.4 MEDIUM]
Microsoft
Windows
Windows 10 22h2
Windows 10 1607
Windows 11 25h2
-
CVE-2026-20962
MEDIUM
CVSS 4.4
Uninitialized memory in the Dynamic Root of Trust for Measurement (DRTM) component of Windows 11 25h2, Windows Server 2019, Windows 10 22h2, Windows 10 1809, and Windows 11 23h2 allows a high-privileged local attacker to read sensitive information from kernel memory. The vulnerability requires administrative or equivalent privileges to exploit and carries no patch availability. This issue is tracked under CWE-908 with a CVSS score of 4.4.
Information Disclosure
Windows 11 25h2
Windows Server 2019
Windows 10 22h2
Windows 10 1809
-
CVE-2026-20959
MEDIUM
CVSS 4.6
Stored XSS in Microsoft SharePoint Server enables authenticated users to inject malicious scripts that execute in other users' browsers, potentially leading to credential theft or session hijacking. The vulnerability requires user interaction and network access, but no patch is currently available, leaving organizations dependent on compensating controls or vendor updates.
Microsoft
XSS
Sharepoint Server
-
CVE-2026-20958
MEDIUM
CVSS 5.4
Microsoft SharePoint Server contains a server-side request forgery vulnerability that allows authenticated users to access sensitive information across the network. An attacker with valid credentials can exploit this flaw to disclose confidential data without requiring user interaction. No patch is currently available for this issue.
Microsoft
SSRF
Sharepoint Server
-
CVE-2026-20939
MEDIUM
CVSS 5.5
Windows File Explorer information disclosure affects Windows 10 and 11 systems, allowing local authenticated attackers to access sensitive data through improper access controls. The vulnerability requires valid user credentials and local system access, posing a risk in multi-user or shared computing environments where sensitive files may be exposed to other authorized users.
Windows
Windows Server 2022 23h2
Windows 11 24h2
Windows 10 21h2
Windows 10 1607
-
CVE-2026-20937
MEDIUM
CVSS 5.5
Windows File Explorer improperly restricts access to sensitive information, enabling authenticated local users to read confidential data without authorization. This vulnerability affects Windows 10 across multiple versions (1607, 1809, 21H2, 22H2) and requires valid user credentials and local system access to exploit. Currently, no patch is available to remediate this information disclosure issue.
Windows
Windows Server 2022
Windows 10 21h2
Windows 10 22h2
Windows 10 1607
-
CVE-2026-20936
MEDIUM
CVSS 4.3
Information disclosure in Windows NDIS allows a privileged local attacker with physical access to read sensitive kernel memory regions on Windows 10 and Windows 11 systems. The vulnerability requires both authentication and direct hardware interaction, limiting its practical exploitation to scenarios where an attacker has already compromised system access. No patch is currently available for affected Windows versions including 10 (21h2, 22h2) and 11 (25h2).
Windows
Windows 10 22h2
Windows 10 21h2
Windows 11 25h2
Windows Server 2012
-
CVE-2026-20935
MEDIUM
CVSS 6.2
Information disclosure in Windows VBS Enclave protection across Windows 11 versions (23h2, 24h2, 25h2) results from unsafe pointer handling that allows local attackers to read sensitive data without authentication. The vulnerability requires local access and carries medium severity with no available patch, making it a persistent risk for systems relying on virtualization-based security controls.
Windows
Windows 11 24h2
Windows 11 25h2
Windows 11 23h2
Microsoft
-
CVE-2026-20932
MEDIUM
CVSS 5.5
Windows File Explorer information disclosure allows local authenticated users to access sensitive data without authorization. This medium-severity vulnerability affects multiple Windows versions including Windows 11 (24h2 and 25h2), Windows 10 1809, and Windows Server 2019, but no patch is currently available.
Windows
Windows 11 24h2
Windows Server 2019
Windows 11 25h2
Windows 10 1809
-
CVE-2026-20927
MEDIUM
CVSS 5.3
Windows SMB Server denial of service via race condition affects Windows 10 21h2, Windows 11 24h2, and Windows Server 2022, allowing authenticated attackers to disrupt service availability through improper synchronization of shared resources. The vulnerability requires network access and specific conditions to trigger but carries no patch availability at this time. Impact is limited to availability with no confidentiality or integrity compromise.
Windows
Race Condition
Windows Server 2022
Windows 11 24h2
Windows 10 21h2
-
CVE-2026-20925
MEDIUM
CVSS 6.5
Windows NTLM authentication across multiple Windows versions (10, Server 2008/2019) allows remote attackers to manipulate file name or path parameters without authentication, enabling network-based identity spoofing attacks. The vulnerability requires user interaction and has no available patch, affecting systems still running older Windows Server editions alongside current Windows 10 releases. An attacker could impersonate legitimate services or users to compromise trust in networked communications.
Windows
Windows 10 22h2
Windows Server 2008
Windows 10 1607
Windows Server 2019
-
CVE-2026-20876
MEDIUM
CVSS 6.7
Privilege escalation in Windows Virtualization-Based Security (VBS) Enclave affects Windows 11 and Windows Server 2022 through a heap-based buffer overflow in memory management. An authenticated local attacker with high privileges can exploit this vulnerability to gain unauthorized system-level access. No patch is currently available for this medium-severity vulnerability (CVSS 6.7).
Windows
Buffer Overflow
Heap Overflow
Windows Server 2022 23h2
Windows 11 25h2
-
CVE-2026-20872
MEDIUM
CVSS 6.5
Windows NTLM authentication is vulnerable to path manipulation attacks that enable network-based spoofing when users interact with malicious content, affecting Windows 10 22H2 and Windows Server editions 2008-2016. An unauthenticated attacker can exploit improper file name or path validation to impersonate legitimate systems or services, potentially redirecting authentication requests to attacker-controlled resources. No patch is currently available for this vulnerability.
Microsoft
Authentication Bypass
Windows
-
CVE-2026-20862
MEDIUM
CVSS 5.5
Windows Management Services on Windows 10, 11, and Server 2022 expose sensitive information through an information disclosure vulnerability that allows authenticated local users to read confidential data. An attacker with valid credentials can exploit this to access information they should not be authorized to view, though no remote exploitation or system modification is possible. No patch is currently available for affected systems.
Windows
Windows 11 23h2
Windows 10 22h2
Windows Server 2022 23h2
Windows 11 25h2
-
CVE-2026-20851
MEDIUM
CVSS 6.2
Information disclosure in Windows Capability Access Management Service (camsvc) enables local attackers to read sensitive data from memory without authentication on Windows 11 24h2, Windows 11 25h2, and Windows Server 2025. The out-of-bounds read vulnerability requires local access but no special privileges or user interaction to trigger. No patch is currently available for this issue.
Buffer Overflow
Information Disclosure
Windows 11 24h2
Windows Server 2025
Windows 11 25h2
-
CVE-2026-20847
MEDIUM
CVSS 6.5
Windows Shell information disclosure in Windows 10, 11, and Server 2019/2022 permits authenticated network attackers to conduct spoofing attacks by accessing sensitive data. The vulnerability requires valid credentials and network access, with no active exploits currently documented. No patch is available at this time.
Windows
Windows 10 1607
Windows 11 23h2
Windows Server 2019
Windows Server 2022
-
CVE-2026-20839
MEDIUM
CVSS 5.5
Information disclosure in Windows Client-Side Caching Service allows authenticated local users to read sensitive data on affected systems including Windows 10, Windows 11, and Windows Server editions. An attacker with valid credentials can exploit improper access controls to access cached information without additional user interaction. No patch is currently available for this vulnerability.
Windows
Windows 10 21h2
Windows 11 25h2
Windows Server 2008
Windows Server 2025
-
CVE-2026-20838
MEDIUM
CVSS 5.5
Sensitive information disclosure in the Windows Kernel error message handling allows local authenticated users to read confidential data they shouldn't have access to. The vulnerability affects Windows and Windows Server 2022/2025 platforms and requires valid credentials to exploit, limiting its attack surface. No patch is currently available for this medium-severity issue.
Linux
Windows
Windows Server 2022
Windows Server 2025
Windows Server 2022 23h2
-
CVE-2026-20835
MEDIUM
CVSS 5.5
Information disclosure in Windows Capability Access Management Service (camsvc) allows authenticated local users to read out-of-bounds memory and access sensitive data on Windows 11 24h2, Windows 11 25h2, Windows Server 2022 23h2, and Windows Server 2025. The vulnerability requires valid user credentials and local system access, posing a risk to multi-user environments where privilege escalation chains could amplify the impact. No patch is currently available.
Buffer Overflow
Information Disclosure
Windows 11 24h2
Windows Server 2025
Windows Server 2022 23h2
-
CVE-2026-20834
MEDIUM
CVSS 4.6
Windows Shell path traversal vulnerability affecting Windows 10 21H2, Windows Server 2016, 2019, and 2022 allows an attacker with physical access to spoof system resources without requiring user interaction. The vulnerability has no patch available and poses a confidentiality risk through unauthorized information disclosure.
Windows
Path Traversal
Windows Server 2016
Windows 10 21h2
Windows Server 2022 23h2
-
CVE-2026-20833
MEDIUM
CVSS 5.5
Windows Server 2008 versions up to - is affected by use of a broken or risky cryptographic algorithm (CVSS 5.5).
Windows
Windows Server 2022 23h2
Windows Server 2025
Windows Server 2008
Windows Server 2019
-
CVE-2026-20829
MEDIUM
CVSS 5.5
Out-of-bounds read in Windows TPM allows an authorized attacker to disclose information locally. [CVSS 5.5 MEDIUM]
Windows
Windows 10 21h2
Windows 10 22h2
Windows 11 23h2
Windows Server 2022 23h2
-
CVE-2026-20828
MEDIUM
CVSS 4.6
Windows Internet Connection Sharing (ICS) contains an out-of-bounds read vulnerability affecting Windows 7 through Windows 11 24H2 and Windows Server 2008-2019, enabling information disclosure through physical access to an affected system. An attacker with direct hardware access can exploit this flaw to read sensitive data from memory, though no patch is currently available. The attack requires physical presence and does not provide code execution or availability impact.
Windows
Windows Server 2019
Windows 11 24h2
Windows Server 2008
Windows Server 2016
-
CVE-2026-20827
MEDIUM
CVSS 5.5
Information disclosure in Windows Tablet UI (TWINUI) subsystem allows authenticated local users to read sensitive data on affected Windows 11 and Windows Server systems. An attacker with local access can exploit this to retrieve confidential information without requiring user interaction. No patch is currently available for this medium-severity vulnerability.
Windows
Windows 11 23h2
Windows Server 2016
Windows 11 24h2
Windows Server 2022
-
CVE-2026-20825
MEDIUM
CVSS 4.4
Improper access control in Windows Hyper-V enables privileged local users to read sensitive system information without authorization. The vulnerability affects Windows 10 (versions 21H2 and 22H2), Windows Server 2025, and Hyper-V implementations where an authenticated attacker with high privileges can bypass security controls to access confidential data. Currently no patch is available for this medium-severity issue.
Windows
Hyper V
Windows 10 21h2
Windows Server 2025
Windows 10 22h2
-
CVE-2026-20824
MEDIUM
CVSS 5.5
Windows Remote Assistance contains a protection mechanism bypass that allows local attackers to circumvent a security feature without user interaction, affecting Windows 11 24h2, Windows Server 2012, 2022, and 2025. The vulnerability requires local access and user interaction to exploit, with potential impact limited to information disclosure. No patch is currently available for this medium-severity issue.
Windows
Windows Server 2012
Windows Server 2025
Windows 11 24h2
Windows Server 2022 23h2
-
CVE-2026-20823
MEDIUM
CVSS 5.5
Information disclosure in Windows File Explorer enables local authenticated users to read sensitive data on affected Windows systems including Windows 10 and Windows Server 2025. An attacker with valid local credentials can exploit this vulnerability to access confidential information without requiring user interaction. No patch is currently available for this issue.
Windows
Windows Server 2025
Windows 10 22h2
Windows 10 21h2
Windows Server 2022
-
CVE-2026-20821
MEDIUM
CVSS 6.2
Windows RPC implementation leaks sensitive information to local attackers on Windows 10, Windows 11, and Windows Server 2022. An unauthenticated local attacker can exploit this information disclosure vulnerability without user interaction to access confidential data. No patch is currently available for this medium-severity vulnerability.
Windows
Windows 11 25h2
Windows 10 1809
Windows 10 21h2
Windows Server 2022
-
CVE-2026-20819
MEDIUM
CVSS 5.5
Improper pointer validation in Windows VBS Enclave allows authenticated local users to read sensitive information on Windows 11 systems across multiple versions. An attacker with local access and valid credentials can exploit this memory safety flaw to bypass enclave protections and disclose confidential data. No patch is currently available.
Windows
Windows 11 25h2
Windows 11 23h2
Windows 11 24h2
Microsoft
-
CVE-2026-20818
MEDIUM
CVSS 6.2
Windows Kernel inadvertently logs sensitive information to accessible log files, enabling local attackers to read confidential data on affected Windows and Linux systems. This information disclosure vulnerability requires no privileges or user interaction to exploit and impacts Windows Server 2016, 2022, and 2025 along with standard Windows installations. No patch is currently available for this medium-severity issue.
Linux
Windows
Windows Server 2016
Windows Server 2025
Windows Server 2022 23h2
-
CVE-2026-20812
MEDIUM
CVSS 6.5
Windows LDAP input validation bypass in Windows 10 21H2, Windows 11 24H2, and Windows Server 2022 23H2 enables authenticated network attackers to modify data integrity without detection. The vulnerability requires valid credentials and network access but does not provide elevation of privilege or confidentiality breaches. No patch is currently available for this medium-severity issue.
Windows
Ldap
Windows 10 21h2
Windows 11 24h2
Windows Server 2022 23h2
-
CVE-2026-20805
MEDIUM
CVSS 5.5
Desktop Windows Manager on Windows 10, Windows 11, and Windows Server 2022 leaks sensitive information to local authenticated users, enabling disclosure of confidential data without modifying or disrupting system functionality. This vulnerability is confirmed actively exploited and affects multiple Windows versions with no patch currently available. An authorized attacker can exploit this with minimal complexity to extract sensitive information from the system.
Windows
Windows 11 23h2
Windows Server 2022 23h2
Windows 10 1809
Windows 11 25h2
-
CVE-2026-0890
MEDIUM
CVSS 5.4
DOM spoofing in Mozilla Firefox and Thunderbird's copy, paste, and drag-and-drop functionality allows unauthenticated attackers to deceive users into performing unintended actions through crafted content. The vulnerability affects Firefox versions below 147 and ESR versions below 140.7, as well as Thunderbird versions below 147 and 140.7, requiring user interaction to exploit. No patch is currently available.
Mozilla
Authentication Bypass
Firefox
Thunderbird
Redhat
-
CVE-2026-0888
MEDIUM
CVSS 5.3
Firefox and Thunderbird versions before 147 contain an information disclosure vulnerability in their XML processing component that allows unauthenticated attackers to access sensitive data over the network with minimal attack complexity. The vulnerability requires no user interaction and affects the confidentiality of information without impacting system integrity or availability. No security patch is currently available.
Information Disclosure
Thunderbird
Firefox
Redhat
Suse
-
CVE-2026-0887
MEDIUM
CVSS 4.3
The PDF Viewer component in Firefox and Thunderbird is vulnerable to clickjacking attacks that enable information disclosure through UI redressing techniques. Attackers can manipulate user interactions to trick victims into unintentionally revealing sensitive information, affecting Firefox versions below 147, Firefox ESR below 140.7, Thunderbird below 147, and Thunderbird ESR below 140.7. No patch is currently available for this vulnerability.
Information Disclosure
Thunderbird
Firefox
Redhat
Suse
-
CVE-2026-0886
MEDIUM
CVSS 5.3
Improper boundary validation in the Graphics component of Firefox, Firefox ESR, and Thunderbird allows unauthenticated remote attackers to cause limited information disclosure over the network without user interaction. Affected versions include Firefox before 147, Firefox ESR before 115.32 and 140.7, and Thunderbird before 147 and 140.7. No patch is currently available for this medium-severity vulnerability.
Industrial
Thunderbird
Firefox
Redhat
Suse
-
CVE-2026-0885
MEDIUM
CVSS 6.5
Memory corruption in Firefox and Thunderbird's JavaScript garbage collection engine allows remote attackers to crash the application or potentially leak sensitive information without user interaction. The vulnerability affects Firefox versions below 147, Firefox ESR below 140.7, Thunderbird below 147, and Thunderbird ESR below 140.7, with no patch currently available.
Use After Free
Thunderbird
Firefox
Redhat
Suse
-
CVE-2026-0883
MEDIUM
CVSS 5.3
The Networking component in Firefox and Thunderbird discloses sensitive information to unauthenticated remote attackers over the network. Affected versions include Firefox below 147, Firefox ESR below 140.7, Thunderbird below 147, and Thunderbird ESR below 140.7. No patch is currently available to remediate this vulnerability.
Information Disclosure
Thunderbird
Firefox
Redhat
Suse
-
CVE-2026-0716
MEDIUM
CVSS 4.8
Libsoup WebSocket implementations with unset maximum payload size limits are vulnerable to out-of-bounds memory reads during frame processing, potentially exposing sensitive data or causing application crashes. This vulnerability affects applications using non-default WebSocket configurations and requires no user interaction or authentication to exploit. No patch is currently available.
Denial Of Service
Redhat
Suse
-
CVE-2026-0684
MEDIUM
CVSS 4.3
CP Image Store with Slideshow (WordPress plugin) versions up to 1.1.9 is affected by incorrect authorization (CVSS 4.3).
WordPress
-
CVE-2026-0543
MEDIUM
CVSS 6.5
Kibana's Email Connector fails to properly validate email address parameters, allowing authenticated users with view-level privileges to trigger excessive resource allocation and crash the service. An attacker can exploit this input validation flaw by submitting a specially crafted email address to cause complete denial of service, requiring manual service restart to restore availability for all users. No patch is currently available.
Code Injection
Kibana
Redhat
-
CVE-2026-0531
MEDIUM
CVSS 6.5
Kibana Fleet is vulnerable to denial of service through uncontrolled resource allocation when processing specially crafted bulk retrieval requests, allowing authenticated users with viewer-level privileges to exhaust server memory and crash the application. An attacker can trigger redundant database operations that consume resources without limits, rendering the service unavailable to all users. No patch is currently available for this vulnerability.
Denial Of Service
Kibana
Redhat
-
CVE-2026-0530
MEDIUM
CVSS 6.5
Kibana Fleet fails to limit resource allocation when processing specially crafted requests, allowing authenticated attackers to trigger excessive CPU and memory consumption that degrades or completely disables the service. The vulnerability affects Kibana deployments where users have authentication access, and no patch is currently available to remediate the issue.
Denial Of Service
Kibana
Redhat
-
CVE-2026-0528
MEDIUM
CVSS 6.5
Denial of Service in Prometheus and Kibana metricsets can be triggered by sending specially crafted malformed payloads to Graphite, Zookeeper, or Prometheus data sources due to improper array index validation and input validation flaws. An unauthenticated attacker on the network can exploit this to crash monitoring services without user interaction. No patch is currently available.
Prometheus
Denial Of Service
Kibana
Suse
-
CVE-2026-0514
MEDIUM
CVSS 6.1
Reflected XSS in SAP Business Connector enables unauthenticated attackers to craft malicious links that redirect users to attacker-controlled sites, potentially compromising webclient confidentiality and integrity when victims click the link. The vulnerability requires user interaction and has no available patch, making client-side awareness critical for mitigation.
Sap
XSS
Business Connector
-
CVE-2026-0513
MEDIUM
CVSS 4.7
Supplier Relationship Management versions up to 700 is affected by url redirection to untrusted site (open redirect) (CVSS 4.7).
Sap
Open Redirect
Supplier Relationship Management
-
CVE-2026-0503
MEDIUM
CVSS 6.4
Missing authorization controls in SAP ECC and SAP S/4HANA EHS Management allow authenticated attackers to extract hardcoded credentials and bypass password authentication through parameter manipulation. Successful exploitation enables attackers to access, modify, or delete change pointer data within EHS objects, potentially compromising downstream systems with low impact to confidentiality and integrity. No patch is currently available.
Sap
-
CVE-2026-0499
MEDIUM
CVSS 6.1
Reflected cross-site scripting in SAP NetWeaver Enterprise Portal enables unauthenticated attackers to inject malicious scripts via URL parameters that execute in users' browsers. Successful exploitation can lead to session hijacking, portal content manipulation, and unauthorized user redirection, affecting confidentiality and integrity with no patch currently available.
Sap
-
CVE-2026-0497
MEDIUM
CVSS 4.3
SAP Product Designer Web UI in Business Server Pages permits authenticated users without administrative privileges to view non-sensitive information they should not access. This authorization bypass affects confidentiality but carries no risk to system integrity or availability. No patch is currently available to remediate this exposure.
Sap
-
CVE-2026-0496
MEDIUM
CVSS 6.6
SAP Fiori App Intercompany Balance Reconciliation contains an unrestricted file upload vulnerability that permits high-privileged attackers to upload malicious files, including scripts, due to insufficient file format validation. While the direct impact on confidentiality, integrity, and availability is limited, this flaw could enable attackers with administrative access to compromise application functionality or escalate their capabilities. No patch is currently available for this vulnerability.
Sap
-
CVE-2026-0495
MEDIUM
CVSS 5.1
SAP Fiori App Intercompany Balance Reconciliation contains an email redirection flaw that allows high-privileged attackers to redirect uploaded files to arbitrary email addresses, facilitating targeted phishing attacks. The vulnerability requires high privileges and user interaction, resulting in limited confidentiality, integrity, and availability impact. No patch is currently available for this medium-severity issue.
Sap
-
CVE-2026-0494
MEDIUM
CVSS 4.3
SAP Fiori App Intercompany Balance Reconciliation contains an information disclosure vulnerability that allows authenticated attackers to access restricted data under specific conditions. The vulnerability requires valid user credentials and network access but does not impact system integrity or availability. No patch is currently available.
Sap
-
CVE-2026-0493
MEDIUM
CVSS 4.3
SAP Fiori App Intercompany Balance Reconciliation an attacker is affected by cross-site request forgery (csrf) (CVSS 4.3).
Sap
Industrial
CSRF
-
CVE-2025-71098
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
ip6_gre: make ip6gre_header() robust
Over the years, syzbot found many ways to crash the kernel
in ip6gre_header() [1].
Linux
Denial Of Service
Null Pointer Dereference
Linux Kernel
Redhat
-
CVE-2025-71097
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
ipv4: Fix reference count leak when using error routes with nexthop objects
When a nexthop object is deleted, it is marked as dead and then
fib_table_flush() is called to flush all the routes that are using the
dead nexthop.
Linux
Information Disclosure
Linux Kernel
Redhat
Suse
-
CVE-2025-71096
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly
The netlink response for RDMA_NL_LS_OP_IP_RESOLVE should always have a
LS_NLA_TYPE_DGID attribute, it is invalid if it does not.
Linux
Information Disclosure
Linux Kernel
Redhat
Suse
-
CVE-2025-71095
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
net: stmmac: fix the crash issue for zero copy XDP_TX action
There is a crash issue when running zero copy XDP_TX action, the crash
log is shown below.
Linux
Denial Of Service
Linux Kernel
Redhat
Suse
-
CVE-2025-71094
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
net: usb: asix: validate PHY address before use
The ASIX driver reads the PHY address from the USB device via
asix_read_phy_addr().
Linux
Information Disclosure
Linux Kernel
Redhat
Suse
-
CVE-2025-71090
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
nfsd: fix nfsd_file reference leak in nfsd4_add_rdaccess_to_wrdeleg()
nfsd4_add_rdaccess_to_wrdeleg() unconditionally overwrites
fp->fi_fds[O_RDONLY] with a newly acquired nfsd_file.
Linux
Information Disclosure
Linux Kernel
Redhat
Suse
-
CVE-2025-71088
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
mptcp: fallback earlier on simult connection
Syzkaller reports a simult-connect race leading to inconsistent fallback
status:
WARNING: CPU: 3 PID: 33 at net/mptcp/subflow.c:1515 subflow_data_ready+0x40b/0x7c0 net/mptcp/subflow.c:1515
Modules linked in:
CPU: 3 UID: 0 PID: 33 Comm: ksoftirqd/3 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:subflow_data_ready+0x40b/0x7c0 net/mptcp/subflow.c:1515
Code: 89 ee e8 78 61 3c f6 40 84 ed 75 21 e8 8e 66 3c f6 44 89 fe bf 07 00 00 00 e8 c1 61 3c f6 41 83 ff 07 74 09 e8 76 66 3c f6 90 <0f> 0b 90 e8 6d 66 3c f6 48 89 df e8 e5 ad ff ff 31 ff 89 c5 89 c6
RSP: 0018:ffffc900006cf338 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff888031acd100 RCX: ffffffff8b7f2abf
RDX: ffff88801e6ea440 RSI: ffffffff8b7f2aca RDI: 0000000000000005
RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000007
R10: 0000000000000004 R11: 0000000000002c10 R12: ffff88802ba69900
R13: 1ffff920000d9e67 R14: ffff888046f81800 R15: 0000000000000004
FS: 0000000000000000(0000) GS:ffff8880d69bc000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000560fc0ca1670 CR3: 0000000032c3a000 CR4: 0000000000352ef0
Call Trace:
<TASK>
tcp_data_queue+0x13b0/0x4f90 net/ipv4/tcp_input.c:5197
tcp_rcv_state_process+0xfdf/0x4ec0 net/ipv4/tcp_input.c:6922
tcp_v6_do_rcv+0x492/0x1740 net/ipv6/tcp_ipv6.c:1672
tcp_v6_rcv+0x2976/0x41e0 net/ipv6/tcp_ipv6.c:1918
ip6_protocol_deliver_rcu+0x188/0x1520 net/ipv6/ip6_input.c:438
ip6_input_finish+0x1e4/0x4b0 net/ipv6/ip6_input.c:489
NF_HOOK include/linux/netfilter.h:318 [inline]
NF_HOOK include/linux/netfilter.h:312 [inline]
ip6_input+0x105/0x2f0 net/ipv6/ip6_input.c:500
dst_input include/net/dst.h:471 [inline]
ip6_rcv_finish net/ipv6/ip6_input.c:79 [inline]
NF_HOOK include/linux/netfilter.h:318 [inline]
NF_HOOK include/linux/netfilter.h:312 [inline]
ipv6_rcv+0x264/0x650 net/ipv6/ip6_input.c:311
__netif_receive_skb_one_core+0x12d/0x1e0 net/core/dev.c:5979
__netif_receive_skb+0x1d/0x160 net/core/dev.c:6092
process_backlog+0x442/0x15e0 net/core/dev.c:6444
__napi_poll.constprop.0+0xba/0x550 net/core/dev.c:7494
napi_poll net/core/dev.c:7557 [inline]
net_rx_action+0xa9f/0xfe0 net/core/dev.c:7684
handle_softirqs+0x216/0x8e0 kernel/softirq.c:579
run_ksoftirqd kernel/softirq.c:968 [inline]
run_ksoftirqd+0x3a/0x60 kernel/softirq.c:960
smpboot_thread_fn+0x3f7/0xae0 kernel/smpboot.c:160
kthread+0x3c2/0x780 kernel/kthread.c:463
ret_from_fork+0x5d7/0x6f0 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
</TASK>
The TCP subflow can process the simult-connect syn-ack packet after
transitioning to TCP_FIN1 state, bypassing the MPTCP fallback check,
as the sk_state_change() callback is not invoked for * -> FIN_WAIT1
transitions.
Linux
Debian
Authentication Bypass
Linux Kernel
Redhat
-
CVE-2025-71087
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
iavf: fix off-by-one issues in iavf_config_rss_reg()
There are off-by-one bugs when configuring RSS hash key and lookup
table, causing out-of-bounds reads to memory [1] and out-of-bounds
writes to device registers.
Linux
Debian
Buffer Overflow
Linux Kernel
Redhat
-
CVE-2025-71085
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()
There exists a kernel oops caused by a BUG_ON(nhead < 0) at
net/core/skbuff.c:2232 in pskb_expand_head().
Linux
Information Disclosure
Linux Kernel
Redhat
Suse
-
CVE-2025-71084
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
RDMA/cm: Fix leaking the multicast GID table reference
If the CM ID is destroyed while the CM event for multicast creating is
still queued the cancel_work_sync() will prevent the work from running
which also prevents destroying the ah_attr.
Linux
Information Disclosure
Linux Kernel
Redhat
Suse
-
CVE-2025-71083
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
drm/ttm: Avoid NULL pointer deref for evicted BOs
It is possible for a BO to exist that is not currently associated with a
resource, e.g. because it has been evicted.
Linux
Null Pointer Dereference
Denial Of Service
Linux Kernel
Redhat
-
CVE-2025-71081
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
ASoC: stm32: sai: fix OF node leak on probe
The reference taken to the sync provider OF node when probing the
platform device is currently only dropped if the set_sync() callback
fails during DAI probe.
Linux
Information Disclosure
Linux Kernel
Redhat
Suse
-
CVE-2025-71080
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT
On PREEMPT_RT kernels, after rt6_get_pcpu_route() returns NULL, the
current task can be preempted.
Linux
Information Disclosure
Linux Kernel
Redhat
Suse
-
CVE-2025-71079
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write
A deadlock can occur between nfc_unregister_device() and rfkill_fop_write()
due to lock ordering inversion between device_lock and rfkill_global_mutex.
Linux
Information Disclosure
Linux Kernel
Redhat
Suse
-
CVE-2025-71077
MEDIUM
CVSS 5.5
CVE-2025-71077 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.
Linux
Information Disclosure
Linux Kernel
Redhat
Suse
-
CVE-2025-71076
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/oa: Limit num_syncs to prevent oversized allocations
The OA open parameters did not validate num_syncs, allowing
userspace to pass arbitrarily large values, potentially
leading to excessive allocations.
Linux
Information Disclosure
Linux Kernel
Redhat
Suse
-
CVE-2025-71074
MEDIUM
CVSS 4.7
In the Linux kernel, the following vulnerability has been resolved:
functionfs: fix the open/removal races
ffs_epfile_open() can race with removal, ending up with file->private_data
pointing to freed object.
Linux
Information Disclosure
Race Condition
Linux Kernel
Redhat
-
CVE-2025-71072
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
shmem: fix recovery on rename failures
maple_tree insertions can fail if we are seriously short on memory;
simple_offset_rename() does not recover well if it runs into that. The same goes for simple_offset_rename_exchange().
Linux
Information Disclosure
Linux Kernel
Redhat
Suse
-
CVE-2025-68949
MEDIUM
CVSS 5.3
n8n is an open source workflow automation platform. From 1.36.0 to before 2.2.0, the Webhook node’s IP whitelist validation performed partial string matching instead of exact IP comparison. [CVSS 5.3 MEDIUM]
Code Injection
N8n
-
CVE-2025-68947
MEDIUM
CVSS 4.7
NSecsoft 'NSecKrnl' is a Windows driver that allows a local, authenticated attacker to terminate processes owned by other users, including SYSTEM and Protected Processes by issuing crafted IOCTL requests to the driver. [CVSS 4.7 MEDIUM]
Windows
-
CVE-2025-68925
MEDIUM
CVSS 5.3
Jervis versions up to 2.2 is affected by improper verification of cryptographic signature (CVSS 5.3).
Jenkins
Jervis
-
CVE-2025-68823
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
ublk: fix deadlock when reading partition table
When one process(such as udev) opens ublk block device (e.g., to read
the partition table via bdev_open()), a deadlock[1] can occur:
1. bdev_open() grabs disk->open_mutex
2. [CVSS 5.5 MEDIUM]
Linux
Linux Kernel
Redhat
Suse
-
CVE-2025-68658
MEDIUM
CVSS 4.3
Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter framework. opensourcepos 3.4.0 and 3.4.1 has a stored XSS vulnerability exists in the Configuration (Information) functionality. [CVSS 4.3 MEDIUM]
PHP
XSS
Open Source Point Of Sale
-
CVE-2025-65784
MEDIUM
CVSS 6.5
Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated attackers with low-level privileges to access other users' information via a crafted API request. [CVSS 6.5 MEDIUM]
SSRF
Hub
-
CVE-2025-59021
MEDIUM
CVSS 6.4
Backend users with access to the redirects module and write permission on the sys_redirect table were able to read, create, and modify any redirect record without restriction to the user’s own file-mounts or web-mounts. [CVSS 6.4 MEDIUM]
Typo3
-
CVE-2025-59020
MEDIUM
CVSS 6.5
By exploiting the defVals parameter, attackers could bypass field‑level access checks during record creation in the TYPO3 backend. [CVSS 6.5 MEDIUM]
Typo3
-
CVE-2025-58693
MEDIUM
CVSS 6.5
An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 allows a privileged attacker to delete files from the underlying filesystem via crafted HTTP or HTTPs requests. [CVSS 6.5 MEDIUM]
Fortinet
Path Traversal
Fortivoice
-
CVE-2025-55462
MEDIUM
CVSS 6.5
A CORS misconfiguration in Eramba Community and Enterprise Editions v3.26.0 allows an attacker-controlled Origin header to be reflected in the Access-Control-Allow-Origin response along with Access-Control-Allow-Credentials: true. [CVSS 6.5 MEDIUM]
Information Disclosure
Eramba
-
CVE-2025-46684
MEDIUM
CVSS 6.6
Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information Tampering. [CVSS 6.6 MEDIUM]
Information Disclosure
Dell
Supportassist Os Recovery
-
CVE-2025-37179
MEDIUM
CVSS 5.3
Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may attempt to read beyond the intended memory region. [CVSS 5.3 MEDIUM]
Denial Of Service
Arubaos
-
CVE-2025-37178
MEDIUM
CVSS 5.3
Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may attempt to read beyond the intended memory region. [CVSS 5.3 MEDIUM]
Denial Of Service
Arubaos
-
CVE-2025-37177
MEDIUM
CVSS 6.5
An arbitrary file deletion vulnerability has been identified in the command-line interface of mobility conductors running either AOS-10 or AOS-8 operating systems. [CVSS 6.5 MEDIUM]
Path Traversal
Information Disclosure
Arubaos
-
CVE-2025-37176
MEDIUM
CVSS 6.5
A command injection vulnerability in AOS-8 allows an authenticated privileged user to alter a package header to inject shell commands, potentially affecting the execution of internal operations. [CVSS 6.5 MEDIUM]
Command Injection
Arubaos
-
CVE-2025-15056
MEDIUM
CVSS 5.1
A lack of data validation vulnerability in the HTML export feature in Quill in allows Cross-Site Scripting (XSS). This issue affects Quill: 2.0.3.
XSS
-
CVE-2025-14507
MEDIUM
CVSS 5.3
The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.0 via the REST API. [CVSS 5.3 MEDIUM]
WordPress
Information Disclosure
PHP
-
CVE-2025-14001
MEDIUM
CVSS 5.4
The WP Duplicate Page plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'duplicateBulkHandle' and 'duplicateBulkHandleHPOS' functions in all versions up to, and including, 1.8. [CVSS 5.4 MEDIUM]
WordPress
PHP
-
CVE-2025-9435
MEDIUM
CVSS 5.5
Zohocorp ManageEngine ADManager Plus versions below 7230 are vulnerable to Path Traversal in the User Management module [CVSS 5.5 MEDIUM]
Path Traversal
Manageengine Admanager Plus
-
CVE-2025-8090
MEDIUM
CVSS 6.2
Null pointer dereference in the MsgRegisterEvent() system call could allow an attacker with local access and code execution abilities to crash the QNX Neutrino kernel. [CVSS 6.2 MEDIUM]
Linux
Null Pointer Dereference
Denial Of Service
-
CVE-2024-54855
MEDIUM
CVSS 6.4
fabricators Ltd Vanilla OS 2 Core image v1.1.0 was discovered to contain static keys for the SSH service, allowing attackers to possibly execute a man-in-the-middle attack during connections with other hosts. [CVSS 6.4 MEDIUM]
Ssh
Vanilla Os Core Image
-
CVE-2023-54341
MEDIUM
CVSS 6.1
Webgrind 1.1 and before contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts via the file parameter in index.php. [CVSS 6.1 MEDIUM]
PHP
XSS
Webgrind
-
CVE-2023-54332
MEDIUM
CVSS 6.1
Jetpack 11.4 contains a cross-site scripting vulnerability in the contact form module that allows attackers to inject malicious scripts through the post_id parameter. [CVSS 6.1 MEDIUM]
XSS
Jetpack
-
CVE-2023-54328
MEDIUM
CVSS 6.5
AimOne Video Converter 2.04 Build 103 contains a buffer overflow vulnerability in its registration form that causes application crashes. Attackers can generate a 7000-byte payload to trigger the denial of service and potentially exploit the software's registration mechanism. [CVSS 6.5 MEDIUM]
Buffer Overflow
Denial Of Service
Aimone Video Converter
-
CVE-2023-53985
MEDIUM
CVSS 6.1
Zstore, now referred to as Zippy CRM, 6.5.4 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through unvalidated input parameters. [CVSS 6.1 MEDIUM]
XSS
Zstore
-
CVE-2022-50937
MEDIUM
CVSS 6.1
Ametys CMS v4.4.1 contains a persistent cross-site scripting vulnerability in the link directory's input fields for external links. Attackers can inject malicious script code in link text and descriptions to execute persistent attacks that compromise user sessions and manipulate application modules. [CVSS 6.1 MEDIUM]
XSS
Ametys
-
CVE-2022-50927
MEDIUM
CVSS 6.2
Cyclades Serial Console Server 3.3.0 contains a local privilege escalation vulnerability due to overly permissive sudo privileges for the admin user and admin group. [CVSS 6.2 MEDIUM]
Privilege Escalation
-
CVE-2022-50906
MEDIUM
CVSS 4.8
e107 CMS 3.2.1 contains an upload restriction bypass vulnerability that allows authenticated administrators to upload malicious SVG files through the media manager. [CVSS 4.8 MEDIUM]
XSS
E107
-
CVE-2022-50899
MEDIUM
CVSS 6.5
Geonetwork versions up to 4.2.0 is affected by improper restriction of xml external entity reference (CVSS 6.5).
XXE
Geonetwork
-
CVE-2022-50897
MEDIUM
CVSS 5.5
mPDF 7.0 contains a local file inclusion vulnerability that allows attackers to read arbitrary system files by manipulating annotation file parameters. Attackers can generate URL-encoded or base64 payloads to include local files through crafted annotation content with file path specifications. [CVSS 5.5 MEDIUM]
Lfi
Mpdf
-
CVE-2022-50896
MEDIUM
CVSS 6.1
Testa 3.5.1 contains a reflected cross-site scripting vulnerability in the login.php redirect parameter that allows attackers to inject malicious scripts. Attackers can craft a specially encoded payload in the redirect parameter to execute arbitrary JavaScript in victim's browser context. [CVSS 6.1 MEDIUM]
PHP
XSS
-
CVE-2022-50894
MEDIUM
CVSS 6.5
VIAVIWEB Wallpaper Admin 1.0 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the img_id parameter. [CVSS 6.5 MEDIUM]
PHP
SQLi
Wallpaper Admin
-
CVE-2022-50891
MEDIUM
CVSS 5.0
Owlfiles File Manager 12.0.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the path parameter in HTTP server endpoints. [CVSS 5.0 MEDIUM]
XSS
Owlfiles
-
CVE-2021-47750
MEDIUM
CVSS 6.1
YouPHPTube <= 7.8 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the redirectUri parameter in the signup page. [CVSS 6.1 MEDIUM]
XSS
Youphptube
-
CVE-2021-47749
MEDIUM
CVSS 5.5
YouPHPTube <= 7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to access arbitrary files by manipulating the 'lang' parameter in GET requests. [CVSS 5.5 MEDIUM]
PHP
Lfi
Path Traversal
Youphptube
-
CVE-2020-36919
MEDIUM
CVSS 6.1
WPForms 1.7.8 contains a cross-site scripting vulnerability in the slider import search feature and tab parameter. Attackers can inject malicious scripts through the ListTable.php endpoint to execute arbitrary JavaScript in victim's browser. [CVSS 6.1 MEDIUM]
PHP
XSS
Wpforms
-
CVE-2026-22814
None
@adonisjs/lucid is an SQL ORM for AdonisJS built on top of Knex. Prior to 21.8.2 and 22.0.0-next.6, there is a Mass Assignment vulnerability in AdonisJS Lucid which may allow a remote attacker who can influence data that is passed into Lucid model assignments to overwrite the internal ORM state. This may lead to logic bypasses and unauthorized record modification within a table or model. This affects @adonisjs/lucid through version 21.8.1 and 22.x pre-release versions prior to 22.0.0-next.6. ...
Code Injection
-
CVE-2026-22755
None
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Vivotek Affected device model numbers are FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD9381, FD9387, FD9389, FD9391,FE9180,FE9181, FE9191, FE9381, FE9382, FE9391, FE9582, IB9365, IB93587LPR, IB9371,IB9381, IB9387, IB9389, IB939,IP9165,IP9171, IP9172, IP9181, IP9191, IT9389, MA9321, MA9322, MS9321, MS9390, TB9330 (Firmware modules) allows OS Command Injection.This issue affects Affected device model numbers are FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD9381, FD9387, FD9389, FD9391,FE9180,FE9181, FE9191, FE9381, FE9382, FE9391, FE9582, IB9365, IB93587LPR, IB9371,IB9381, IB9387, IB9389, IB939,IP9165,IP9171, IP9172, IP9181, IP9191, IT9389, MA9321, MA9322, MS9321, MS9390, TB9330: 0100a, 0106a, 0106b, 0107a, 0107b_1, 0109a, 0112a, 0113a, 0113d, 0117b, 0119e, 0120b, 0121, 0121d, 0121d_48573_1, 0122e, 0124d_48573_1, 012501, 012502, 0125c.
Command Injection
-
CVE-2026-0510
LOW
CVSS 3.0
The User Management Engine (UME) in NetWeaver Application Server for Java (NW AS Java) utilizes an obsolete cryptographic algorithm for encrypting User Mapping data. [CVSS 3.0 LOW]
Java
-
CVE-2026-0504
LOW
CVSS 3.8
Due to insufficient input handling, the SAP Identity Management REST interface allows an authenticated administrator to submit specially crafted malicious REST requests that are processed by JNDI operations without adequate input neutralization. [CVSS 3.8 LOW]
Sap
-
CVE-2025-71070
None
In the Linux kernel, the following vulnerability has been resolved:
ublk: clean up user copy references on ublk server exit
If a ublk server process releases a ublk char device file, any requests
dispatched to the ublk server but not yet completed will retain a ref
value of UBLK_REFCOUNT_INIT.
Linux
Linux Kernel
-
CVE-2025-71069
None
In the Linux kernel, the following vulnerability has been resolved:
f2fs: invalidate dentry cache on failed whiteout creation
F2FS can mount filesystems with corrupted directory depth values that
get runtime-clamped to MAX_DIR_HASH_DEPTH.
Linux
Linux Kernel
-
CVE-2025-71067
None
In the Linux kernel, the following vulnerability has been resolved:
ntfs: set dummy blocksize to read boot_block when mounting
When mounting, sb->s_blocksize is used to read the boot_block without
being defined or validated. Set a dummy blocksize before attempting to
read the boot_block.
Linux
Linux Kernel
-
CVE-2025-71066
None
In the Linux kernel, the following vulnerability has been resolved:
net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change
zdi-disclosures@trendmicro.com says:
The vulnerability is a race condition between `ets_qdisc_dequeue` and
`ets_qdisc_change`.
Linux
Race Condition
Linux Kernel
-
CVE-2025-71065
None
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to avoid potential deadlock
As Jiaming Zhang and syzbot reported, there is potential deadlock in
f2fs as below:
Chain exists of:
&sbi->cp_rwsem --> fs_reclaim --> sb_internal#2
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
rlock(sb_internal#2);
lock(fs_reclaim);
lock(sb_internal#2);
rlock(&sbi->cp_rwsem);
*** DEADLOCK ***
3 locks held by kswapd0/73:
#0: ffffffff8e247a40 (fs_reclaim){+.+.}-{0:0}, at: balance_pgdat mm/vmscan.c:7015 [inline]
#0: ffffffff8e247a40 (fs_reclaim){+.+.}-{0:0}, at: kswapd+0x951/0x2800 mm/vmscan.c:7389
#1: ffff8880118400e0 (&type->s_umount_key#50){.+.+}-{4:4}, at: super_trylock_shared fs/super.c:562 [inline]
#1: ffff8880118400e0 (&type->s_umount_key#50){.+.+}-{4:4}, at: super_cache_scan+0x91/0x4b0 fs/super.c:197
#2: ffff888011840610 (sb_internal#2){.+.+}-{0:0}, at: f2fs_evict_inode+0x8d9/0x1b60 fs/f2fs/inode.c:890
stack backtrace:
CPU: 0 UID: 0 PID: 73 Comm: kswapd0 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
print_circular_bug+0x2ee/0x310 kernel/locking/lockdep.c:2043
check_noncircular+0x134/0x160 kernel/locking/lockdep.c:2175
check_prev_add kernel/locking/lockdep.c:3165 [inline]
check_prevs_add kernel/locking/lockdep.c:3284 [inline]
validate_chain+0xb9b/0x2140 kernel/locking/lockdep.c:3908
__lock_acquire+0xab9/0xd20 kernel/locking/lockdep.c:5237
lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868
down_read+0x46/0x2e0 kernel/locking/rwsem.c:1537
f2fs_down_read fs/f2fs/f2fs.h:2278 [inline]
f2fs_lock_op fs/f2fs/f2fs.h:2357 [inline]
f2fs_do_truncate_blocks+0x21c/0x10c0 fs/f2fs/file.c:791
f2fs_truncate_blocks+0x10a/0x300 fs/f2fs/file.c:867
f2fs_truncate+0x489/0x7c0 fs/f2fs/file.c:925
f2fs_evict_inode+0x9f2/0x1b60 fs/f2fs/inode.c:897
evict+0x504/0x9c0 fs/inode.c:810
f2fs_evict_inode+0x1dc/0x1b60 fs/f2fs/inode.c:853
evict+0x504/0x9c0 fs/inode.c:810
dispose_list fs/inode.c:852 [inline]
prune_icache_sb+0x21b/0x2c0 fs/inode.c:1000
super_cache_scan+0x39b/0x4b0 fs/super.c:224
do_shrink_slab+0x6ef/0x1110 mm/shrinker.c:437
shrink_slab_memcg mm/shrinker.c:550 [inline]
shrink_slab+0x7ef/0x10d0 mm/shrinker.c:628
shrink_one+0x28a/0x7c0 mm/vmscan.c:4955
shrink_many mm/vmscan.c:5016 [inline]
lru_gen_shrink_node mm/vmscan.c:5094 [inline]
shrink_node+0x315d/0x3780 mm/vmscan.c:6081
kswapd_shrink_node mm/vmscan.c:6941 [inline]
balance_pgdat mm/vmscan.c:7124 [inline]
kswapd+0x147c/0x2800 mm/vmscan.c:7389
kthread+0x70e/0x8a0 kernel/kthread.c:463
ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
</TASK>
The root cause is deadlock among four locks as below:
kswapd
- fs_reclaim --- Lock A
- shrink_one
- evict
- f2fs_evict_inode
- sb_start_intwrite --- Lock B
- iput
- evict
- f2fs_evict_inode
- sb_start_intwrite --- Lock B
- f2fs_truncate
- f2fs_truncate_blocks
- f2fs_do_truncate_blocks
- f2fs_lock_op --- Lock C
ioctl
- f2fs_ioc_commit_atomic_write
- f2fs_lock_op --- Lock C
- __f2fs_commit_atomic_write
- __replace_atomic_write_block
- f2fs_get_dnode_of_data
- __get_node_folio
- f2fs_check_nid_range
- f2fs_handle_error
- f2fs_record_errors
- f2fs_down_write --- Lock D
open
- do_open
- do_truncate
- security_inode_need_killpriv
- f2fs_getxattr
- lookup_all_xattrs
- f2fs_handle_error
- f2fs_record_errors
- f2fs_down_write --- Lock D
- f2fs_commit_super
- read_mapping_folio
- filemap_alloc_folio_noprof
- prepare_alloc_pages
- fs_reclaim_acquire --- Lock A
In order to a
---truncated---
Linux
Debian
Linux Kernel
-
CVE-2025-71064
None
In the Linux kernel, the following vulnerability has been resolved:
net: hns3: using the num_tqps in the vf driver to apply for resources
Currently, hdev->htqp is allocated using hdev->num_tqps, and kinfo->tqp
is allocated using kinfo->num_tqps.
Linux
Linux Kernel
-
CVE-2025-68822
None
In the Linux kernel, the following vulnerability has been resolved:
Input: alps - fix use-after-free bugs caused by dev3_register_work
The dev3_register_work delayed work item is initialized within
alps_reconnect() and scheduled upon receipt of the first bare
PS/2 packet from an external PS/2 device connected to the ALPS
touchpad.
Linux
Use After Free
Race Condition
Linux Kernel
-
CVE-2025-68821
None
In the Linux kernel, the following vulnerability has been resolved:
fuse: fix readahead reclaim deadlock
Commit e26ee4efbc79 ("fuse: allocate ff->release_args only if release is
needed") skips allocating ff->release_args if the server does not
implement open.
Linux
Linux Kernel
-
CVE-2025-68820
None
In the Linux kernel, the following vulnerability has been resolved:
ext4: xattr: fix null pointer deref in ext4_raw_inode()
If ext4_get_inode_loc() fails (e.g. if it returns -EFSCORRUPTED),
iloc.bh will remain set to NULL.
Linux
Null Pointer Dereference
Linux Kernel
-
CVE-2025-68819
None
In the Linux kernel, the following vulnerability has been resolved:
media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg()
rlen value is a user-controlled value, but dtv5100_i2c_msg() does not
check the size of the rlen value.
Linux
Linux Kernel
-
CVE-2025-68818
None
In the Linux kernel, the following vulnerability has been resolved:
scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path"
This reverts commit 0367076b0817d5c75dfb83001ce7ce5c64d803a9.
Linux
Null Pointer Dereference
Denial Of Service
Linux Kernel
-
CVE-2025-68816
None
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: fw_tracer, Validate format string parameters
Add validation for format string parameters in the firmware tracer to
prevent potential security vulnerabilities and crashes from malformed
format strings received from firmware.
Linux
Denial Of Service
Linux Kernel
-
CVE-2025-68815
None
In the Linux kernel, the following vulnerability has been resolved:
net/sched: ets: Remove drr class from the active list if it changes to strict
Whenever a user issues an ets qdisc change command, transforming a
drr class into a strict one, the ets code isn't checking whether that
class was in the active list and removing it.
Linux
Linux Kernel
-
CVE-2025-68814
None
In the Linux kernel, the following vulnerability has been resolved:
io_uring: fix filename leak in __io_openat_prep()
__io_openat_prep() allocates a struct filename using getname().
Linux
Linux Kernel
-
CVE-2025-68813
None
In the Linux kernel, the following vulnerability has been resolved:
ipvs: fix ipv4 null-ptr-deref in route error path
The IPv4 code path in __ip_vs_get_out_rt() calls dst_link_failure()
without ensuring skb->dev is set, leading to a NULL pointer dereference
in fib_compute_spec_dst() when ipv4_link_failure() attempts to send
ICMP destination unreachable messages.
Linux
Null Pointer Dereference
Denial Of Service
Linux Kernel
-
CVE-2025-68812
None
In the Linux kernel, the following vulnerability has been resolved:
media: iris: Add sanity check for stop streaming
Add sanity check in iris_vb2_stop_streaming. If inst->state is
already IRIS_INST_ERROR, we should skip the stream_off operation
because it would still send packets to the firmware.
Linux
Denial Of Service
Linux Kernel
-
CVE-2025-68811
None
In the Linux kernel, the following vulnerability has been resolved:
svcrdma: use rc_pageoff for memcpy byte offset
svc_rdma_copy_inline_range added rc_curpage (page index) to the page
base instead of the byte offset rc_pageoff. Use rc_pageoff so copies
land within the current page.
Linux
Linux Kernel
-
CVE-2025-68810
None
In the Linux kernel, the following vulnerability has been resolved:
KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot
Reject attempts to disable KVM_MEM_GUEST_MEMFD on a memslot that was
initially created with a guest_memfd binding, as KVM doesn't support
toggling KVM_MEM_GUEST_MEMFD on existing memslots.
Linux
Use After Free
Linux Kernel
-
CVE-2025-68809
None
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: vfs: fix race on m_flags in vfs_cache
ksmbd maintains delete-on-close and pending-delete state in
ksmbd_inode->m_flags.
Linux
Industrial
Linux Kernel
-
CVE-2025-68808
None
In the Linux kernel, the following vulnerability has been resolved:
media: vidtv: initialize local pointers upon transfer of memory ownership
vidtv_channel_si_init() creates a temporary list (program, service, event)
and ownership of the memory itself is transferred to the PAT/SDT/EIT
tables through vidtv_psi_pat_program_assign(),
vidtv_psi_sdt_service_assign(), vidtv_psi_eit_event_assign().
Linux
Use After Free
Linux Kernel
-
CVE-2025-68807
None
In the Linux kernel, the following vulnerability has been resolved:
block: fix race between wbt_enable_default and IO submission
When wbt_enable_default() is moved out of queue freezing in elevator_change(),
it can cause the wbt inflight counter to become negative (-1), leading to hung
tasks in the writeback path.
Linux
Linux Kernel
-
CVE-2025-68806
None
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix buffer validation by including null terminator size in EA length
The smb2_set_ea function, which handles Extended Attributes (EA),
was performing buffer validation checks that incorrectly omitted the size
of the null terminating character (+1 byte) for EA Name.
Linux
Linux Kernel
-
CVE-2025-68805
None
In the Linux kernel, the following vulnerability has been resolved:
fuse: fix io-uring list corruption for terminated non-committed requests
When a request is terminated before it has been committed, the request
is not removed from the queue's list.
Linux
Use After Free
Linux Kernel
-
CVE-2025-68804
None
In the Linux kernel, the following vulnerability has been resolved:
platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver
After unbinding the driver, another kthread `cros_ec_console_log_work`
is still accessing the device, resulting an UAF and crash.
Linux
Denial Of Service
Linux Kernel
-
CVE-2025-68803
None
In the Linux kernel, the following vulnerability has been resolved:
NFSD: NFSv4 file creation neglects setting ACL
An NFSv4 client that sets an ACL with a named principal during file
creation retrieves the ACL afterwards, and finds that it is only a
default ACL (based on the mode bits) and not the ACL that was
requested during file creation.
Linux
Linux Kernel
-
CVE-2025-68802
None
In the Linux kernel, the following vulnerability has been resolved:
drm/xe: Limit num_syncs to prevent oversized allocations
The exec and vm_bind ioctl allow userspace to specify an arbitrary
num_syncs value.
Linux
Dns
Linux Kernel
-
CVE-2025-68801
None
In the Linux kernel, the following vulnerability has been resolved:
mlxsw: spectrum_router: Fix neighbour use-after-free
We sometimes observe use-after-free when dereferencing a neighbour [1].
Linux
Use After Free
Linux Kernel
-
CVE-2025-68800
None
In the Linux kernel, the following vulnerability has been resolved:
mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats
Cited commit added a dedicated mutex (instead of RTNL) to protect the
multicast route list, so that it will not change while the driver
periodically traverses it in order to update the kernel about multicast
route stats that were queried from the device.
Linux
Use After Free
Linux Kernel
-
CVE-2025-68799
None
In the Linux kernel, the following vulnerability has been resolved:
caif: fix integer underflow in cffrml_receive()
The cffrml_receive() function extracts a length field from the packet
header and, when FCS is disabled, subtracts 2 from this length without
validating that len >= 2.
Linux
Integer Overflow
Information Disclosure
Linux Kernel
-
CVE-2025-68798
None
In the Linux kernel, the following vulnerability has been resolved:
perf/x86/amd: Check event before enable to avoid GPF
On AMD machines cpuc->events[idx] can become NULL in a subtle race
condition with NMI->throttle->x86_pmu_stop().
Linux
Linux Kernel
-
CVE-2025-68797
None
In the Linux kernel, the following vulnerability has been resolved:
char: applicom: fix NULL pointer dereference in ac_ioctl
Discovered by Atuin - Automated Vulnerability Discovery Engine. In ac_ioctl, the validation of IndexCard and the check for a valid
RamIO pointer are skipped when cmd is 6.
Linux
Null Pointer Dereference
Linux Kernel
-
CVE-2025-68796
None
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to avoid updating zero-sized extent in extent cache
As syzbot reported:
F2FS-fs (loop0): __update_extent_tree_range: extent len is zero, type: 0, extent [0, 0, 0], age [0, 0]
------------[ cut here ]------------
kernel BUG at fs/f2fs/extent_cache.c:678!
Linux
Debian
Linux Kernel
-
CVE-2025-68795
None
In the Linux kernel, the following vulnerability has been resolved:
ethtool: Avoid overflowing userspace buffer on stats query
The ethtool -S command operates across three ioctl calls:
ETHTOOL_GSSET_INFO for the size, ETHTOOL_GSTRINGS for the names, and
ETHTOOL_GSTATS for the values.
Linux
Buffer Overflow
Linux Kernel
-
CVE-2025-68794
None
In the Linux kernel, the following vulnerability has been resolved:
iomap: adjust read range correctly for non-block-aligned positions
iomap_adjust_read_range() assumes that the position and length passed in
are block-aligned.
Linux
Linux Kernel
-
CVE-2025-68793
None
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: fix a job->pasid access race in gpu recovery
Avoid a possible UAF in GPU recovery due to a race between
the sched timeout callback and the tdr work queue.
Linux
Use After Free
Linux Kernel
-
CVE-2025-68792
None
In the Linux kernel, the following vulnerability has been resolved:
tpm2-sessions: Fix out of range indexing in name_size
'name_size' does not have any range checks, and it just directly indexes
with TPM_ALG_ID, which could lead into memory corruption at worst.
Linux
Memory Corruption
Linux Kernel
-
CVE-2025-68791
None
In the Linux kernel, the following vulnerability has been resolved:
fuse: missing copy_finish in fuse-over-io-uring argument copies
Fix a possible reference count leak of payload pages during
fuse argument copies. [Joanne: simplified error cleanup]
Linux
Linux Kernel
-
CVE-2025-68790
None
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Fix double unregister of HCA_PORTS component
Clear hca_devcom_comp in device's private data after unregistering it in
LAG teardown.
Linux
Industrial
Use After Free
Linux Kernel
-
CVE-2025-68789
None
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.
Information Disclosure
-
CVE-2025-68788
None
In the Linux kernel, the following vulnerability has been resolved:
fsnotify: do not generate ACCESS/MODIFY events on child for special files
inotify/fanotify do not allow users with no read access to a file to
subscribe to events (e.g.
Linux
Linux Kernel
-
CVE-2025-68787
None
In the Linux kernel, the following vulnerability has been resolved:
netrom: Fix memory leak in nr_sendmsg()
syzbot reported a memory leak [1]. When function sock_alloc_send_skb() return NULL in nr_output(), the
original skb is not freed, which was allocated in nr_sendmsg().
Linux
Linux Kernel
-
CVE-2025-68786
None
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: skip lock-range check on equal size to avoid size==0 underflow
When size equals the current i_size (including 0), the code used to call
check_lock_range(filp, i_size, size - 1, WRITE), which computes `size - 1`
and can underflow for size==0.
Linux
Linux Kernel
-
CVE-2025-68785
None
In the Linux kernel, the following vulnerability has been resolved:
net: openvswitch: fix middle attribute validation in push_nsh() action
The push_nsh() action structure looks like this:
OVS_ACTION_ATTR_PUSH_NSH(OVS_KEY_ATTR_NSH(OVS_NSH_KEY_ATTR_BASE,...))
The outermost OVS_ACTION_ATTR_PUSH_NSH attribute is OK'ed by the
nla_for_each_nested() inside __ovs_nla_copy_actions().
Linux
Linux Kernel
-
CVE-2025-68784
None
In the Linux kernel, the following vulnerability has been resolved:
xfs: fix a UAF problem in xattr repair
The xchk_setup_xattr_buf function can allocate a new value buffer, which
means that any reference to ab->value before the call could become a
dangling pointer.
Linux
Linux Kernel
-
CVE-2025-68783
None
In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-mixer: us16x08: validate meter packet indices
get_meter_levels_from_urb() parses the 64-byte meter packets sent by
the device and fills the per-channel arrays meter_level[],
comp_level[] and master_level[] in struct snd_us16x08_meter_store.
Linux
Linux Kernel
-
CVE-2025-68782
None
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: Reset t_task_cdb pointer in error case
If allocation of cmd->t_task_cdb fails, it remains NULL but is later
dereferenced in the 'err' path.
Linux
Linux Kernel
-
CVE-2025-68781
None
In the Linux kernel, the following vulnerability has been resolved:
usb: phy: fsl-usb: Fix use-after-free in delayed work during device removal
The delayed work item otg_event is initialized in fsl_otg_conf() and
scheduled under two conditions:
1.
Linux
Use After Free
Race Condition
Linux Kernel
-
CVE-2025-68780
None
In the Linux kernel, the following vulnerability has been resolved:
sched/deadline: only set free_cpus for online runqueues
Commit 16b269436b72 ("sched/deadline: Modify cpudl::free_cpus
to reflect rd->online") introduced the cpudl_set/clear_freecpu
functions to allow the cpu_dl::free_cpus mask to be manipulated
by the deadline scheduler class rq_on/offline callbacks so the
mask would also reflect this state.
Linux
Linux Kernel
-
CVE-2025-68779
None
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Avoid unregistering PSP twice
PSP is unregistered twice in:
_mlx5e_remove -> mlx5e_psp_unregister
mlx5e_nic_cleanup -> mlx5e_psp_unregister
This leads to a refcount underflow in some conditions:
------------[ cut here ]------------
refcount_t: underflow; use-after-free.
Linux
Use After Free
Linux Kernel
-
CVE-2025-68778
None
In the Linux kernel, the following vulnerability has been resolved:
btrfs: don't log conflicting inode if it's a dir moved in the current transaction
We can't log a conflicting inode if it's a directory and it was moved
from one parent directory to another parent directory in the current
transaction, as this can result an attempt to have a directory with
two hard links during log replay, one for the old parent directory and
another for the new parent directory.
Linux
Linux Kernel
-
CVE-2025-68777
None
In the Linux kernel, the following vulnerability has been resolved:
Input: ti_am335x_tsc - fix off-by-one error in wire_order validation
The current validation 'wire_order[i] > ARRAY_SIZE(config_pins)' allows
wire_order[i] to equal ARRAY_SIZE(config_pins), which causes out-of-bounds
access when used as index in 'config_pins[wire_order[i]]'.
Linux
Linux Kernel
-
CVE-2025-68776
None
In the Linux kernel, the following vulnerability has been resolved:
net/hsr: fix NULL pointer dereference in prp_get_untagged_frame()
prp_get_untagged_frame() calls __pskb_copy() to create frame->skb_std
but doesn't check if the allocation failed.
Linux
Debian
Null Pointer Dereference
Denial Of Service
Linux Kernel
-
CVE-2025-68775
None
In the Linux kernel, the following vulnerability has been resolved:
net/handshake: duplicate handshake cancellations leak socket
When a handshake request is cancelled it is removed from the
handshake_net->hn_requests list, but it is still present in the
handshake_rhashtbl until it is destroyed.
Linux
Linux Kernel
-
CVE-2025-68774
None
In the Linux kernel, the following vulnerability has been resolved:
hfsplus: fix missing hfs_bnode_get() in __hfs_bnode_create
When sync() and link() are called concurrently, both threads may
enter hfs_bnode_find() without finding the node in the hash table
and proceed to create it.
Linux
Golang
Linux Kernel
-
CVE-2025-68773
None
In the Linux kernel, the following vulnerability has been resolved:
spi: fsl-cpm: Check length parity before switching to 16 bit mode
Commit fc96ec826bce ("spi: fsl-cpm: Use 16 bit mode for large transfers
with even size") failed to make sure that the size is really even
before switching to 16 bit mode.
Linux
Linux Kernel
-
CVE-2025-68772
None
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to avoid updating compression context during writeback
Bai, Shuangpeng <sjb7183@psu.edu> reported a bug as below:
Oops: divide error: 0000 [#1] SMP KASAN PTI
CPU: 0 UID: 0 PID: 11441 Comm: syz.0.46 Not tainted 6.17.0 #1 PREEMPT(full)
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
RIP: 0010:f2fs_all_cluster_page_ready+0x106/0x550 fs/f2fs/compress.c:857
Call Trace:
<TASK>
f2fs_write_cache_pages fs/f2fs/data.c:3078 [inline]
__f2fs_write_data_pages fs/f2fs/data.c:3290 [inline]
f2fs_write_data_pages+0x1c19/0x3600 fs/f2fs/data.c:3317
do_writepages+0x38e/0x640 mm/page-writeback.c:2634
filemap_fdatawrite_wbc mm/filemap.c:386 [inline]
__filemap_fdatawrite_range mm/filemap.c:419 [inline]
file_write_and_wait_range+0x2ba/0x3e0 mm/filemap.c:794
f2fs_do_sync_file+0x6e6/0x1b00 fs/f2fs/file.c:294
generic_write_sync include/linux/fs.h:3043 [inline]
f2fs_file_write_iter+0x76e/0x2700 fs/f2fs/file.c:5259
new_sync_write fs/read_write.c:593 [inline]
vfs_write+0x7e9/0xe00 fs/read_write.c:686
ksys_write+0x19d/0x2d0 fs/read_write.c:738
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xf7/0x470 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
The bug was triggered w/ below race condition:
fsync setattr ioctl
- f2fs_do_sync_file
- file_write_and_wait_range
- f2fs_write_cache_pages
: inode is non-compressed
: cc.cluster_size =
F2FS_I(inode)->i_cluster_size = 0
- tag_pages_for_writeback
- f2fs_setattr
- truncate_setsize
- f2fs_truncate
- f2fs_fileattr_set
- f2fs_setflags_common
- set_compress_context
: F2FS_I(inode)->i_cluster_size = 4
: set_inode_flag(inode, FI_COMPRESSED_FILE)
- f2fs_compressed_file
: return true
- f2fs_all_cluster_page_ready
: "pgidx % cc->cluster_size" trigger dividing 0 issue
Let's change as below to fix this issue:
- introduce a new atomic type variable .writeback in structure f2fs_inode_info
to track the number of threads which calling f2fs_write_cache_pages().
Linux
Race Condition
Linux Kernel
-
CVE-2025-68771
None
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: fix kernel BUG in ocfs2_find_victim_chain
syzbot reported a kernel BUG in ocfs2_find_victim_chain() because the
`cl_next_free_rec` field of the allocation chain list (next free slot in
the chain list) is 0, triggring the BUG_ON(!cl->cl_next_free_rec)
condition in ocfs2_find_victim_chain() and panicking the kernel.
Linux
Linux Kernel
-
CVE-2025-68770
None
In the Linux kernel, the following vulnerability has been resolved:
bnxt_en: Fix XDP_TX path
For XDP_TX action in bnxt_rx_xdp(), clearing of the event flags is not
correct.
Linux
Linux Kernel
-
CVE-2025-68769
None
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix return value of f2fs_recover_fsync_data()
With below scripts, it will trigger panic in f2fs:
mkfs.f2fs -f /dev/vdd
mount /dev/vdd /mnt/f2fs
touch /mnt/f2fs/foo
sync
echo 111 >> /mnt/f2fs/foo
f2fs_io fsync /mnt/f2fs/foo
f2fs_io shutdown 2 /mnt/f2fs
umount /mnt/f2fs
mount -o ro,norecovery /dev/vdd /mnt/f2fs
or
mount -o ro,disable_roll_forward /dev/vdd /mnt/f2fs
F2FS-fs (vdd): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
F2FS-fs (vdd): Mounted with checkpoint version = 7f5c361f
F2FS-fs (vdd): Stopped filesystem due to reason: 0
F2FS-fs (vdd): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
Filesystem f2fs get_tree() didn't set fc->root, returned 1
------------[ cut here ]------------
kernel BUG at fs/super.c:1761!
Linux
Debian
Linux Kernel
-
CVE-2025-68768
None
In the Linux kernel, the following vulnerability has been resolved:
inet: frags: flush pending skbs in fqdir_pre_exit()
We have been seeing occasional deadlocks on pernet_ops_rwsem since
September in NIPA.
Linux
Denial Of Service
Linux Kernel
-
CVE-2025-68767
None
In the Linux kernel, the following vulnerability has been resolved:
hfsplus: Verify inode mode when loading from disk
syzbot is reporting that S_IFMT bits of inode->i_mode can become bogus when
the S_IFMT bits of the 16bits "mode" field loaded from disk are corrupted.
Linux
macOS
Linux Kernel
-
CVE-2025-67685
LOW
CVSS 3.8
A Server-Side Request Forgery (SSRF) vulnerability [CWE-918] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox 4.4 all versions, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated attacker to proxy internal requests limited to plaintext endpoints only via crafted HTTP requests. [CVSS 3.8 LOW]
Fortinet
SSRF
-
CVE-2025-62182
None
Pega Customer Service Framework versions 8.7.0 versions up to 25.1.0 is affected by unrestricted upload of file with dangerous type.
File Upload
-
CVE-2025-58409
LOW
CVSS 3.5
Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages. [CVSS 3.5 LOW]
Linux
-
CVE-2025-9427
None
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Lemonsoft WordPress add on allows Cross-Site Scripting (XSS).This issue affects WordPress add on: 2025.7.1.
WordPress
XSS
PHP