Skip to main content
CVE-2026-21523 HIGH PATCH This Week

Authenticated users can exploit a race condition in GitHub Copilot and Visual Studio Code to execute arbitrary code remotely by manipulating file state between verification and use. This vulnerability affects users with network access to these development tools and requires user interaction to trigger. No patch is currently available to address this high-severity flaw.

Github Race Condition AI / ML Visual Studio Code
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-30513 HIGH This Week

Race condition for some TDX Module within Ring 0: Hypervisor may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation of privilege. [CVSS 7.9 HIGH]

Privilege Escalation Race Condition
NVD VulDB
CVSS 3.1
7.9
EPSS
0.0%
CVE-2026-20841 HIGH PATCH This Week

Local code execution in Windows Notepad stems from inadequate sanitization of command metacharacters, enabling authenticated users to execute arbitrary commands through specially crafted input. The vulnerability requires user interaction and local access, making it exploitable by attackers with limited system privileges. No patch is currently available.

Windows Command Injection Windows Notepad Microsoft
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-55018 MEDIUM CISA This Month

An inconsistent interpretation of http requests ('http request smuggling') vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow an unauthenticated attacker to smuggle an unlogged http request through the firewall policies via a specially crafted header [CVSS 5.8 MEDIUM]

Fortinet Request Smuggling Information Disclosure
NVD
CVSS 3.1
5.8
EPSS
0.1%
CVE-2026-21349 HIGH This Week

Arbitrary code execution in Adobe Lightroom Desktop 15.1 and earlier via an out-of-bounds write vulnerability when users open malicious files. Local exploitation requires user interaction but executes with the privileges of the current user. No patch is currently available.

Buffer Overflow RCE Lightroom
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21352 HIGH This Week

Arbitrary code execution in DNG SDK 1.7.1 build 2410 and earlier via out-of-bounds write when processing malicious DNG files. An attacker can achieve code execution with user privileges by tricking a victim into opening a specially crafted file. No patch is currently available for this vulnerability.

Buffer Overflow RCE Dng Software Development Kit
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21346 HIGH This Week

Arbitrary code execution in Bridge 15.1.3, 16.0.1 and earlier through an out-of-bounds write vulnerability triggered when users open malicious files. An attacker can execute commands with the privileges of the affected user, though exploitation requires social engineering to convince a victim to open a crafted file. No patch is currently available.

Buffer Overflow RCE Bridge
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21341 HIGH This Week

Arbitrary code execution in Substance 3D Stager 3.1.6 and earlier via an out-of-bounds write vulnerability allows local attackers to execute arbitrary code with user privileges when a victim opens a malicious file. The vulnerability requires user interaction but no special privileges, making it practical to exploit through social engineering. No patch is currently available.

Buffer Overflow RCE Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21353 HIGH This Week

Arbitrary code execution in DNG SDK 1.7.1 2410 and earlier stems from an integer overflow vulnerability that executes with user privileges when a victim opens a crafted file. The local attack vector requires user interaction but carries high impact across confidentiality, integrity, and availability with no patch currently available.

Integer Overflow Dng Software Development Kit
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21347 HIGH This Week

Arbitrary code execution in Bridge versions 15.1.3, 16.0.1 and earlier results from an integer overflow vulnerability that executes with user privileges when a victim opens a malicious file. The flaw requires user interaction but carries a high severity rating with no available patch, leaving affected systems vulnerable to immediate compromise.

Integer Overflow Bridge
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21345 HIGH This Week

Code execution in Substance 3D Stager 3.1.6 and earlier through a crafted file that triggers an out-of-bounds memory read during parsing. An attacker can exploit this vulnerability by tricking a user into opening a malicious file, achieving arbitrary code execution with the victim's privileges. No patch is currently available for this vulnerability.

Buffer Overflow Information Disclosure Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21344 HIGH This Week

Substance 3D Stager 3.1.6 and earlier contains an out-of-bounds read vulnerability in file parsing that allows arbitrary code execution when a victim opens a malicious crafted file. The vulnerability affects local users and requires user interaction to exploit, making social engineering a viable attack vector. No patch is currently available for this high-severity flaw.

Buffer Overflow Information Disclosure Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21343 HIGH This Week

Code execution in Substance 3D Stager 3.1.6 and earlier results from an out-of-bounds read vulnerability in malformed file parsing that allows attackers to corrupt memory and execute arbitrary code within the user's context. The vulnerability requires user interaction, as victims must open a specially crafted file to trigger exploitation. No patch is currently available for this high-severity flaw.

Buffer Overflow Information Disclosure Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21238 HIGH PATCH This Week

Privilege escalation in the Windows Ancillary Function Driver for WinSock affects Windows 11 and Windows Server 2022/2019, allowing authenticated local users to gain elevated system privileges. The vulnerability stems from improper access control mechanisms and currently lacks a patch. An authenticated attacker with local access can exploit this to achieve full system compromise.

Windows Windows 11 23h2 Windows Server 2022 23h2 Windows 11 25h2 Windows Server 2019 +10
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21251 HIGH PATCH This Week

Privilege escalation in Windows Cluster Client Failover exploits a use-after-free memory vulnerability, enabling authenticated local users to gain elevated system privileges. The flaw affects Windows Server 2016, 2019, and 2025 installations where an attacker with existing local access can trigger the vulnerability through the failover clustering component. No patch is currently available for this high-severity vulnerability.

Windows Use After Free Windows Server 2019 Windows Server 2025 Windows Server 2016 +3
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21250 HIGH POC PATCH This Week

Windows HTTP.sys contains an unsafe pointer dereference vulnerability that enables authenticated local attackers to escalate privileges on affected systems including Windows 11, Windows Server 2025, and related versions. An attacker with local user access can exploit this flaw to gain system-level privileges with high confidence in successful exploitation. No patch is currently available for this vulnerability.

Windows Windows Server 2025 Windows 11 24h2 Windows Server 2022 23h2 Windows 11 25h2 +1
NVD Exploit-DB VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21245 HIGH PATCH This Week

Windows Kernel heap overflow in Windows 11 25h2 and Windows Server 2025 enables authenticated local attackers to achieve privilege escalation with high impact on confidentiality, integrity, and availability. The vulnerability requires local access and user privileges but no user interaction, making it a practical attack vector for lateral movement within systems. No patch is currently available, leaving affected systems exposed until remediation is released.

Linux Windows Buffer Overflow Heap Overflow Windows 11 25h2 +3
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21239 HIGH PATCH This Week

Privilege escalation via heap buffer overflow in Windows Kernel (Windows 10 21H2, Windows Server 2016) allows authenticated local users to gain elevated system privileges. The vulnerability requires local access and user-level permissions, making it exploitable by authorized account holders to bypass security boundaries. No patch is currently available for this issue.

Linux Windows Buffer Overflow Heap Overflow Windows 10 21h2 +13
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21236 HIGH PATCH This Week

Windows Ancillary Function Driver for WinSock contains a heap buffer overflow vulnerability that enables authenticated local users to achieve privilege escalation on affected Windows 10 and Server 2012 systems. An attacker with valid user credentials can exploit this memory corruption flaw to execute arbitrary code with elevated privileges. No patch is currently available for this vulnerability.

Windows Buffer Overflow Heap Overflow Windows 10 1607 Windows 10 21h2 +12
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21232 HIGH PATCH This Week

Windows HTTP.sys contains an untrusted pointer dereference vulnerability that enables authenticated local users to escalate privileges on Windows 11 and Windows Server 2022/2025 systems. An attacker with valid credentials can exploit this flaw to gain elevated access without user interaction. No patch is currently available for this HIGH severity issue affecting multiple Windows versions.

Windows Windows 11 25h2 Windows Server 2022 23h2 Windows 11 24h2 Windows Server 2025 +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21259 HIGH PATCH This Week

Privilege escalation in Microsoft Office Excel (including 365 Apps and Long Term Servicing Channel) via heap-based buffer overflow allows local attackers with user interaction to gain elevated system privileges. The vulnerability affects multiple Office product lines and currently lacks a security patch. With a CVSS score of 7.8, this poses a significant risk to organizations using affected Excel versions.

Microsoft Buffer Overflow Heap Overflow Office Long Term Servicing Channel 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21231 HIGH PATCH This Week

Windows Kernel privilege escalation vulnerability in Windows 10 21H2 and Windows Server 2012 stems from improper synchronization of concurrent access to shared resources, enabling local authenticated users to gain elevated system privileges. The race condition can be triggered without user interaction and impacts confidentiality, integrity, and availability of the affected system. No patch is currently available.

Linux Windows Race Condition Windows 10 21h2 Windows Server 2012 +12
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21240 HIGH PATCH This Week

Windows HTTP.sys contains a race condition between privilege checks and resource access that enables local authenticated users to escalate privileges on Windows 10 21H2, Windows 11 23H2, and Windows Server 2025. An attacker with valid credentials can exploit this timing vulnerability to gain system-level access. No patch is currently available for this vulnerability.

Windows Race Condition Windows 10 21h2 Windows 11 23h2 Windows Server 2025 +8
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-25506 HIGH PATCH This Week

Cryptographic key disclosure and credential forgery in MUNGE 0.5 through 0.5.17 lets a local user extract munged's MAC subkey from process memory and forge arbitrary credentials. By sending a crafted message with an oversized address-length field, an attacker triggers an out-of-bounds write that corrupts munged's internal state and leaks the key used to validate credentials, enabling impersonation of any user including root across every service that trusts MUNGE for authentication. EPSS is very low (0.02%) and there is no public exploit identified at time of analysis, but MUNGE's role as a cluster trust anchor makes the impact severe wherever it is deployed.

Buffer Overflow Munge Debian Linux Memory Corruption
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21246 HIGH PATCH This Week

Privilege escalation in Microsoft Graphics Component on Windows 11 24H2 and Windows 10 21H2 exploits a heap buffer overflow to allow authenticated local attackers to gain system-level access. The vulnerability requires local access and user interaction is not required, presenting a significant risk in multi-user environments. No patch is currently available.

Microsoft Industrial Buffer Overflow Heap Overflow Windows 11 24h2 +12
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21325 HIGH This Week

Arbitrary code execution in Adobe After Effects 25.6 and earlier results from an out-of-bounds read vulnerability triggered when parsing specially crafted files. An attacker can exploit this by tricking users into opening a malicious file, gaining execution privileges within the victim's user context. No patch is currently available for this vulnerability.

Buffer Overflow Information Disclosure After Effects
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21324 HIGH This Week

Code execution in Adobe After Effects 25.6 and earlier through out-of-bounds memory reads when processing malicious files. An attacker can exploit this vulnerability to execute arbitrary code with user privileges by tricking victims into opening a crafted file. No patch is currently available for this vulnerability.

Buffer Overflow Information Disclosure After Effects
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21322 HIGH This Week

Out-of-bounds memory reads in Adobe After Effects 25.6 and earlier enable arbitrary code execution when users open specially crafted files. An attacker can exploit this parsing vulnerability by delivering a malicious file that triggers a read past allocated buffer boundaries, executing code with the privileges of the affected user. No patch is currently available for this high-severity vulnerability that requires user interaction to exploit.

Buffer Overflow Information Disclosure After Effects
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21351 HIGH This Week

Arbitrary code execution in Adobe After Effects 25.6 and earlier through a use-after-free memory vulnerability requires user interaction to open a specially crafted file. An attacker can exploit this flaw to execute malicious code with the privileges of the affected user. No patch is currently available.

Use After Free After Effects
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21329 HIGH This Week

Arbitrary code execution in Adobe After Effects 25.6 and earlier via a use-after-free memory vulnerability that executes with user privileges when opening a malicious file. The vulnerability requires user interaction but has no available patch, leaving affected systems at risk from social engineering attacks delivering weaponized project files.

Use After Free After Effects
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21326 HIGH This Week

Arbitrary code execution in Adobe After Effects 25.6 and earlier through a use-after-free memory vulnerability requires victims to open a malicious file. An attacker can execute commands with the privileges of the affected user without requiring special permissions. No patch is currently available for this high-severity vulnerability.

Use After Free After Effects
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21323 HIGH This Week

Arbitrary code execution in Adobe After Effects versions 25.6 and earlier through a use-after-free vulnerability that requires a user to open a malicious file. An attacker can execute arbitrary code with the privileges of the affected user by crafting a specially designed file. No patch is currently available.

Use After Free After Effects
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21320 HIGH This Week

Arbitrary code execution in Adobe After Effects 25.6 and earlier through a use-after-free flaw allows attackers to execute commands with user privileges when a victim opens a crafted file. The vulnerability requires user interaction but poses high risk to creative professionals and design teams. No patch is currently available.

Use After Free After Effects
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21342 HIGH This Week

Arbitrary code execution in Substance 3D Stager 3.1.6 and earlier results from an out-of-bounds write vulnerability that executes with user privileges. An attacker can exploit this by crafting a malicious file that, when opened by a victim, triggers the memory corruption and executes arbitrary code. No patch is currently available, making user education about untrusted files critical for mitigation.

Buffer Overflow RCE Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21335 HIGH This Week

Arbitrary code execution in Substance 3D Designer 15.1.0 and earlier via an out-of-bounds write vulnerability that triggers when users open a crafted malicious file. This local attack requires user interaction but executes with the privileges of the affected user, and no patch is currently available.

Buffer Overflow RCE Substance 3d Designer
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21334 HIGH This Week

Arbitrary code execution in Substance 3D Designer 15.1.0 and earlier through an out-of-bounds write vulnerability that requires a user to open a malicious file. An attacker can execute code with the privileges of the targeted user by crafting a specially designed file. No patch is currently available for this high-severity vulnerability.

Buffer Overflow RCE Substance 3d Designer
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21328 HIGH This Week

Arbitrary code execution in Adobe After Effects 25.6 and earlier via out-of-bounds write vulnerability when users open malicious files. This local attack requires user interaction but grants the attacker full execution privileges within the victim's session. No patch is currently available.

Buffer Overflow RCE After Effects
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21327 HIGH This Week

Arbitrary code execution in Adobe After Effects 25.6 and earlier through out-of-bounds write vulnerability (CWE-787) when processing malicious files. An attacker can execute code with user privileges by convincing a victim to open a specially crafted file, with no patch currently available.

Buffer Overflow RCE After Effects
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21318 HIGH This Week

Arbitrary code execution in Adobe After Effects 25.6 and earlier via out-of-bounds write when processing malicious files. An attacker can achieve code execution with user privileges by tricking a victim into opening a crafted file. No patch is currently available.

Buffer Overflow RCE After Effects
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21312 HIGH This Week

Arbitrary code execution in Adobe Audition 25.3 and earlier through a local out-of-bounds write vulnerability that requires victims to open a specially crafted file. The vulnerability impacts all users running affected versions and allows attackers to execute code with the privileges of the current user. No patch is currently available.

Buffer Overflow RCE Audition
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21357 HIGH This Week

Arbitrary code execution in Adobe InDesign versions 21.1, 20.5.1, and earlier through a heap buffer overflow vulnerability triggered by opening a malicious file. The vulnerability requires user interaction and executes with the privileges of the current user, with no patch currently available. Local attackers can leverage this to achieve code execution on affected systems.

Adobe Buffer Overflow Heap Overflow Indesign
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21330 HIGH This Week

Arbitrary code execution in Adobe After Effects 25.6 and earlier through type confusion allows attackers to execute malicious code with user privileges when a victim opens a crafted file. The vulnerability requires user interaction but poses a significant risk to creative professionals and organizations using affected versions. No patch is currently available.

Buffer Overflow RCE After Effects
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21321 HIGH This Week

Arbitrary code execution in Adobe After Effects 25.6 and earlier through an integer overflow vulnerability affecting file processing. An attacker can exploit this by crafting a malicious file that, when opened by a user, executes code with the privileges of the current user. No patch is currently available for this high-severity vulnerability.

Integer Overflow After Effects
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-25655 HIGH This Week

Arbitrary code execution in Siemens SINEC NMS versions prior to V4.0 SP2 can be achieved when a low-privileged user modifies configuration files to load malicious DLLs, resulting in administrative privilege execution. This local vulnerability affects all current deployments and currently has no available patch. An authenticated attacker with local access can exploit this to gain full system compromise.

Privilege Escalation RCE Sinec Nms
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23715 HIGH This Week

Arbitrary code execution in Simcenter Femap and Nastran versions prior to V2512 results from an out-of-bounds write flaw triggered by parsing malicious XDB files. Local attackers with user interaction can exploit this vulnerability to execute arbitrary code with the privileges of the affected application. No patch is currently available for this high-severity vulnerability.

Buffer Overflow Simcenter Nastran Simcenter Femap
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-15310 HIGH This Week

Endpoint Configuration Toolset Solution is affected by improper link resolution before file access (CVSS 7.8).

Privilege Escalation Endpoint Configuration Toolset Solution Patch Endpoint Tools
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-22923 HIGH This Week

Nx versions prior to V2512 contain an insufficient input validation flaw in the PDF export functionality that permits local attackers to corrupt internal data structures and achieve arbitrary code execution. An attacker with local file system access can exploit this vulnerability to manipulate the export process and gain code execution privileges. No patch is currently available for this vulnerability.

Buffer Overflow RCE Nx
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-11547 HIGH This Week

AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user. [CVSS 7.8 HIGH]

Privilege Escalation Camera Station Pro
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23720 HIGH This Week

Code execution in Simcenter Femap and Nastran versions prior to V2512 results from an out-of-bounds read flaw triggered when parsing malicious NDB files. A local attacker with user interaction can exploit this vulnerability to execute arbitrary code with the privileges of the affected application. No patch is currently available for this vulnerability.

Buffer Overflow Information Disclosure Simcenter Nastran Simcenter Femap
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23719 HIGH This Week

Heap-based buffer overflow in Simcenter Femap and Nastran versions prior to V2512 allows local attackers to achieve arbitrary code execution by crafting malicious NDB files. The vulnerability requires user interaction to trigger and affects all current versions of both products. No patch is currently available, leaving affected systems at risk of privilege escalation and system compromise.

Buffer Overflow Heap Overflow Simcenter Femap Simcenter Nastran
NVD
CVSS 3.1
7.8
EPSS
0.0%
Prev Page 2 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy