Skip to main content
CVE-2026-41720 HIGH PATCH This Week

Authentication bypass in Spring LDAP's DirContextAuthenticationStrategy allows remote unauthenticated attackers to succeed at LDAP bind operations by supplying any non-empty username paired with an empty or null password, due to the framework failing to reject such anonymous-equivalent bind requests. Affected releases span Spring LDAP 2.4.0-2.4.4, 3.2.0-3.2.17, 3.3.0-3.3.7, and 4.0.0-4.0.3, putting Java applications that delegate authentication to these libraries at risk of impersonating arbitrary users. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Authentication Bypass Java Spring Ldap
NVD HeroDevs VulDB
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-46320 HIGH PATCH This Week

Denial-of-service via memory exhaustion in the Linux kernel's tap/vhost_net XDP path allows adjacent network attackers to leak kernel page-frag memory by sending malformed frames over a tap device. The bug in tap_get_user_xdp() fails to free pages allocated by vhost_net_build_xdp() on the error paths for undersized frames (<ETH_HLEN) and build_skb() allocation failures, with each rejected frame in a batch leaking one page-frag chunk. EPSS is 0.02% and no public exploit identified at time of analysis; not listed in CISA KEV.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-34181 HIGH PATCH This Week

Integrity-check bypass in OpenSSL 3.4.x, 3.5.x, 3.6.x, and 4.0.0 allows PKCS#12 files protected with PBMAC1 to be accepted even when secured by dangerously short HMAC keys, undermining the authentication of the keystore contents. Vendor patches are available in 3.4.6, 3.5.7, 3.6.3, and 4.0.1, and no public exploit identified at time of analysis; EPSS is 0.00% and the issue is not on the CISA KEV list.

Information Disclosure OpenSSL Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-46328 HIGH PATCH This Week

Local privilege/availability impact in the Linux kernel AppArmor subsystem stems from incomplete rlimit handling for POSIX CPU timers, where setting an rlimit through AppArmor policy did not propagate to the POSIX CPU timer machinery. A local low-privileged user operating under an AppArmor-confined profile can leverage the inconsistent limit enforcement to disrupt CPU-time accounting and cause high-impact availability effects on the system. No public exploit identified at time of analysis, and EPSS rates likelihood of exploitation at only 0.02% (7th percentile).

Linux Information Disclosure
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-24180 HIGH This Week

Heap-based buffer overflow in NVIDIA DALI enables local authenticated attackers to achieve code execution, data tampering, denial of service, or information disclosure when a victim user interacts with attacker-supplied input. The flaw affects the Data Loading Library used in GPU-accelerated deep learning data pipelines and carries a CVSS 3.1 score of 7.3 (High). No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Nvidia Heap Overflow RCE Information Disclosure Buffer Overflow +1
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-24181 HIGH This Week

Local code execution and data tampering in NVIDIA DALI (Data Loading Library) is possible when a low-privileged user is tricked into processing attacker-controlled input through a component that performs improper index validation (CWE-129). The CVSS 7.3 vector (AV:L/AC:L/PR:L/UI:R) indicates local access, low privileges, and user interaction are required, with high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Denial Of Service Information Disclosure Nvidia RCE
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-2638 HIGH PATCH This Week

Local privilege escalation in X-VPN for macOS (website-distributed versions 77.0 through 77.5) allows a low-privileged local attacker to corrupt privileged files by abusing a race condition (TOCTOU) and symlink manipulation in the quarantine and restore workflow. Discovered and reported by Fluid Attacks, the issue is patched by the vendor; no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

Apple Information Disclosure X Vpn Macos Website
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-9753 HIGH PATCH This Week

Memory disclosure and denial-of-service in MongoDB Server allows any authenticated user with aggregate command privileges to crash the database or read out-of-bounds memory by submitting a malformed binary diff through the $_internalApplyOplogUpdate aggregation pipeline stage. The flaw stems from inadequate validation of the binary diff document structure consumed by an internal oplog replay operator that is unexpectedly reachable from user-facing aggregation queries. No public exploit identified at time of analysis, but the low privilege bar and network attack vector make this a meaningful threat in multi-tenant or shared-credential MongoDB deployments.

Denial Of Service Mongodb Server
NVD
CVSS 4.0
7.2
EPSS
0.1%
CVE-2026-10727 HIGH This Week

Command injection in Ivanti Endpoint Manager Mobile (EPMM) versions prior to 12.9.0.1, 12.8.0.3, and 12.7.0.2 enables an authenticated administrator with high privileges to execute arbitrary OS commands as root on the underlying server. No public exploit identified at time of analysis, and the issue is not currently listed on the CISA KEV catalog, but Ivanti EPMM has a history of being a high-value target for nation-state actors which elevates real-world urgency. The high-privilege precondition limits opportunistic abuse but the root-level outcome makes this a credible privilege-escalation and lateral-movement vector.

Ivanti Command Injection
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2026-47343 HIGH PATCH GHSA This Week

Authorization bypass in TYPO3 CMS allows non-privileged backend users with file mount access to perform write operations (move, delete, rename) on the root folders of their assigned file mounts, which were intended to be protected. The flaw affects TYPO3 versions before 10.4.57, 11.0.0-11.5.50, 12.0.0-12.4.45, 13.0.0-13.4.30, and 14.0.0-14.3.2, with CVSS 4.0 score 7.2 (High). No public exploit identified at time of analysis.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
7.2
EPSS
0.0%
CVE-2026-7556 HIGH This Week

Stored cross-site scripting in the FV Flowplayer Video Player WordPress plugin (versions through 7.5.49.7212) allows remote attackers to inject persistent JavaScript via the comment text field, which executes in any visitor's browser when the affected page is loaded. The flaw stems from insufficient input sanitization and output escaping in the comment-parsing routine and is reachable only when the non-default 'Parse Vimeo and YouTube links' (parse_comments) option is enabled and an administrator approves the malicious comment. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

XSS WordPress
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-47288 HIGH PATCH NEWS This Week

Remote code execution in Microsoft Windows Kerberos implementation allows an authenticated attacker on an adjacent network segment to trigger an integer overflow and execute arbitrary code. The flaw is rated CVSS 7.1 (High) with high attack complexity and requires low-level privileges, and at the time of analysis there is no public exploit identified. Because Kerberos is a core authentication service in Windows domain environments, successful exploitation has direct implications for domain trust and identity security.

Microsoft Integer Overflow Buffer Overflow
NVD VulDB
CVSS 3.1
7.1
EPSS
0.3%
CVE-2026-45501 MEDIUM PATCH Exploit Unlikely This Month

Cross-site scripting and server-side request forgery in Microsoft Exchange Server enables authenticated low-privilege network attackers to perform spoofing and exfiltrate sensitive information. Affected are Exchange Server 2016 CU23, 2019 CU14, 2019 CU15, and the Subscription Edition RTM release lines, all below their respective patched cumulative update builds. No public exploit identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog, though Microsoft has released patches across all affected branches.

XSS Microsoft SSRF Exchange Server Exchange Server Subscription Edition
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-9750 HIGH PATCH This Week

MongoDB Server exposes an availability and data integrity risk allowing any low-privileged authenticated user to crash the mongod process or obtain incorrect query results by inserting specially crafted documents. The root cause - insufficient separation between user-controlled document fields and internal execution metadata (CWE-617: Reachable Assertion) - means the attack surface is the normal document write workflow, requiring no elevated roles. CVSS 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) is consistent with this profile: network-reachable, low complexity, low-privilege; no public exploit or CISA KEV listing has been identified at time of analysis.

Denial Of Service Mongodb Server
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2026-9748 HIGH PATCH This Week

Remote denial-of-service in MongoDB Server allows an authenticated user to crash the mongod process by submitting an aggregation pipeline that places the $_internalConvertBucketIndexStats stage upstream of a $facet stage. The misuse of the internal PauseExecution signal trips a hard invariant assertion in TeeBuffer, terminating the database process. No public exploit identified at time of analysis, and the issue is tracked in MongoDB's internal tracker SERVER-123951.

Denial Of Service Mongodb Server
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2026-45500 MEDIUM PATCH Exploit Unlikely This Month

Cross-site scripting in Microsoft Exchange Server's web interface enables unauthenticated remote attackers to perform spoofing attacks against users of Exchange Server 2016, 2019, and Subscription Edition. The CVSS vector (PR:N/UI:R/S:C) indicates no attacker authentication is required, but a victim must interact with a crafted link, and the Changed Scope means injected scripts can cross browser security boundaries within the Exchange session. No public exploit has been identified at time of analysis, and vendor-released patches are available addressing all affected cumulative update branches.

XSS Microsoft
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-33113 MEDIUM PATCH Exploit Unlikely This Month

Cross-site scripting in Microsoft SharePoint enables network-based spoofing attacks by injecting malicious scripts into web page output. The vulnerability (CWE-79) targets users of the SharePoint web interface and, when triggered via user interaction, allows an attacker to manipulate page content or impersonate legitimate UI elements - degrading both confidentiality and integrity. No public exploit or active exploitation has been identified at time of analysis, though the low-complexity network vector lowers the bar for opportunistic abuse.

XSS Microsoft Sharepoint Server
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-8045 HIGH CISA This Week

Server-side file disclosure in Schneider Electric EcoStruxure IT Data Center Expert v9.1.1 and prior allows authenticated users to read arbitrary files on the underlying host by submitting crafted XML payloads to SOAP service endpoints. The flaw stems from improper restriction of XML External Entity references (CWE-611) in the SOAP API. No public exploit identified at time of analysis, but CISA SSVC marks the issue as automatable with partial technical impact.

XXE Information Disclosure Ecostruxure It Data Center Expert
NVD VulDB
CVSS 4.0
7.1
EPSS
0.1%
CVE-2026-9752 HIGH PATCH This Week

Denial of service in MongoDB Server allows an authenticated user to crash the database process by issuing a geospatial query backed by a 2dsphere index where the indexed field holds a GeoJSON GeometryCollection containing a Polygon defined with a strict-winding CRS. The flaw is a CWE-476 null pointer dereference reached because the rejection guard for unsupported strict-winding polygons does not recurse into GeometryCollection members. No public exploit identified at time of analysis and the issue is not on the CISA KEV list.

Denial Of Service Null Pointer Dereference Mongodb Server
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-9743 HIGH PATCH This Week

Denial of service in MongoDB Server 8.0 allows authenticated users with aggregation pipeline privileges to crash the server process by issuing a specially crafted aggregation followed by a getMore command on the same cursor, triggering a null pointer dereference in the aggregation stage's _subPipeline field. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but the low attack complexity and minimal privilege requirement make it a credible availability threat for multi-tenant or shared MongoDB deployments.

Denial Of Service Null Pointer Dereference Mongodb Server
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-9749 HIGH PATCH This Week

Denial of service in MongoDB Server allows authenticated users to trigger an assertion failure by running aggregation pipelines that use the internal $exchange stage with key-range partitioning and order-preserving delivery. When a single key range fills its consumer buffer, the high watermark is not updated correctly, leading to a reachable assertion (CWE-617) and likely process termination. No public exploit identified at time of analysis.

Information Disclosure Microsoft Mongodb Server
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-9747 HIGH PATCH This Week

Denial of service in MongoDB Server allows authenticated remote attackers to crash the database process by submitting aggregation pipelines that combine the internal fromRouter:true flag with runtimeConstants.userRoles. No public exploit identified at time of analysis, but the bug is tracked in MongoDB's public JIRA (SERVER-123918), which makes the trigger conditions discoverable. Impact is limited to availability (VA:H) with no data exposure or integrity compromise.

Denial Of Service Mongodb Server
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-9746 HIGH PATCH This Week

Denial of service in MongoDB Server occurs when an authenticated user issues a $changeStreams aggregation combined with the internal $_requestReshardingResumeToken option and the exchange option, triggering a reachable invariant that crashes the mongod process. Any logged-in user with low privileges can repeatedly invoke the crash on default deployments, producing service-wide downtime. No public exploit identified at time of analysis and the issue is not listed in CISA KEV, but the bug is vendor-confirmed via MongoDB Jira SERVER-124190.

Denial Of Service Microsoft Mongodb Server
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-9754 HIGH PATCH This Week

Information disclosure in MongoDB Server allows authenticated users holding the read role to obtain small amounts of uninitialized stack memory by submitting specially-crafted filemd5 commands. The flaw stems from CWE-457 (Use of Uninitialized Variable) in the filemd5 command handler, and while no public exploit has been identified at time of analysis, the low attack complexity and network reachability make it a credible insider/credential-theft risk against MongoDB databases.

Information Disclosure MongoDB
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-49956 HIGH PATCH This Week

Cross-profile data disclosure in Hermes WebUI before 0.51.269 allows authenticated users to read session titles and transcript message content from other users' profiles by querying the sessions search endpoint, which fails to scope results to the caller's active profile. The flaw was reported by VulnCheck and a vendor patch is available; no public exploit identified at time of analysis, but the issue is trivial to trigger for any logged-in account.

Authentication Bypass Hermes Webui
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-46322 HIGH PATCH This Week

Memory leak in the Linux kernel's TUN driver (tun_xdp_one) allows a local attacker to exhaust host memory by repeatedly triggering build_skb() allocation failures, leaking one page-frag chunk per failed batch entry. The flaw affects the vhost_net XDP fast-path used by virtual machines and containers; with no public exploit identified at time of analysis and an EPSS score of 0.02% (5th percentile), real-world weaponization risk is low, but sustained leakage on busy virtualization hosts could degrade availability.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-46321 HIGH PATCH This Week

Local denial-of-service in the Linux kernel's tun/vhost-net subsystem allows an unprivileged process with access to /dev/net/tun and /dev/vhost-net to leak page-frag chunks on every short frame (length minus virtio-net header below ETH_HLEN) submitted to tun_xdp_one(), eventually exhausting host memory and triggering an OOM panic. The flaw is a missing put_page() on the -EINVAL error path that tun_sendmsg() then masks by reporting success to vhost_tx_batch(). EPSS is very low (0.02%) and no public exploit identified at time of analysis, but the bug is upstream-confirmed with patches in stable trees.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-9741 HIGH PATCH This Week

Sensitive information disclosure in MongoDB Server affects deployments using Queryable Encryption (QE) or Client-Side Field Level Encryption (CSFLE) when issuing $vectorSearch aggregation queries. Due to a flaw in client-side query analysis, literal values intended for encrypted fields inside $vectorSearch filter expressions are transmitted to the server as plaintext instead of ciphertext, defeating the confidentiality guarantee of client-side encryption. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Information Disclosure Mongodb Server
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-49742 HIGH PATCH GHSA This Week

Information disclosure in TYPO3 CMS allows authenticated backend users with file download permissions to retrieve arbitrary files from the server's document root via the Media Module's File Abstraction Layer (FAL) fallback storage. Affected branches span versions 11.0.0-11.5.50, 12.0.0-12.4.45, 13.0.0-13.4.30, and 14.0.0-14.3.2, with no public exploit identified at time of analysis. The flaw exposes sensitive files such as logs, .htpasswd, and configuration material that would normally sit outside the managed file storage.

Path Traversal
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-44751 HIGH This Week

Privilege escalation in SAP NetWeaver Application Server ABAP allows authenticated low-privilege users to invoke a report generation command that overwrites data belonging to other users, breaking tenant-level data integrity. The flaw stems from missing authorization checks (CWE-862) and carries a CVSS 7.1 rating with high integrity impact; no public exploit identified at time of analysis.

Authentication Bypass
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-47648 HIGH PATCH This Week

Local privilege escalation in Microsoft Windows Storage allows an authorized low-privilege user to gain higher privileges through an untrusted search path weakness (CWE-426). The flaw requires existing local access and a successful race or environmental manipulation, reflected in the high attack complexity. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
7.0
EPSS
0.1%
CVE-2026-47293 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Office Click-To-Run stems from a use-after-free condition (CWE-416) that lets an authorized low-privilege user elevate to higher privileges on the host. The flaw, reported by Microsoft's MSRC, carries a CVSS 7.0 (AV:L/AC:H/PR:L) reflecting that exploitation requires local access, low privileges, and a successful race-window or memory-state condition. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Microsoft Use After Free Memory Corruption Denial Of Service 365 Apps +3
NVD VulDB
CVSS 3.1
7.0
EPSS
0.1%
CVE-2026-45653 HIGH PATCH This Week

Local privilege escalation in Microsoft Windows Kernel allows an authenticated low-privilege attacker to elevate to SYSTEM by triggering a use-after-free condition in kernel memory. The flaw carries a CVSS 7.0 rating with high attack complexity, and no public exploit identified at time of analysis. Exploitation requires a race condition or specific timing to be won, which constrains reliable weaponization but does not eliminate the risk on multi-user or shared Windows hosts.

Denial Of Service Heap Overflow Microsoft Buffer Overflow Windows 10 1607 +12
NVD VulDB
CVSS 3.1
7.0
EPSS
0.1%
CVE-2026-42984 HIGH PATCH This Week

Local privilege escalation in Microsoft Windows Kernel allows an authorized low-privileged attacker to gain elevated (SYSTEM-level) privileges by triggering a use-after-free condition in kernel memory. The flaw carries a CVSS 7.0 (High) rating with high attack complexity, and Microsoft has released a patch via MSRC; no public exploit identified at time of analysis. Successful exploitation breaks the local Windows security boundary, enabling full host compromise from any authenticated session.

Microsoft Use After Free Memory Corruption Denial Of Service
NVD VulDB
CVSS 3.1
7.0
EPSS
0.1%
CVE-2026-42911 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Ancillary Function Driver for WinSock (afd.sys) allows an authenticated low-privileged user to elevate to SYSTEM via a use-after-free condition. The flaw affects Microsoft Windows installations using the standard WinSock kernel driver and has a vendor-released patch available through Microsoft's security update guide. No public exploit has been identified at time of analysis, though afd.sys has historically been a frequent target for elevation-of-privilege exploitation.

Microsoft Use After Free Memory Corruption Denial Of Service
NVD VulDB
CVSS 3.1
7.0
EPSS
0.1%
CVE-2026-45487 HIGH PATCH This Week

Local privilege escalation in the Windows Program Compatibility Assistant (PCA) Service affects supported Windows 10, Windows 11, and Windows Server 2022/2025 builds through a TOCTOU race condition (CWE-367). An authenticated local attacker who wins the race window can elevate from a standard user context to higher privileges with full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, and EPSS is very low (0.05%), but Microsoft has released patches across all affected branches.

Information Disclosure
NVD VulDB
CVSS 3.1
7.0
EPSS
0.1%
CVE-2026-45647 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Defender for Endpoint for Mac (versions 101.0.0 through 101.26042.0010) allows an authenticated local attacker to win a time-of-check/time-of-use race and gain elevated privileges on the host. No public exploit identified at time of analysis, and EPSS is very low (0.05%), but SSVC rates technical impact as 'total' because successful exploitation yields full compromise of the endpoint security agent.

Information Disclosure Microsoft Defender For Endpoint
NVD VulDB
CVSS 3.1
7.0
EPSS
0.1%
CVE-2026-45603 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Ancillary Function Driver for WinSock (afd.sys) allows an authenticated low-privileged user to elevate to SYSTEM by winning a race condition that triggers a use-after-free. The flaw is reported by Microsoft (MSRC) and carries CVSS 7.0 with high attack complexity, but no public exploit is identified at time of analysis and it is not listed in CISA KEV.

Denial Of Service Microsoft Race Condition Windows 10 1607 Windows 10 1809 +11
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-45601 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Ancillary Function Driver for WinSock (AFD.sys) allows an authenticated low-privileged attacker to win a race condition and gain SYSTEM-level execution. The flaw is a use-after-free triggered through concurrent WinSock operations, and at time of analysis no public exploit has been identified and the CVE is not on the CISA KEV list.

Denial Of Service Microsoft Race Condition Windows 10 1607 Windows 10 1809 +11
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-45598 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Ancillary Function Driver for WinSock (afd.sys) allows an authenticated low-privileged user to win a race condition and trigger a use-after-free, enabling code execution at kernel level. No public exploit identified at time of analysis, but AFD.sys has a long history of being a preferred LPE target and Microsoft has marked the issue as important. EPSS data was not provided in the source feed.

Denial Of Service Microsoft Race Condition Windows 10 1607 Windows 10 1809 +11
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-45597 HIGH PATCH This Week

Local privilege escalation in Microsoft Windows UI Automation Manager (uiamanager.dll) enables authenticated low-privileged users to gain higher privileges by exploiting a race condition in concurrent resource access. The flaw was reported by Microsoft's own security team (secure@microsoft.com) and has no public exploit identified at time of analysis, though the CVSS 7.0 score reflects high impact on confidentiality, integrity, and availability once successfully triggered.

Information Disclosure Race Condition
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-45596 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Ancillary Function Driver for WinSock (afd.sys) allows an authenticated local user to gain SYSTEM-level rights by winning a race condition that leads to a use-after-free in kernel memory. The flaw affects Windows installations where afd.sys is loaded (effectively all desktop and server SKUs) and was reported by Microsoft Security Response Center; no public exploit identified at time of analysis and the vulnerability is not listed on the CISA KEV catalog.

Denial Of Service Microsoft Race Condition
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-44818 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office Excel can be achieved by an unauthenticated attacker who tricks a user into opening a malicious spreadsheet that triggers an integer underflow condition. The flaw carries a CVSS 7.0 rating reflecting high attack complexity and required user interaction, and no public exploit identified at time of analysis. There is a notable mismatch between the description (integer underflow) and the assigned CWE-362 (race condition), which warrants verification with Microsoft's advisory.

Authentication Bypass Microsoft Race Condition 365 Apps Excel +5
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-42912 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows Telephony Service allows an authenticated low-privileged attacker to elevate to higher privileges by exploiting a race condition in concurrent access to a shared resource. The flaw carries a CVSS 7.0 (High) rating with high attack complexity, and no public exploit identified at time of analysis. Successful exploitation grants full confidentiality, integrity, and availability impact on the affected host.

Information Disclosure Microsoft Race Condition
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-42836 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Function Discovery Service (fdwsd.dll) allows an authorized low-privileged attacker on the host to win a race condition and obtain elevated privileges. Reported by Microsoft (secure@microsoft.com) and tracked under MSRC's update guide, the issue carries a CVSS 7.0 score driven by high impact across confidentiality, integrity, and availability, though the high attack complexity reflects the timing window required. No public exploit identified at time of analysis and the flaw is not currently listed in CISA KEV.

Information Disclosure Race Condition
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-9213 MEDIUM PATCH This Month

Remote code execution affects NETGEAR gaming routers (XR1000, MR70, MS70, RAXE500) when an attacker holds an on-path man-in-the-middle position between the device and the internet. The CVSS 4.0 vector (AV:N/AC:H/AT:P/PR:N/UI:N) confirms no privileges are needed on the target device but requires both high attack complexity and a specific network prerequisite - the ability to intercept and tamper with upstream traffic. No public exploit identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Netgear Mr70 Ms70 Raxe500 +1
NVD VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2026-49955 MEDIUM PATCH This Month

Resource exhaustion in Hermes WebUI before v0.51.270 allows unauthenticated remote attackers to degrade service availability by abusing the WebAuthn passkey options endpoint without rate limiting or challenge lifecycle enforcement. Repeated POST requests to the authentication endpoint cause the server-side challenge store file to grow without bound, generating sustained CPU load and disk I/O pressure through continuous JSON file rewrites. No public exploit identified at time of analysis and not listed in CISA KEV; EPSS data was not available in provided intelligence. The fix is confirmed in the vendor-released v0.51.270.

Denial Of Service Hermes Webui
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-40808 MEDIUM CISA This Month

Unrestricted file upload via the DIGSI 5 engineering protocol in Siemens SIPROTEC 5 protective relays enables authenticated, high-privileged users on an adjacent network to upload malicious configuration files, causing denial of service or potentially achieving code execution on the affected device. All hardware variants (CP050/CP100/CP150/CP200/CP300) across more than 60 distinct SIPROTEC 5 model lines are affected, with no patched firmware version available. No public exploit identified at time of analysis, but the presence of RCE and DoS tags alongside a confirmed CWE-434 root cause makes this a meaningful operational technology (OT) risk in poorly segmented substation environments.

Denial Of Service File Upload RCE Siprotec 5 6Md84 Cp300 Siprotec 5 6Md85 Cp200 +59
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-45608 MEDIUM PATCH This Month

Out-of-bounds read in Windows DHCP Server exposes adjacent memory contents and can crash the service, yielding both information disclosure and a high-severity denial-of-service condition on affected Windows systems. The flaw (CWE-125) is exploitable locally with low attack complexity and no user interaction, targeting systems where the DHCP Server role is installed across a broad range of Windows 10, 11, and Server editions from 2012 through 2025. No public exploit has been identified at time of analysis, and Microsoft has released patched builds via the MSRC update guide (CVE-2026-45608).

Information Disclosure Microsoft Buffer Overflow Windows 10 1607 Windows 10 1809 +11
NVD VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-9735 MEDIUM PATCH This Month

MongoDB Server leaks SASL authentication credentials into plaintext server logs when connection health metric logging is enabled, exposing database passwords to any local actor with log file read access. The flaw (CWE-532) affects all versions per the available CPE data and was self-disclosed by MongoDB, indicating a vendor-acknowledged issue without a confirmed patch version at time of analysis. A low-privileged local attacker who can read the MongoDB log directory can harvest credentials and authenticate directly to the database - no public exploit exists at time of analysis, and it is not listed in the CISA KEV catalog.

Information Disclosure Mongodb Server
NVD VulDB
CVSS 4.0
6.8
EPSS
0.0%
Prev Page 9 of 16 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy