CVE-2026-44862 - SQL injection vulnerabilities exist in several underlying service components accessible through the

CVE-2026-44861 - SQL injection vulnerabilities exist in several underlying service components accessible through the

CVE-2026-44860 - SQL injection vulnerabilities exist in several underlying service components accessible through the

CVE-2026-44859 - Stack-based buffer overflow vulnerabilities exist in several underlying management service component

CVE-2026-44858 - Stack-based buffer overflow vulnerabilities exist in several underlying management service component

CVE-2026-44857 - Stack-based buffer overflow vulnerabilities exist in several underlying management service component

CVE-2026-44856 - Stack-based buffer overflow vulnerabilities exist in several underlying management service component

CVE-2026-44855 - Stack-based buffer overflow vulnerabilities exist in several underlying management service component

CVE-2026-44854 - Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Op

CVE-2026-44853 - Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Op

CVE-2026-44852 - An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based manage

CVE-2026-44225 - Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pu

CVE-2026-44223 - vLLM is an inference and serving engine for large language models (LLMs). From to before 0.20.0, th

CVE-2026-44222 - vLLM is an inference and serving engine for large language models (LLMs). From 0.6.1 to before 0.20.

CVE-2026-44221 - ArcadeDB is a Multi-Model DBMS. Prior to 2.6.4, authenticated users and API tokens scoped to a speci

CVE-2026-44220 - ciguard is a static security auditor for CI/CD pipelines. From 0.8.0 to 0.8.1 , the discover_pipelin

CVE-2026-44219 - ciguard is a static security auditor for CI/CD pipelines. From 0.6.0 to 0.8.1, both SCA HTTP clients

CVE-2026-44218 - ciguard is a static security auditor for CI/CD pipelines. From 0.1.0 to 0.8.1, the published ghcr.io

CVE-2026-44217 - sse-channel is an SSE-implementation which can be used to any node.js http request/response stream.

CVE-2026-44215 - NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a one-byte heap out-of

CVE-2026-42889 - Relay adds real-time collaboration to Obsidian. Relay Server versions 0.9.0 through 0.9.6 contain an

CVE-2026-42446 - NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a stack-based out-of-b

CVE-2026-42445 - NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recurs

CVE-2026-42444 - NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a denial-of-service vu

CVE-2026-42443 - NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an integer divide-by-z

CVE-2026-42442 - NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a null-pointer derefer

CVE-2026-42355 - NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recurs

CVE-2026-42338 - ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to

CVE-2026-42191 - OpenTelemetry.Exporter.OpenTelemetryProtocol is the OTLP (OpenTelemetry Protocol) exporter implement

CVE-2026-34690 - After Effects versions 26.0, 25.6.4 and earlier are affected by a Stack-based Buffer Overflow vulner

CVE-2026-34688 - CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validat

CVE-2026-34686 - Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier

CVE-2026-34685 - Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier

CVE-2026-34680 - CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Overflow or Wr

CVE-2026-34679 - CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validat

CVE-2026-34678 - CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource

CVE-2026-34677 - CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource

CVE-2026-34673 - CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource

CVE-2026-34672 - CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Underflow (Wra

CVE-2026-34671 - CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Overflow or Wr

CVE-2026-34670 - CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validat

CVE-2026-34669 - CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validat

CVE-2026-34668 - CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validat

CVE-2026-34667 - CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Underflow (Wra

CVE-2026-34666 - CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validat

CVE-2026-34665 - CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource

CVE-2026-34658 - Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier

CVE-2026-34656 - Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier

CVE-2026-34655 - Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier

CVE-2026-34654 - Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier

CVE-2026-34653 - Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier

CVE-2026-34652 - Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier

CVE-2026-34651 - Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier

CVE-2026-34650 - Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier

CVE-2026-34649 - Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier

CVE-2026-34648 - Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier

CVE-2026-34647 - Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier

CVE-2026-34646 - Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier

CVE-2026-34645 - Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier

CVE-2026-23827 - A heap-based buffer overflow vulnerability exists in a Network management service of AOS-8 and AOS-1

CVE-2026-23826 - A vulnerability in a network management service of AOS-8 Operating System could allow an unauthentic

CVE-2026-23825 - Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An una

CVE-2026-23824 - Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An una

CVE-2026-8431 - An administrative user with access to configure webhooks can execute arbitrary commands by configuri

CVE-2026-8430 - SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that

CVE-2026-8429 - SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space tha

CVE-2026-34684 - Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerabil

CVE-2026-34683 - Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerabil

CVE-2026-34682 - Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerabil

CVE-2026-34681 - Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerabil

CVE-2026-34664 - Substance3D - Designer versions 15.1.0 and earlier are affected by an Improper Limitation of a Pathn

CVE-2026-34660 - Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by an Incorrect Authorization

CVE-2026-34659 - Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by a Deserialization of Untrus

CVE-2026-23823 - A vulnerability in the command line interface of Access Points running AOS-10 could allow an authent

CVE-2026-23822 - A vulnerability in the XML handling component of AOS-8 DHCP services could allow an unauthenticated

CVE-2026-23821 - A vulnerability in the configuration processing logic of Access Points running AOS-10 could allow an

CVE-2026-23820 - A vulnerability in the command line interface of Access Points running AOS-10 and AOS-8 Instant coul

CVE-2026-23819 - A vulnerability in the web-based management interface of Access Points running AOS-10 and AOS-8 Inst

CVE-2026-5146 - Improper access control in the notification management endpoints in Devolutions Server allows an una

CVE-2026-44343 - WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there are critical vulnerabilities aff

CVE-2026-44279 - A improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2

CVE-2026-44278 - A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4

CVE-2026-44277 - A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0

CVE-2026-44204 - Shelf is a platform for tracking physical assets. From 1.12 to before 1.20.1, a SQL injection vulner

CVE-2026-44196 - Pingvin Share X is a secure and easy self-hosted file sharing platform. From 1.14.1 to 1.16.2, a cri

CVE-2026-44184 - Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and

CVE-2026-44183 - Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and

CVE-2026-44167 - phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loadin

CVE-2026-44166 - Pocketbase is an open source web backend written in go. Prior to 0.22.42 and 0.37.4, in some situati

CVE-2026-43929 - ssrfcheck is a library that checks if a string contains a potential SSRF attack. In 1.3.0 and earlie

CVE-2026-43892 - AntSword is a cross-platform website management toolkit. Prior to 2.1.16, incomplete noxss() sanitiz

CVE-2026-43891 - changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulner

CVE-2026-42899 - Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attack

CVE-2026-42898 - Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) al

CVE-2026-42896 - Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate

CVE-2026-42893 - Improper neutralization of special elements used in a command ('command injection') in M365 Copilot

CVE-2026-42891 - User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) all

CVE-2026-42838 - Improper neutralization of special elements in output used by a downstream component ('injection') i

CVE-2026-42833 - Execution with unnecessary privileges in Microsoft Dynamics 365 (on-premises) allows an authorized a

CVE-2026-42832 - Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing loca

CVE-2026-42831 - Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code local

CVE-2026-42830 - Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges loc

CVE-2026-42825 - Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges loca

CVE-2026-42823 - Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over

CVE-2026-42541 - Kubewarden is a policy engine for Kubernetes. Prior to , An attacker with privileged AdmissionPolicy

CVE-2026-42348 - OpenTelemetry.OpAmp.Client is the OpAMP client for OpenTelemetry .NET. Prior to 0.2.0-alpha.1, when

CVE-2026-42303 - Fides is an open-source privacy engineering platform. From 2.75.0 to before 2.83.2, Fides deployment

CVE-2026-42300 - DevGuard provides vulnerability management for the full software supply chain. Prior to 1.2.2, the S

CVE-2026-42177 - linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform

CVE-2026-42175 - requests-hardened is a library that overrides the default behaviors of the requests library, and add

CVE-2026-42141 - Xibo is an open source digital signage platform with a web content management system and Windows dis

CVE-2026-42048 - Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langf

CVE-2026-42045 - LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow

CVE-2026-41895 - changedetection.io is a free open source web page change detection tool. In 0.54.9 and earlier, xpat

CVE-2026-41614 - Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoof

CVE-2026-41613 - Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a

CVE-2026-41612 - Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose informatio

CVE-2026-41611 - Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code

CVE-2026-41610 - Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studi

CVE-2026-41513 - Horilla is an HR and CRM software. In 1.5.0, the notification endpoints trust the unvalidated next p

CVE-2026-41109 - Improper neutralization of special elements in output used by a downstream component ('injection') i

CVE-2026-41107 - External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized atta

CVE-2026-41103 - Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluen

CVE-2026-41102 - Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoo

CVE-2026-41101 - Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing l

CVE-2026-41100 - Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.

CVE-2026-41097 - Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker

CVE-2026-41096 - Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code

CVE-2026-41095 - Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally.

CVE-2026-41094 - Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an una

CVE-2026-41089 - Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over

CVE-2026-41088 - External control of file name or path in Windows Ancillary Function Driver for WinSock allows an aut

CVE-2026-41086 - Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges

CVE-2026-40421 - External control of file name or path in Microsoft Office Word allows an unauthorized attacker to di

CVE-2026-40420 - Improper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate pr

CVE-2026-40419 - Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

CVE-2026-40418 - Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges

CVE-2026-40417 - Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges

CVE-2026-40416 - User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) all

CVE-2026-40415 - Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.

CVE-2026-40414 - Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an a

CVE-2026-40413 - Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an a

CVE-2026-40410 - Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally.

CVE-2026-40408 - Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges lo

CVE-2026-40407 - Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to

CVE-2026-40406 - Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a netw

CVE-2026-40405 - Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a ne

CVE-2026-40403 - Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code lo

CVE-2026-40402 - Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.

CVE-2026-40401 - Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service locally.

CVE-2026-40399 - Stack-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges lo

CVE-2026-40398 - Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privil

CVE-2026-40397 - Integer underflow (wrap or wraparound) in Windows Common Log File System Driver allows an authorized

CVE-2026-40382 - Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges loca

CVE-2026-40381 - Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate pr

CVE-2026-40380 - Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execu

CVE-2026-40379 - Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized

CVE-2026-40377 - Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevat

CVE-2026-40374 - Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized at

CVE-2026-40370 - External control of file name or path in SQL Server allows an authorized attacker to execute code ov

CVE-2026-40369 - Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges

CVE-2026-40368 - Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex

CVE-2026-40367 - Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute co

CVE-2026-40366 - Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-40365 - Insufficient granularity of access control in Microsoft Office SharePoint allows an authorized attac

CVE-2026-40364 - Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an una

CVE-2026-40363 - Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code local

CVE-2026-40362 - Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code

CVE-2026-40361 - Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-40360 - Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information

CVE-2026-40359 - Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-40358 - Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-40357 - Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex

CVE-2026-35440 - Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized

CVE-2026-35439 - Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex

CVE-2026-35438 - Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges ov

CVE-2026-35436 - Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized att

CVE-2026-35433 - Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally.

CVE-2026-35429 - User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows a

CVE-2026-35424 - Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol a

CVE-2026-35423 - Out-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a n

CVE-2026-35422 - Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized atta

CVE-2026-35421 - Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.

CVE-2026-35420 - Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges loc

CVE-2026-35419 - Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information

CVE-2026-35418 - Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate pr

CVE-2026-35417 - Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an au

CVE-2026-35416 - Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to ele

CVE-2026-35415 - Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to

CVE-2026-34687 - Illustrator versions 29.8.6, 30.3 and earlier are affected by a Heap-based Buffer Overflow vulnerabi

CVE-2026-34676 - Substance3D - Painter versions 12.0.2 and earlier are affected by an out-of-bounds write vulnerabili

CVE-2026-34675 - Substance3D - Painter versions 12.0.2 and earlier are affected by an out-of-bounds write vulnerabili

CVE-2026-34663 - Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-of-bounds read vulnerability th

CVE-2026-34662 - Illustrator versions 29.8.6, 30.3 and earlier are affected by a NULL Pointer Dereference vulnerabili

CVE-2026-34661 - Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-of-bounds write vulnerability t

CVE-2026-34644 - After Effects versions 26.0, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound vu

CVE-2026-34643 - After Effects versions 26.0, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability

CVE-2026-34642 - After Effects versions 26.0, 25.6.4 and earlier are affected by a Heap-based Buffer Overflow vulnera

CVE-2026-34640 - Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound

CVE-2026-34639 - Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerabili

CVE-2026-34638 - Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by a Use After Free vulnerability that

CVE-2026-34637 - Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerabilit

CVE-2026-34636 - Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerabilit

CVE-2026-34351 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windo

CVE-2026-34350 - Null pointer dereference in Windows Storport Miniport Driver allows an unauthorized attacker to deny

CVE-2026-34347 - Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

CVE-2026-34345 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windo

CVE-2026-34344 - Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver f

CVE-2026-34343 - Heap-based buffer overflow in Windows Application Identity (AppID) Subsystem allows an authorized at

CVE-2026-34342 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windo

CVE-2026-34341 - Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate

CVE-2026-34340 - Use after free in Windows Projected File System allows an authorized attacker to elevate privileges

CVE-2026-34339 - Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an authorize

CVE-2026-34338 - Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges loca

CVE-2026-34337 - Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate pr

CVE-2026-34336 - Buffer over-read in Windows DWM Core Library allows an authorized attacker to disclose information l

CVE-2026-34334 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windo

CVE-2026-34333 - Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

CVE-2026-34332 - Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a n

CVE-2026-34331 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windo

CVE-2026-34330 - Integer overflow or wraparound in Windows Win32K - GRFX allows an authorized attacker to elevate pri

CVE-2026-34329 - Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute cod

CVE-2026-33841 - Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges loc

CVE-2026-33840 - Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally

CVE-2026-33839 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windo

CVE-2026-33838 - Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally.

CVE-2026-33837 - Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges loc

CVE-2026-33835 - Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate pr

CVE-2026-33834 - Improper access control in Windows Event Logging Service allows an authorized attacker to elevate pr

CVE-2026-33833 - Improper neutralization of special elements in output used by a downstream component ('injection') i

CVE-2026-33821 - Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attac

CVE-2026-33117 - Improper authentication in Azure SDK allows an unauthorized attacker to bypass a security feature ov

CVE-2026-33112 - Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex

CVE-2026-33110 - Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex

CVE-2026-32209 - Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass

CVE-2026-32204 - External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevat

CVE-2026-32185 - Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attack

CVE-2026-32177 - Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.

CVE-2026-32175 - A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attac

CVE-2026-32170 - Double free in Windows Rich Text Edit Control allows an authorized attacker to elevate privileges lo

CVE-2026-32161 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windo

CVE-2026-31245 - The mem0 1.0.0 server lacks authentication and authorization controls for its memory creation API en

CVE-2026-31244 - The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API en

CVE-2026-31243 - The mem0 1.0.0 server lacks authentication and authorization controls for its memory reset and table

CVE-2026-31242 - The mem0 v1.0.0 server lacks authentication and authorization controls for its memory reset function

CVE-2026-31241 - The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API en

CVE-2026-31240 - The mem0 1.0.0 server lacks authentication and authorization controls for its memory management API

CVE-2026-31239 - The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization (CWE-502) wh

CVE-2026-31238 - The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization (CWE-502) in its model se

CVE-2026-31237 - The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization (CWE-502) through its pre