Skip to main content
CVE-2026-21218 HIGH PATCH This Week

.NET applications are vulnerable to spoofing attacks due to improper validation of a required security element, allowing unauthenticated remote attackers to forge or manipulate application data over the network. This vulnerability affects multiple .NET versions and currently has no available patch, exposing organizations to authentication bypass and data integrity risks. The attack requires no user interaction and can be exploited directly from the network.

.NET .Net
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-22453 HIGH This Week

Improper input validation for some Server Firmware Update Utility(SysFwUpdt) before version 16.0.12 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable local code execution. [CVSS 7.5 HIGH]

Privilege Escalation
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-2093 HIGH This Week

Unauthenticated attackers can exploit SQL injection in Flowring's Docpedia to execute arbitrary database queries and extract sensitive information without authentication. The vulnerability requires no user interaction and is remotely accessible over the network, presenting a critical risk to all deployments. No patch is currently available to remediate this issue.

SQLi
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-21247 HIGH PATCH This Week

Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally. [CVSS 7.3 HIGH]

Windows Hyper-V Windows 11 24h2 Windows 10 22h2 Windows Server 2022 +10
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-21235 HIGH PATCH This Week

Privilege escalation in Microsoft Graphics Component via use-after-free memory corruption affects Windows Server 2019 and 2012, allowing authenticated local attackers to gain elevated system privileges with user interaction. The vulnerability poses a significant risk in industrial environments where Windows Server hosts critical infrastructure. No patch is currently available for this high-severity issue.

Microsoft Industrial Use After Free Windows Server 2019 Windows Server 2012 +7
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-21248 HIGH POC PATCH This Week

Heap overflow in Windows Hyper-V enables authenticated local users to achieve arbitrary code execution with high privileges on affected Windows and Windows Server systems. An attacker with local access and user-level permissions can trigger memory corruption through user interaction to compromise system integrity and confidentiality. This vulnerability affects Windows 10 1809, Windows Server 2025, and related Hyper-V implementations with no patch currently available.

Windows Hyper-V Buffer Overflow Heap Overflow Windows Server 2025 +12
NVD Exploit-DB VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-21244 HIGH POC PATCH This Week

Heap overflow in Windows Hyper-V enables authenticated local users to achieve arbitrary code execution with high privileges (CVSS 7.3). Exploitation requires user interaction and local system access, affecting Windows 10 1809 and Windows Server 2025. No patch is currently available.

Windows Hyper-V Buffer Overflow Heap Overflow Windows 10 1809 +12
NVD Exploit-DB VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-0508 HIGH This Week

Businessobjects Business Intelligence Platform versions up to 430 is affected by url redirection to untrusted site (open redirect) (CVSS 7.3).

SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-1866 HIGH This Week

The Name Directory WordPress plugin through version 1.32.0 contains a stored cross-site scripting vulnerability in its sanitization logic that allows unauthenticated attackers to inject malicious scripts through the public submission form. Attackers can exploit this by submitting content with double-encoded HTML entities that bypass security filters, and the injected scripts will execute when administrators or users view the affected pages if the submission is approved or auto-publish is enabled. This affects all installations of the vulnerable plugin versions with no patch currently available.

WordPress XSS
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-21743 HIGH This Week

FortiAuthenticator 6.3 through 6.6.6 allows read-only users to modify local user accounts by uploading files to an unprotected endpoint, bypassing authorization controls. This vulnerability requires high privileges to initiate but could enable unauthorized account modifications in affected deployments. No patch is currently available for this high-severity flaw.

Fortinet Fortiauthenticator
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-0845 HIGH This Week

Unauthorized option modification in WCFM - Frontend Manager for WooCommerce up to version 6.7.24 allows authenticated Shop Manager-level users to bypass capability checks and alter arbitrary WordPress settings. An attacker with these privileges can exploit this to change the default registration role to administrator and enable user registration, gaining full admin access to the site. No patch is currently available for this vulnerability.

WordPress Privilege Escalation
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-11142 HIGH This Week

The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account. [CVSS 7.1 HIGH]

RCE Axis Os
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-62676 HIGH This Week

Forticlient versions up to 7.4.4 is affected by improper link resolution before file access (CVSS 7.1).

Fortinet Windows Forticlient
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-21508 HIGH PATCH This Week

Windows Storage component contains an authentication bypass that enables authenticated local users to escalate privileges on Windows 10, Windows 11, and Windows Server 2016/2019 systems. An attacker with valid local credentials can exploit this vulnerability to gain elevated system access without user interaction. No patch is currently available for this HIGH severity issue affecting multiple Windows versions.

Windows Windows 10 1809 Windows Server 2016 Windows 11 24h2 Windows 10 1607 +10
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-21253 HIGH PATCH This Week

Use after free in Mailslot File System allows an authorized attacker to elevate privileges locally. [CVSS 7.0 HIGH]

Use After Free Denial Of Service Memory Corruption
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-21242 HIGH PATCH This Week

Windows Subsystem for Linux contains a use-after-free vulnerability that enables local privilege escalation for authenticated users. An attacker with valid local access could exploit this memory safety flaw to gain elevated system privileges on affected Windows Server 2022 systems.

Linux Windows Use After Free Windows Server 2022 Windows Server 2022 23h2 +7
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-21237 HIGH PATCH This Week

Local privilege escalation in Windows Subsystem for Linux affects Windows 11 23h2 and Windows 10 22h2 through a race condition in shared resource synchronization. An authenticated local attacker can exploit this vulnerability to gain elevated privileges on the system. No patch is currently available for this vulnerability.

Linux Windows Race Condition Windows 11 23h2 Windows 10 22h2 +7
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-21234 HIGH PATCH This Week

Local privilege escalation in Windows Connected Devices Platform Service exploits a race condition in resource synchronization, allowing authenticated attackers to gain elevated privileges on affected Windows systems including Server 2022, Windows 11 25h2, and Windows 10 21h2. The vulnerability requires local access and user interaction is not needed, making it a practical attack vector for users with standard privileges. No patch is currently available.

Windows Race Condition Windows Server 2022 Windows 11 25h2 Windows 10 21h2 +8
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-21241 HIGH PATCH This Week

Windows Ancillary Function Driver for WinSock in Windows 11 23h2 and Windows Server 2022 23h2 contains a use-after-free vulnerability that allows authenticated local users to achieve privilege escalation. An attacker with local access and valid credentials can trigger the memory safety flaw to gain elevated system privileges. No patch is currently available for this HIGH severity vulnerability.

Windows Use After Free Windows Server 2022 23h2 Windows 11 23h2 Windows Server 2022 +4
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-15569 HIGH This Week

A flaw has been found in Artifex MuPDF versions up to 1.26.1 is affected by untrusted search path (CVSS 7.0).

Windows
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-35998 HIGH This Week

Privilege escalation in Intel QuickAssist Technology (QAT) on certain Intel platforms allows a system-software adversary already holding privileged (Ring 0 / kernel-level) access to read and corrupt kernel state via an unprotected alternate hardware interface. The flaw stems from a missing protection mechanism on a secondary hardware control path, yielding high confidentiality and integrity impact but no availability loss. There is no public exploit identified at time of analysis, EPSS is negligible (0.01%), and it is not listed in CISA KEV.

Privilege Escalation Intel
NVD VulDB
CVSS 4.0
7.0
EPSS
0.0%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy