Skip to main content
CVE-2025-56361 HIGH This Week

Remote denial of service in the Matter SDK (connectedhomeip) versions 1.3 through 1.4 lets unauthenticated attackers crash smart-home devices by racing a Level Control MoveToLevel command against a conflicting write to the Pump Configuration and Control cluster's OperationMode attribute, tripping a reachable assertion (minLevel < currentLevel) in the server tick callback. The abort forces the device to restart or hang, disrupting any product built on the affected SDK. No public exploit identified at time of analysis, and the issue is tracked via project-chip GitHub issue #38619 with no vendor-released patch identified.

Denial Of Service Matter
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-56365 HIGH This Week

Denial of service in the Matter SDK (connectedhomeip) before 1.4.0 lets a network attacker crash the device by sending an InvokeCommandRequest to a nonexistent endpoint/cluster (e.g. 0x34), which the interaction model treats as valid and then aborts on a VerifyOrDie assertion (SIGABRT). This is a reachable-assertion bug (CWE-617) with availability-only impact and no data compromise. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV; the issue was acknowledged upstream and fixed in PR #37207.

Denial Of Service Matter
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-56364 HIGH This Week

Denial of service in the Matter SDK (connectedhomeip) before version 1.4.0 allows remote attackers to crash a Matter device or controller by sending a groupcast InvokeCommand message without an initialized destination group ID. The ExchangeManager reads the optional GroupId via GetDestinationGroupId().Value() without a HasValue() guard (CWE-457), triggering a SIGABRT abort. An upstream fix exists (commit 0360cc3, PR #36729), and no public exploit has been identified at time of analysis; this is a network-reachable, unauthenticated availability issue with no confidentiality or integrity impact.

Denial Of Service Matter
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-54629 HIGH POC GHSA This Week

Local File Read in Anyquery's Server Mode lets unauthenticated network attackers exfiltrate arbitrary files (e.g. /etc/passwd, ~/.ssh/id_rsa) readable by the server process. When `anyquery server` is running and reachable, any client speaking the MySQL wire protocol can issue native SQLite CREATE VIRTUAL TABLE statements against built-in reader modules such as csv_reader or log_reader to point at restricted paths, with no authentication or credentials required (CVSS 3.1 base 7.5, C:H/I:N/A:N). A working proof-of-concept is published in the GHSA advisory, so publicly available exploit code exists; there is no CISA KEV listing or EPSS score in the provided data.

Hashicorp Path Traversal
NVD GitHub
CVSS 3.1
7.5
CVE-2026-44891 HIGH POC PATCH GHSA This Week

Denial of service in the Netty netty-codec-stomp module (versions 4.1.x up to 4.1.135.Final and 4.2.0.Alpha1 through 4.2.15.Final) allows a remote attacker to trigger an OutOfMemoryError and crash the JVM. The StompSubframeDecoder caps individual header line length via maxLineLength but never bounds the total header count or cumulative header size, so a single STOMP frame packed with thousands of short headers exhausts heap memory. Publicly available exploit code exists (a working client/server PoC is published in the GitHub Security Advisory), but there is no public evidence of active exploitation; EPSS/KEV signals are not present in the input.

Java Denial Of Service
NVD GitHub
CVSS 3.1
7.5
CVE-2026-47476 HIGH This Week

Denial of service in NVIDIA Triton Inference Server for Linux allows remote unauthenticated attackers to trigger uncontrolled resource consumption, exhausting server resources and rendering the model-serving endpoint unavailable. The flaw carries a CVSS 7.5 with a pure availability impact and no confidentiality or integrity effect; it was reported by NVIDIA, and there is no public exploit identified at time of analysis. No special access is required, but the concrete resource-exhaustion trigger is not detailed in the available data.

Nvidia Denial Of Service Triton Inference Server
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-50125 HIGH PATCH GHSA This Week

Unauthenticated remote denial of service in StacklokLabs MKP (Model Context Protocol for Kubernetes) server versions before 0.4.1 lets a single crafted `tools/call` request against the default `:8080` endpoint exhaust process memory. The `get_resource` tool accepts attacker-controlled `limitBytes`/`tailLines` values with no upper bound and streams the entire Kubernetes pod-log response into an in-memory `bytes.Buffer`, driving an OOM kill (dynamic reproduction grew RSS from 25.8 MB to 1,179.3 MB on one request). Publicly available exploit code exists in the GitHub Security Advisory; there is no public evidence of active exploitation.

Docker Kubernetes Denial Of Service Python
NVD GitHub
CVSS 3.1
7.5
CVE-2026-15637 HIGH PATCH This Week

Sensitive information disclosure in Devolutions Server 2026.1.x and 2026.2.x lets an authenticated low-privileged user read the private keys of SSH key and certificate PAM credentials belonging to other users. By supplying a credential identifier they should not have access to (an insecure direct object reference), the attacker retrieves secrets the PAM module is supposed to protect. No public exploit identified at time of analysis, and it is not on CISA KEV, but a vendor patch is available. Note: the supplied CVSS vector lists PR:N (unauthenticated) while the description explicitly requires an authenticated low-privileged user — treat this as an authenticated IDOR.

Authentication Bypass Server
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-50013 HIGH PATCH GHSA This Week

Denial of service in Hoverfly's Diff mode (versions ≤ 1.12.7) lets any client with proxy access crash the entire process by sending concurrent requests. The `AddDiff()` function writes to the shared `responsesDiff` map without a mutex, so simultaneous proxy requests - the normal case for a proxy - trigger Go's built-in concurrent-map detector, producing an unrecoverable `fatal error: concurrent map read and map write` that kills the process. Publicly available exploit code exists (a working POC is embedded in the GitHub advisory), though there is no public exploit identified as actively used in the wild and no KEV listing.

Apple Denial Of Service Race Condition
NVD GitHub
CVSS 3.1
7.5
CVE-2026-45693 HIGH GHSA This Week

Unauthenticated arbitrary file read in FacturaScripts (all versions through v2026.2) lets remote attackers retrieve protected documents by abusing the static file controllers Files.php and Myfiles.php, which authorize requests on the raw URL prefix rather than the resolved filesystem path. A request such as /Plugins/../MyFiles/Private/invoice.pdf passes the prefix allow-list yet resolves to a private file, leaking customer/supplier invoices, attachments, and .sql database backups. A detailed, reproducible exploit is publicly available in the GitHub Security Advisory; there is no vendor-released patch identified at time of analysis and no evidence of active exploitation.

Apache PHP Canonical Path Traversal RCE
NVD GitHub
CVSS 3.1
7.5
CVE-2026-58531 HIGH PATCH Exploit Likely This Week

Elevation of privilege in the Windows SMB implementation allows an authenticated network attacker to win a race condition and gain higher privileges on affected systems, spanning Windows 10, Windows 11, and Windows Server 2012 through 2025. The flaw is a concurrency defect (CWE-362) reported by Microsoft with a vendor patch already released; there is no public exploit identified at time of analysis. Note a data conflict: the description and CVSS impacts describe privilege elevation with full confidentiality/integrity/availability impact, while the intelligence tags also label it 'Information Disclosure' — the CVSS vector should be treated as authoritative.

Microsoft Race Condition Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2026-57089 HIGH PATCH This Week

Remote code execution in the Windows SMB Server network transport driver (srvnet.sys) lets an unauthenticated network attacker win a use-after-free race to run arbitrary code, affecting Windows 10, Windows 11, and Windows Server 2012 through 2025. Per its CVSS vector the flaw requires user interaction and high attack complexity, so exploitation is non-trivial rather than a trivial wormable hit. This was reported by Microsoft, a vendor patch is available, and there is no public exploit identified at time of analysis.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +17
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2026-50685 HIGH PATCH This Week

Remote code execution in the Microsoft Windows DHCP Server role (Windows Server 2012 through 2025, plus Windows 10 1607/1809) arises from a double-free (CWE-415) condition that an authorized, network-adjacent attacker can trigger to run arbitrary code in the DHCP service context. The CVSS 3.1 vector (AV:N/AC:H/PR:L/UI:N) indicates a network-reachable but high-complexity attack requiring low-level privileges, with full confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and no CISA KEV listing, so exploitation appears theoretical rather than active for now.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows Server 2012 +9
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2026-50496 HIGH PATCH Exploit Unlikely This Week

Information disclosure in the Windows Network Policy Server (NPS) SNMP handling allows a remote, unauthenticated attacker to read out-of-bounds memory over the network and disclose potentially sensitive data. The flaw affects a broad range of Windows Server (2012 through 2025) and Windows client builds where the NPS role/SNMP component is present. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; a vendor patch is available from Microsoft (MSRC).

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2026-50505 HIGH PATCH Exploit Unlikely This Week

Remote code execution in the Microsoft Windows Message Queuing (MSMQ) service arises from a use-after-free (CWE-416) memory-corruption flaw that an authenticated attacker can trigger across a network to run arbitrary code in the service context. It affects a broad range of supported Windows client and server releases from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025 wherever the MSMQ component is enabled. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but Microsoft rates it CVSS 7.5 and has released a fix.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +17
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2026-50500 HIGH PATCH This Week

Privilege escalation in the Windows Netlogon service allows an already-authenticated, low-privileged network attacker to elevate to higher privileges by exploiting a use-after-free (CWE-416) memory-corruption condition. The flaw affects a broad range of Windows client and server releases from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025, including Server Core installations. Reported by Microsoft with a vendor patch available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +17
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2026-50470 HIGH PATCH Exploit Unlikely This Week

Information disclosure in the Windows Network Policy Server (NPS) SNMP component allows a remote, unauthenticated attacker to read out-of-bounds memory over the network and disclose sensitive process data. The flaw affects a broad range of Windows client and server releases, from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. It was reported by Microsoft, a vendor patch is available, and no public exploit has been identified at time of analysis (not listed in CISA KEV).

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2026-50424 HIGH PATCH Exploit Unlikely This Week

Denial of service in the Windows Domain Controller role on Windows Server 2025 (including Server Core) and Windows 11 24H2/25H2/26H1 lets a remote, unauthenticated attacker crash or hang authentication services by triggering an untrusted pointer dereference over the network. Because the CVSS vector is PR:N/UI:N with A:H and no confidentiality or integrity impact, a single crafted network exchange can disrupt directory and logon services domain-wide without credentials. No public exploit identified at time of analysis, and it is not on CISA KEV; Microsoft has released a patch.

Authentication Bypass Microsoft Windows 11 Version 24H2 Windows 11 Version 25H2 Windows 11 Version 26H1 +2
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2026-50463 HIGH PATCH Exploit Unlikely This Week

Information disclosure in the Windows Kernel allows a remote, unauthenticated attacker to read out-of-bounds memory and leak sensitive data across all currently supported Windows client and server builds (Windows 10 1809/21H2/22H2, Windows 11 24H2/25H2/26H1, and Windows Server 2019/2022/2025). The CVSS 3.1 base score is 7.5 (AV:N/AC:L/PR:N/UI:N, high confidentiality impact only). There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the network-reachable, no-privilege, no-interaction profile makes it a broadly applicable patch-now item.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1809 Windows 10 Version 21H2 +9
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2026-50379 HIGH PATCH This Week

Elevation of privilege in the Windows Media component of Windows 11 (versions 24H2, 25H2, and 26H1) allows an authorized attacker to win a race condition and gain higher privileges over a network. The CVSS 3.1 base score is 7.5 with full confidentiality, integrity, and availability impact, though the high attack complexity reflects the timing precision needed to exploit the flaw. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Microsoft Race Condition Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 +1
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-50414 HIGH PATCH This Week

Elevation of privilege in the Windows Media component of Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 allows an already-authorized (PR:L) network attacker to win a race condition and gain higher privileges, with full confidentiality, integrity, and availability impact. Microsoft self-reported the flaw and has released a patch; there is no public exploit identified at time of analysis and it is not on the CISA KEV list. High attack complexity (AC:H) reflects the timing precision needed to exploit the race reliably.

Microsoft Race Condition Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 +3
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2026-50330 HIGH PATCH This Week

Denial-of-service (and possible privilege-elevation) heap-based buffer overflow in the Microsoft Windows Remote Desktop Client is reachable over the network, with Microsoft's CVSS vector recording only an availability impact (A:H) despite the description's 'elevate privileges' wording. A patch is available from Microsoft (MSRC update guide), the flaw was reported by Microsoft itself, and there is no public exploit identified at time of analysis. Affected platforms span the full supported Windows client and server line, from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025.

Heap Overflow Buffer Overflow Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2026-49788 HIGH PATCH Exploit Unlikely This Week

Denial of service in the Windows HTTP/2 network stack allows a remote, unauthenticated attacker to exhaust server resources and render affected services unavailable across a broad range of Windows client and server releases (Windows 10/11 and Windows Server 2016 through 2025). Reported by Microsoft with a vendor patch available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The 7.5 CVSS reflects high availability impact with no confidentiality or integrity loss.

Denial Of Service Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +10
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2026-49787 HIGH PATCH Exploit Unlikely This Week

Denial of service in Microsoft Windows HTTP.sys allows remote unauthenticated attackers to exhaust system resources and make affected hosts unresponsive over the network. The flaw stems from missing resource limits/throttling (CWE-770) in the kernel-mode HTTP protocol stack, affecting a broad range of Windows client and server releases from Windows 10 1607 through Windows 11 26H1 and Windows Server 2016 through 2025. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; a vendor patch is available via MSRC.

Microsoft Denial Of Service Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +11
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2026-54983 HIGH PATCH This Week

Denial of service in Microsoft Active Directory Federation Services (AD FS) lets a remote, unauthenticated attacker crash the service by triggering a stack-based buffer overflow (CWE-121) over the network. The flaw affects AD FS as shipped across a broad range of Windows client and server builds (Windows 10/11 and Windows Server 2012 through 2025). Microsoft - the reporting party - has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Buffer Overflow Stack Overflow Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2026-59198 HIGH PATCH This Week

Out-of-bounds heap read in Python Pillow's TGA RLE encoder (versions 5.2.0 through 12.2.x) lets adjacent process heap bytes leak into a generated TGA file when an application saves a mode '1' (1-bit) image using compression='tga_rle'. The flaw is an information-disclosure bug (CWE-125), fixed in 12.3.0, with no public exploit identified at time of analysis. The NVD CVSS of 7.5 (network vector) overstates practical reach because triggering the leak depends on the host application invoking this specific and unusual save path.

Python Buffer Overflow Information Disclosure Pillow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-59205 HIGH PATCH This Week

Denial-of-service and controlled heap corruption in Python's Pillow imaging library (all versions prior to 12.3.0) occurs when ImageCms.ImageCmsTransform.apply() is invoked with an output image whose mode does not match the transform's declared output mode, causing an out-of-bounds write in the native color-management code. The pre-fix code only validated the output mode and never validated the input mode, so a mismatched buffer geometry lets the C-level transform write past allocation bounds. No public exploit has been identified at time of analysis; the fix is confirmed in release 12.3.0 via the vendor security advisory GHSA-9hw9-ch79-4vh6.

Python Buffer Overflow Memory Corruption Pillow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-59203 HIGH PATCH This Week

Denial of service in Python Pillow 12.0.0 through 12.2.0 lets a remote attacker hang an application by supplying a crafted EPS image whose %%BeginBinary directive declares a negative byte count, causing the EPS parser to seek backwards and re-parse the same directive forever. Any service that calls Image.open() on attacker-supplied EPS data is affected until upgraded to 12.3.0. No public exploit identified at time of analysis, though the upstream fix PR includes a test reproducer; the flaw is not listed in CISA KEV.

Python Denial Of Service Pillow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-59199 HIGH PATCH This Week

Denial of service (and potential memory corruption) in Python Pillow before 12.3.0 arises when public image coordinate APIs - Image.paste(), Image.crop(), and Image.alpha_composite() - are handed box coordinates near the signed 32-bit integer boundary (±2**31), causing a native heap out-of-bounds write in the C imaging core. Any application that forwards untrusted coordinate values into these calls can be crashed, and the OOB write raises the theoretical prospect of heap corruption. No public exploit identified at time of analysis; the fix (integer-overflow-safe int64_t arithmetic) shipped in 12.3.0.

Python Buffer Overflow Integer Overflow Pillow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-12707 HIGH PATCH This Week

Denial of service in Cloudflare quiche (all versions before 0.29.3) allows a remote unauthenticated peer to exhaust server memory by triggering rapid post-handshake source address migration, causing unbounded queuing of PathEvent::ReusedSourceConnectionId entries in the internal PathEvents collection. Because the queue grows without limit whenever an application does not drain it via path_event_next(), an attacker can force high memory consumption and crash or degrade the server; notably, servers remain vulnerable even when active connection migration is disabled. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Denial Of Service Quiche
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-48287 HIGH This Week

CAI Content Credentials is affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.

RCE C2Pa C2Pa Web C2Patool
NVD VulDB
CVSS 3.1
7.4
EPSS
0.1%
CVE-2026-47473 HIGH This Week

Memory corruption in NVIDIA TensorRT-LLM allows an attacker with local access to trigger a write-what-where primitive (CWE-123), enabling arbitrary memory writes that can corrupt data, crash the inference service, or leak sensitive information. The flaw carries a CVSS 7.4 (High) score with a local attack vector and high attack complexity, and affects the TensorRT-LLM library used to build and serve optimized large-language-model inference on NVIDIA GPUs. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Nvidia Denial Of Service Information Disclosure Tensorrt Llm
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2026-49805 HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Windows Win32K kernel-mode subsystem allows an already-authenticated low-privileged user to elevate to SYSTEM through an improper access-control flaw. The issue affects a broad range of Windows client and server releases, from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. Microsoft has released a patch; there is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.

Authentication Bypass Microsoft Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
7.0
EPSS
2.1%
CVE-2026-4017 HIGH This Week

Local information disclosure, data tampering, and denial of service in the BlackBerry QNX Neutrino kernel stems from a stack buffer overflow in the entry handler of the TraceEvent() system call, affecting QNX Software Development Platform, QNX OS for Safety, and QNX OS for Medical. An attacker able to run code on the target can craft malicious TraceEvent() arguments to corrupt kernel stack memory, leaking sensitive kernel data, altering kernel state, or crashing the RTOS. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; exploitation is rated high-complexity (AC:H) despite requiring no prior privileges.

Buffer Overflow Stack Overflow Information Disclosure Qnx Software Development Platform Qnx Os For Safety +1
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2026-50364 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Server Backup (WBADMIN component shipped with Windows 10 21H2/22H2 and Windows 11 24H2/25H2/26H1) lets an authorized, low-privileged user abuse a symbolic-link/junction race so that a backup operation acts on an attacker-chosen path, yielding SYSTEM-level access. Microsoft has released a patch and reported the flaw itself; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Successful exploitation requires local access plus user interaction, which lowers the realistic threat relative to the 7.3 base score.

Microsoft Information Disclosure Windows 10 Version 21H2 Windows 10 Version 22H2 Windows 11 Version 24H2 +2
NVD
CVSS 3.1
7.3
EPSS
0.4%
CVE-2026-24229 HIGH This Week

Missing authentication in NVIDIA TensorRT-LLM for Linux lets an attacker reach the disaggregated orchestrator's FastAPI server directly and read, write, or delete internal cluster state, resulting in information disclosure, data tampering, and denial of service. The flaw (CWE-306) affects the orchestration layer that coordinates disaggregated prefill/decode inference workers. No public exploit identified at time of analysis, and the CVSS 3.1 base score is 7.3 with a local attack vector despite the request-based nature of the issue.

Authentication Bypass Nvidia Denial Of Service Information Disclosure Tensorrt Llm
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2026-50482 HIGH PATCH Exploit Unlikely This Week

Local privilege-level code execution in the Windows NTFS file-system driver affects a broad range of Windows client and server releases, from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. A heap-based buffer overflow (CWE-122) lets an authorized local attacker who can induce a user to interact with a crafted file or volume execute arbitrary code in the security context of the kernel-mode NTFS component. There is no public exploit identified at time of analysis and it is not in CISA KEV, but Microsoft has released a patch and the flaw carries full high confidentiality, integrity, and availability impact.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2026-49790 HIGH PATCH Exploit Unlikely This Week

Elevation of privilege in the Windows Universal Disk Format File System driver (UDFS.sys) lets a low-privileged local user gain elevated (kernel/SYSTEM) rights after the victim mounts or opens a maliciously crafted UDF volume. The flaw stems from an integer arithmetic error (CWE-191) in the driver that parses UDF-formatted media such as ISO images, optical discs, and virtual disk files, and affects a broad range of Windows client and server releases from Windows Server 2012 and Windows 10 1607 through Windows 11 26H1 and Windows Server 2025. Microsoft reported the issue and has shipped a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Information Disclosure Microsoft Integer Overflow Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2026-49789 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows NTFS driver allows an already-authenticated, low-privileged user to gain elevated (likely SYSTEM) privileges by triggering a stack-based buffer overflow, contingent on user interaction. The flaw spans a broad range of supported Windows client and server releases, from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. Microsoft has issued a patch and reported the issue itself; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Buffer Overflow Stack Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2026-9128 HIGH This Week

Local arbitrary code execution in Rockwell Automation Studio 5000 Logix Designer arises because the External Tools configuration stores executable paths that contain spaces without quoting (CWE-428). A low-privileged local user who can write a malicious binary into an earlier segment of the resolved search path can have Windows execute it in place of the intended tool, running code with the privileges of the operator using the application. No public exploit has been identified at time of analysis, and the flaw is not listed in CISA KEV; the CVSS 4.0 score is 7.3 (High), tempered by local access, high attack complexity, a present attack requirement, and required active user interaction.

RCE Studio 5000 Logix Designer
NVD
CVSS 4.0
7.3
EPSS
0.1%
CVE-2026-9127 HIGH This Week

Local authenticated code execution in Rockwell Automation Studio 5000 Logix Designer allows any low-privileged authenticated user to tamper with the incorrectly-protected external-tools configuration file (CWE-863) and redirect a configured tool path to a malicious executable. Because the payload runs when a different user later invokes the external tools feature, this is effectively a privilege-crossing RCE against the engineering workstation. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV; exploitation is gated by high attack complexity, a specific attack requirement, and required victim interaction (CVSS 4.0 base 7.3).

Authentication Bypass RCE Studio 5000 Logix Designer
NVD
CVSS 4.0
7.3
EPSS
0.1%
CVE-2026-58529 HIGH PATCH Exploit Unlikely This Week

Information disclosure in Microsoft Active Directory Federation Services (AD FS) lets an authenticated, network-based attacker read memory outside intended bounds and leak sensitive data, per Microsoft's own report of the flaw (tracked in MSRC as CVE-2026-58529). The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N, C:H) indicates low-privilege remote exploitation with high confidentiality impact; there is no public exploit identified at time of analysis and it is not on CISA KEV. A vendor patch is available. Note a data discrepancy: the flaw is described as AD FS (a server role) yet the only CPE lists the Windows 11 version 26H1 client - verify affected platforms with Microsoft.

Buffer Overflow Information Disclosure Windows 11 Version 26H1
NVD
CVSS 3.1
7.1
EPSS
0.9%
CVE-2026-47992 HIGH This Week

SQL injection in Adobe Commerce, Adobe Commerce B2B, Magento Open Source, and the Adobe Commerce Webhooks Plugin allows a high-privileged authenticated attacker to inject malicious SQL that can escalate to arbitrary code execution in the context of the current user, enabling account/session takeover. The flaw (CWE-89) is network-reachable and requires no user interaction, but demands existing high privileges per the CVSS PR:H metric. No public exploit is identified at time of analysis and it is not listed in CISA KEV; EPSS was not provided.

SQLi RCE Adobe Adobe Commerce Adobe Commerce B2B +2
NVD VulDB
CVSS 3.1
7.2
EPSS
19.6%
CVE-2026-62643 HIGH PATCH This Week

Server-Side Request Forgery and information disclosure in Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2 arises from insufficient CSS sanitization in HTML e-mail bodies, letting a crafted message with stylesheet links pointing to internal hosts coerce the server into issuing requests to local-network resources. This is a re-opened flaw stemming from incomplete fixes for CVE-2026-35540 and CVE-2026-48843, indicating the sanitizer still failed to block specific local-address URL patterns. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the vendor rates it as a stable security update recommended for all installations.

SSRF Information Disclosure Webmail
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.2%
CVE-2026-11917 HIGH This Week

Arbitrary file write in Rockwell Automation FactoryTalk ThinManager allows an authenticated attacker to abuse a path traversal flaw in the software's API, saving files outside the application's intended directory into restricted system locations. Because CWE-22 file-write primitives on a Windows-based OT management server commonly enable code execution or service disruption, this carries an integrity and availability impact (CVSS 4.0 base 7.2). There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

Rockwell Path Traversal Factorytalk Thinmanager
NVD
CVSS 4.0
7.2
EPSS
0.3%
CVE-2026-55122 HIGH PATCH Exploit Unlikely This Week

Information disclosure in Microsoft Office Excel (2016, Office 2019, LTSC 2021/2024, Microsoft 365 Apps, Office for Mac, and Office Online Server) lets an attacker read out-of-bounds memory when a victim opens a maliciously crafted spreadsheet, potentially leaking sensitive process data such as memory contents, pointers, or credentials. Rated CVSS 7.1 with a local attack vector requiring user interaction, the flaw stems from a CWE-125 out-of-bounds read in Excel's file parser. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the ubiquity of Excel and Microsoft's confirmed patch make prompt patching important.

Buffer Overflow Microsoft Information Disclosure Microsoft 365 Apps For Enterprise Microsoft Excel 2016 +7
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2026-46627 HIGH PATCH This Week

Twig is a template language for PHP. Prior to 3.26.0, the Twig sandbox does not prevent a template from consuming CPU, memory, or wall-clock time, even under the strictest allow-list, allowing untrusted templates to cause resource exhaustion. This issue is addressed in version 3.26.0 by documenting that the sandbox does not protect against resource exhaustion.

Denial Of Service Twig
NVD GitHub
CVSS 4.0
7.1
EPSS
0.3%
CVE-2026-49165 HIGH PATCH Exploit Unlikely This Week

Local information disclosure in the Microsoft Windows App Store (Store/AppX component) affects a broad range of Windows 10, Windows 11, and Windows Server releases (1607 through 26H1, Server 2016/2019/2022/2025). An authorized local attacker can leverage a use of uninitialized resource (CWE-908) to read memory contents that should not be exposed, with CVSS 7.1 reflecting high confidentiality impact but requiring low-privileged authenticated local access. There is no public exploit identified at time of analysis, it is not listed in CISA KEV, and Microsoft has released a patch via the MSRC update guide.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +11
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2026-50354 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Kernel lets an already-authenticated, low-privileged user corrupt kernel memory via a use-after-free (CWE-416) and gain higher privileges on the host. The flaw affects a broad range of currently-supported Windows client and server releases (Windows 10 1607 through Windows 11 26H1, and Windows Server 2016 through 2025); Microsoft has shipped a fix. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +13
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2026-50465 HIGH PATCH Exploit Unlikely This Week

Local integrity and availability tampering in the Microsoft Windows DNS component affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 (including Server Core), where an authorized attacker with low privileges can abuse improper access control to modify DNS data or disrupt the service. Microsoft self-reported the issue and has released a patch. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV, so exploitation would currently require local access on an already-compromised or shared host.

Authentication Bypass Microsoft Windows 11 Version 24H2 Windows 11 Version 25H2 Windows 11 Version 26H1 +2
NVD
CVSS 3.1
7.1
EPSS
0.2%
Prev Page 10 of 12 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy