Skip to main content
CVE-2026-20844 HIGH PATCH This Week

Windows Clipboard Server contains a use-after-free vulnerability affecting Windows 10 (versions 21H2 and 1809) and Windows Server 2022 (23H2) that enables local privilege escalation without requiring user interaction. An attacker with local access can exploit this memory safety flaw to gain elevated system privileges. No patch is currently available for this vulnerability.

Windows Use After Free Windows 10 21h2 Windows 10 1809 Windows Server 2022 23h2 +10
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-37173 HIGH This Week

An improper input handling vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. [CVSS 7.2 HIGH]

Code Injection Arubaos
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-37172 HIGH This Week

Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. [CVSS 7.2 HIGH]

Command Injection Arubaos
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-37171 HIGH This Week

Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. [CVSS 7.2 HIGH]

Command Injection Arubaos
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-37170 HIGH This Week

Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. [CVSS 7.2 HIGH]

Command Injection Arubaos
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-37169 HIGH This Week

A stack overflow vulnerability exists in the AOS-10 web-based management interface of a Mobility Gateway. Successful exploitation could allow an authenticated malicious actor to execute arbitrary code as a privileged user on the underlying operating system. [CVSS 7.2 HIGH]

Stack Overflow Arubaos
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-37175 HIGH This Week

Arbitrary file upload vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. [CVSS 7.2 HIGH]

File Upload RCE Arubaos
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-37174 HIGH This Week

Arubaos contains a vulnerability that allows attackers to an authenticated malicious actor to create or modify arbitrary files and execute (CVSS 7.2).

RCE Arubaos
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-20803 HIGH PATCH This Week

Privilege escalation in SQL Server 2022 and 2025 stems from insufficient authentication controls on critical functions, enabling authenticated network attackers to gain elevated privileges. The vulnerability affects administrators and authenticated users with network access to affected SQL Server instances. No patch is currently available, and exploitation requires high privileges but no user interaction.

MSSQL Sql Server 2022 Sql Server 2025
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-59922 HIGH This Week

An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.4, FortiClientEMS 7.4.0 through 7.4.1, FortiClientEMS 7.2.0 through 7.2.10, FortiClientEMS 7.0 all versions may allow an authenticated attacker with at least read-only admin permission to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests. [CVSS 7.2 HIGH]

Fortinet SQLi Forticlientems
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-71093 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: e1000: fix OOB in e1000_tbi_should_accept() In e1000_tbi_should_accept() we read the last byte of the frame via 'data[length - 1]' to evaluate the TBI workaround.

Linux Information Disclosure Buffer Overflow Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-71101 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing The hp_populate_*_elements_from_package() functions in the hp-bioscfg driver contain out-of-bounds array access vulnerabilities.

Linux HP Buffer Overflow Information Disclosure Linux Kernel +2
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-21219 HIGH PATCH This Week

Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. [CVSS 7.0 HIGH]

Use After Free Windows Software Development Kit
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2026-20863 HIGH PATCH This Week

Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. [CVSS 7.0 HIGH]

Windows Windows 11 24h2 Windows Server 2022 Windows 11 25h2 Windows Server 2022 23h2 +3
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-20842 HIGH PATCH This Week

Use after free in Windows DWM allows an authorized attacker to elevate privileges locally. [CVSS 7.0 HIGH]

Windows Use After Free Windows Server 2022 23h2 Windows 11 25h2 Windows Server 2025 +6
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-20836 HIGH PATCH This Week

Privilege escalation in the Graphics Kernel on Windows 11 and Linux systems results from improper synchronization of concurrent access to shared resources, allowing authenticated local attackers to gain elevated privileges. The vulnerability requires specific timing conditions to exploit but impacts multiple Windows versions and Linux distributions. No patch is currently available for this race condition vulnerability.

Linux Industrial Race Condition Windows 11 23h2 Windows 11 24h2 +11
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-20814 HIGH PATCH This Week

Privilege escalation in the Graphics Kernel affects Linux, Windows Server 2016, and Windows 10 1607 through a race condition in shared resource synchronization. A local authenticated attacker can exploit this vulnerability to gain elevated privileges on the affected system. No patch is currently available for this vulnerability.

Linux Industrial Race Condition Windows Server 2016 Windows 10 1607 +11
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-20808 HIGH PATCH This Week

Privilege escalation in Windows Printer Association Object affects Windows 11 and Windows Server 2022/2025 through a race condition in shared resource access. An authenticated local attacker can exploit improper synchronization to gain elevated system privileges. No patch is currently available for this vulnerability.

Race Condition Windows Server 2025 Windows 11 25h2 Windows 11 24h2 Windows Server 2022 23h2 +1
NVD
CVSS 3.1
7.0
EPSS
0.0%
Prev Page 5 of 5

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy