Skip to main content
CVE-2026-22868 HIGH PATCH This Week

Go Ethereum (geth) nodes can be remotely crashed through maliciously crafted network messages, causing denial of service to affected network participants. An unauthenticated attacker on the network can exploit this vulnerability without user interaction to force vulnerable nodes offline. A patch is available in version 1.16.8 and later.

Golang Denial Of Service Go Ethereum Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-22862 HIGH PATCH This Week

Go Ethereum nodes can be remotely crashed by unauthenticated attackers sending specially crafted network messages, resulting in denial of service. This network-based attack requires no user interaction and affects Golang and Go Ethereum implementations prior to version 1.16.8. A patch is available to remediate this high-severity vulnerability.

Golang Denial Of Service Go Ethereum Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-68931 HIGH PATCH This Week

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation. [CVSS 7.5 HIGH]

Jenkins Jervis
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-37166 HIGH This Week

A vulnerability affecting HPE Networking Instant On Access Points has been identified where a device processing a specially crafted packet could enter a non-responsive state, in some cases requiring a hard reset to re-establish services. [CVSS 7.5 HIGH]

Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-20965 HIGH PATCH This Week

Windows Admin Center fails to properly validate cryptographic signatures, enabling high-privileged users to bypass security controls and gain elevated system access on local machines. This vulnerability affects both Windows and Windows Admin Center installations and requires an authenticated attacker with administrative credentials to exploit. No patch is currently available for this issue.

Windows Windows Admin Center
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-68701 HIGH PATCH This Week

Jervis versions up to 2.2 is affected by use of a broken or risky cryptographic algorithm (CVSS 7.5).

Jenkins Jervis
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-68702 HIGH PATCH This Week

Jervis versions up to 2.2 is affected by use of a broken or risky cryptographic algorithm (CVSS 7.5).

Jenkins Jervis
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-46685 HIGH This Week

Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. [CVSS 7.5 HIGH]

Information Disclosure Dell Supportassist Os Recovery
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-68703 HIGH PATCH This Week

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the salt is derived from sha256Sum(passphrase). [CVSS 7.5 HIGH]

Jenkins Jervis
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-68698 HIGH PATCH This Week

Jervis versions up to 2.2 is affected by use of a broken or risky cryptographic algorithm (CVSS 7.5).

Jenkins Jervis
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-21265 MEDIUM PATCH This Month

Windows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. [CVSS 6.4 MEDIUM]

Microsoft Windows Windows 10 22h2 Windows 10 1607 Windows 11 25h2 +10
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2026-20853 HIGH PATCH This Week

Windows WalletService contains a race condition that permits local privilege escalation on Windows 10 and Windows 11 systems. An unauthenticated attacker with local access can exploit improper synchronization of shared resources to gain elevated privileges. No patch is currently available for this vulnerability.

Windows Race Condition Windows 11 23h2 Windows 11 25h2 Windows 10 22h2 +5
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-20844 HIGH PATCH This Week

Windows Clipboard Server contains a use-after-free vulnerability affecting Windows 10 (versions 21H2 and 1809) and Windows Server 2022 (23H2) that enables local privilege escalation without requiring user interaction. An attacker with local access can exploit this memory safety flaw to gain elevated system privileges. No patch is currently available for this vulnerability.

Windows Use After Free Windows 10 21h2 Windows 10 1809 Windows Server 2022 23h2 +10
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-37173 HIGH This Week

An improper input handling vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. [CVSS 7.2 HIGH]

Code Injection Arubaos
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-37172 HIGH This Week

Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. [CVSS 7.2 HIGH]

Command Injection Arubaos
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-37171 HIGH This Week

Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. [CVSS 7.2 HIGH]

Command Injection Arubaos
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-37170 HIGH This Week

Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. [CVSS 7.2 HIGH]

Command Injection Arubaos
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-37169 HIGH This Week

A stack overflow vulnerability exists in the AOS-10 web-based management interface of a Mobility Gateway. Successful exploitation could allow an authenticated malicious actor to execute arbitrary code as a privileged user on the underlying operating system. [CVSS 7.2 HIGH]

Stack Overflow Arubaos
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-37175 HIGH This Week

Arbitrary file upload vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. [CVSS 7.2 HIGH]

File Upload RCE Arubaos
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-37174 HIGH This Week

Arubaos contains a vulnerability that allows attackers to an authenticated malicious actor to create or modify arbitrary files and execute (CVSS 7.2).

RCE Arubaos
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-20803 HIGH PATCH This Week

Privilege escalation in SQL Server 2022 and 2025 stems from insufficient authentication controls on critical functions, enabling authenticated network attackers to gain elevated privileges. The vulnerability affects administrators and authenticated users with network access to affected SQL Server instances. No patch is currently available, and exploitation requires high privileges but no user interaction.

MSSQL Sql Server 2022 Sql Server 2025
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-59922 HIGH This Week

An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.4, FortiClientEMS 7.4.0 through 7.4.1, FortiClientEMS 7.2.0 through 7.2.10, FortiClientEMS 7.0 all versions may allow an authenticated attacker with at least read-only admin permission to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests. [CVSS 7.2 HIGH]

Fortinet SQLi Forticlientems
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-20851 MEDIUM PATCH This Month

Information disclosure in Windows Capability Access Management Service (camsvc) enables local attackers to read sensitive data from memory without authentication on Windows 11 24h2, Windows 11 25h2, and Windows Server 2025. The out-of-bounds read vulnerability requires local access but no special privileges or user interaction to trigger. No patch is currently available for this issue.

Buffer Overflow Information Disclosure Windows 11 24h2 Windows Server 2025 Windows 11 25h2 +1
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-71093 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: e1000: fix OOB in e1000_tbi_should_accept() In e1000_tbi_should_accept() we read the last byte of the frame via 'data[length - 1]' to evaluate the TBI workaround.

Linux Information Disclosure Buffer Overflow Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-71101 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing The hp_populate_*_elements_from_package() functions in the hp-bioscfg driver contain out-of-bounds array access vulnerabilities.

Linux HP Buffer Overflow Information Disclosure Linux Kernel +2
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-21219 HIGH PATCH This Week

Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. [CVSS 7.0 HIGH]

Use After Free Windows Software Development Kit
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2026-20863 HIGH PATCH This Week

Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. [CVSS 7.0 HIGH]

Windows Windows 11 24h2 Windows Server 2022 Windows 11 25h2 Windows Server 2022 23h2 +3
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-20842 HIGH PATCH This Week

Use after free in Windows DWM allows an authorized attacker to elevate privileges locally. [CVSS 7.0 HIGH]

Windows Use After Free Windows Server 2022 23h2 Windows 11 25h2 Windows Server 2025 +6
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-20836 HIGH PATCH This Week

Privilege escalation in the Graphics Kernel on Windows 11 and Linux systems results from improper synchronization of concurrent access to shared resources, allowing authenticated local attackers to gain elevated privileges. The vulnerability requires specific timing conditions to exploit but impacts multiple Windows versions and Linux distributions. No patch is currently available for this race condition vulnerability.

Linux Industrial Race Condition Windows 11 23h2 Windows 11 24h2 +11
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-20814 HIGH PATCH This Week

Privilege escalation in the Graphics Kernel affects Linux, Windows Server 2016, and Windows 10 1607 through a race condition in shared resource synchronization. A local authenticated attacker can exploit this vulnerability to gain elevated privileges on the affected system. No patch is currently available for this vulnerability.

Linux Industrial Race Condition Windows Server 2016 Windows 10 1607 +11
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-20808 HIGH PATCH This Week

Privilege escalation in Windows Printer Association Object affects Windows 11 and Windows Server 2022/2025 through a race condition in shared resource access. An authenticated local attacker can exploit improper synchronization to gain elevated system privileges. No patch is currently available for this vulnerability.

Race Condition Windows Server 2025 Windows 11 25h2 Windows 11 24h2 Windows Server 2022 23h2 +1
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-20876 MEDIUM PATCH This Month

Privilege escalation in Windows Virtualization-Based Security (VBS) Enclave affects Windows 11 and Windows Server 2022 through a heap-based buffer overflow in memory management. An authenticated local attacker with high privileges can exploit this vulnerability to gain unauthorized system-level access. No patch is currently available for this medium-severity vulnerability (CVSS 6.7).

Windows Buffer Overflow Heap Overflow Windows Server 2022 23h2 Windows 11 25h2 +4
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-0496 MEDIUM This Month

SAP Fiori App Intercompany Balance Reconciliation contains an unrestricted file upload vulnerability that permits high-privileged attackers to upload malicious files, including scripts, due to insufficient file format validation. While the direct impact on confidentiality, integrity, and availability is limited, this flaw could enable attackers with administrative access to compromise application functionality or escalate their capabilities. No patch is currently available for this vulnerability.

SAP
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-46684 MEDIUM This Month

Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information Tampering. [CVSS 6.6 MEDIUM]

Information Disclosure Dell Supportassist Os Recovery
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-58693 MEDIUM This Month

An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 allows a privileged attacker to delete files from the underlying filesystem via crafted HTTP or HTTPs requests. [CVSS 6.5 MEDIUM]

Fortinet Path Traversal Fortivoice
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-20925 MEDIUM PATCH This Month

Windows NTLM authentication across multiple Windows versions (10, Server 2008/2019) allows remote attackers to manipulate file name or path parameters without authentication, enabling network-based identity spoofing attacks. The vulnerability requires user interaction and has no available patch, affecting systems still running older Windows Server editions alongside current Windows 10 releases. An attacker could impersonate legitimate services or users to compromise trust in networked communications.

Windows Windows 10 22h2 Windows Server 2008 Windows 10 1607 Windows Server 2019 +11
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-37177 MEDIUM This Month

An arbitrary file deletion vulnerability has been identified in the command-line interface of mobility conductors running either AOS-10 or AOS-8 operating systems. [CVSS 6.5 MEDIUM]

Path Traversal Information Disclosure Arubaos
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-20872 MEDIUM PATCH This Month

Windows NTLM authentication is vulnerable to path manipulation attacks that enable network-based spoofing when users interact with malicious content, affecting Windows 10 22H2 and Windows Server editions 2008-2016. An unauthenticated attacker can exploit improper file name or path validation to impersonate legitimate systems or services, potentially redirecting authentication requests to attacker-controlled resources. No patch is currently available for this vulnerability.

Microsoft Authentication Bypass Windows
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-20847 MEDIUM PATCH This Month

Windows Shell information disclosure in Windows 10, 11, and Server 2019/2022 permits authenticated network attackers to conduct spoofing attacks by accessing sensitive data. The vulnerability requires valid credentials and network access, with no active exploits currently documented. No patch is available at this time.

Windows Windows 10 1607 Windows 11 23h2 Windows Server 2019 Windows Server 2022 +11
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-0543 MEDIUM This Month

Kibana's Email Connector fails to properly validate email address parameters, allowing authenticated users with view-level privileges to trigger excessive resource allocation and crash the service. An attacker can exploit this input validation flaw by submitting a specially crafted email address to cause complete denial of service, requiring manual service restart to restore availability for all users. No patch is currently available.

Code Injection Kibana Red Hat
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-37176 MEDIUM This Month

A command injection vulnerability in AOS-8 allows an authenticated privileged user to alter a package header to inject shell commands, potentially affecting the execution of internal operations. [CVSS 6.5 MEDIUM]

Command Injection Arubaos
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-20812 MEDIUM PATCH This Month

Windows LDAP input validation bypass in Windows 10 21H2, Windows 11 24H2, and Windows Server 2022 23H2 enables authenticated network attackers to modify data integrity without detection. The vulnerability requires valid credentials and network access but does not provide elevation of privilege or confidentiality breaches. No patch is currently available for this medium-severity issue.

Windows LDAP Windows 10 21h2 Windows 11 24h2 Windows Server 2022 23h2 +10
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-0531 MEDIUM This Month

Kibana Fleet is vulnerable to denial of service through uncontrolled resource allocation when processing specially crafted bulk retrieval requests, allowing authenticated users with viewer-level privileges to exhaust server memory and crash the application. An attacker can trigger redundant database operations that consume resources without limits, rendering the service unavailable to all users. No patch is currently available for this vulnerability.

Denial Of Service Kibana Red Hat
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-0530 MEDIUM This Month

Kibana Fleet fails to limit resource allocation when processing specially crafted requests, allowing authenticated attackers to trigger excessive CPU and memory consumption that degrades or completely disables the service. The vulnerability affects Kibana deployments where users have authentication access, and no patch is currently available to remediate the issue.

Denial Of Service Kibana Red Hat
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-0528 MEDIUM PATCH This Month

Denial of Service in Prometheus and Kibana metricsets can be triggered by sending specially crafted malformed payloads to Graphite, Zookeeper, or Prometheus data sources due to improper array index validation and input validation flaws. An unauthenticated attacker on the network can exploit this to crash monitoring services without user interaction. No patch is currently available.

Prometheus Denial Of Service Kibana Suse
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-20835 MEDIUM PATCH This Month

Information disclosure in Windows Capability Access Management Service (camsvc) allows authenticated local users to read out-of-bounds memory and access sensitive data on Windows 11 24h2, Windows 11 25h2, Windows Server 2022 23h2, and Windows Server 2025. The vulnerability requires valid user credentials and local system access, posing a risk to multi-user environments where privilege escalation chains could amplify the impact. No patch is currently available.

Buffer Overflow Information Disclosure Windows 11 24h2 Windows Server 2025 Windows Server 2022 23h2 +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20824 MEDIUM PATCH This Month

Windows Remote Assistance contains a protection mechanism bypass that allows local attackers to circumvent a security feature without user interaction, affecting Windows 11 24h2, Windows Server 2012, 2022, and 2025. The vulnerability requires local access and user interaction to exploit, with potential impact limited to information disclosure. No patch is currently available for this medium-severity issue.

Windows Windows Server 2012 Windows Server 2025 Windows 11 24h2 Windows Server 2022 23h2 +10
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-0885 MEDIUM PATCH This Month

Memory corruption in Firefox and Thunderbird's JavaScript garbage collection engine allows remote attackers to crash the application or potentially leak sensitive information without user interaction. The vulnerability affects Firefox versions below 147, Firefox ESR below 140.7, Thunderbird below 147, and Thunderbird ESR below 140.7, with no patch currently available.

Use After Free Memory Corruption Mozilla Information Disclosure
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-55462 MEDIUM This Month

A CORS misconfiguration in Eramba Community and Enterprise Editions v3.26.0 allows an attacker-controlled Origin header to be reflected in the Access-Control-Allow-Origin response along with Access-Control-Allow-Credentials: true. [CVSS 6.5 MEDIUM]

Information Disclosure Eramba Cors Misconfiguration
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-59020 MEDIUM PATCH This Month

By exploiting the defVals parameter, attackers could bypass field‑level access checks during record creation in the TYPO3 backend. [CVSS 6.5 MEDIUM]

Typo3
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
Prev Page 6 of 9 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy