CVE-2026-0594 - The List Site Contributors plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via

CVE-2025-15486 - The Kunze Law plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's shortco

CVE-2025-15378 - The AJS Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'note_li

CVE-2025-15377 - The Sosh Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versi

CVE-2025-15283 - The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name_d

CVE-2025-15266 - The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress

CVE-2025-15021 - The Gotham Block Extra Light plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a

CVE-2025-15020 - The Gotham Block Extra Light plugin for WordPress is vulnerable to Arbitrary File Read in all versio

CVE-2025-14880 - The Netcash WooCommerce Payment Gateway plugin for WordPress is vulnerable to unauthorized modificat

CVE-2025-14854 - The WP-CRM System plugin for WordPress is vulnerable to unauthorized access due to missing capabilit

CVE-2025-14725 - The Internal Link Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admi

CVE-2025-14615 - The DASHBOARD BUILDER – WordPress plugin for Charts and Graphs plugin for WordPress is vulnerable to

CVE-2025-14613 - The GetContentFromURL plugin for WordPress is vulnerable to Server-Side Request Forgery in all versi

CVE-2025-14502 - The News and Blog Designer Bundle plugin for WordPress is vulnerable to Local File Inclusion in all

CVE-2025-14482 - The Crush.pics Image Optimizer - Image Compression and Optimization plugin for WordPress is vulnerab

CVE-2025-14464 - The PDF Resume Parser plugin for WordPress is vulnerable to Sensitive Information Exposure in all ve

CVE-2025-14389 - The WPBlogSyn plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, an

CVE-2025-14379 - The Testimonials Creator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin

CVE-2025-14301 - The Integration Opvius AI for WooCommerce plugin for WordPress is vulnerable to Path Traversal in al

CVE-2025-13627 - The Makesweat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'makesweat_c

CVE-2025-12178 - The SpiceForms Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via th

CVE-2026-22718 - The VSCode extension for Spring CLI are vulnerable to command injection, resulting in command execut

CVE-2025-68970 - Permission verification bypass vulnerability in the media library module. Impact: Successful exploit

CVE-2025-68969 - Multi-thread race condition vulnerability in the thermal management module. Impact: Successful explo

CVE-2025-68968 - Double free vulnerability in the multi-mode input module. Impact: Successful exploitation of this vu

CVE-2025-68967 - Vulnerability of improper permission control in the print module. Impact: Successful exploitation of

CVE-2025-68966 - Permission control vulnerability in the Notepad module. Impact: Successful exploitation of this vuln

CVE-2025-68965 - Permission control vulnerability in the Notepad module. Impact: Successful exploitation of this vuln

CVE-2025-68964 - Data verification vulnerability in the HiView module. Impact: Successful exploitation of this vulner

CVE-2025-68963 - Man-in-the-middle attack vulnerability in the Clone module. Impact: Successful exploitation of this

CVE-2025-68962 - Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploit

CVE-2025-68961 - Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploit

CVE-2025-68960 - Multi-thread race condition vulnerability in the video framework module. Impact: Successful exploita

CVE-2025-68959 - Permission verification bypass vulnerability in the media library module. Impact: Successful exploit

CVE-2025-68958 - Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitat

CVE-2025-68957 - Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitat

CVE-2025-68956 - Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitat

CVE-2025-68955 - Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploita

CVE-2025-12053 - The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to read a registry value to whic

CVE-2025-12052 - The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to read a registry value to whic

CVE-2025-12051 - The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to read a registry value to whic

CVE-2025-12050 - The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to read a registry value to whic

CVE-2026-22686 - Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.7.0, th

CVE-2026-0716 - A flaw was found in libsoup’s WebSocket frame processing when handling incoming messages. If a non-d

CVE-2023-54341 - Webgrind 1.1 and before contains a reflected cross-site scripting vulnerability that allows unauthen

CVE-2023-54340 - WorkOrder CMS 0.1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to

CVE-2023-54339 - Webgrind 1.1 contains a remote command execution vulnerability that allows unauthenticated attackers

CVE-2023-54338 - Tftpd32 SE 4.60 contains an unquoted service path vulnerability that allows local attackers to poten

CVE-2023-54337 - Sysax Multi Server 6.95 contains a denial of service vulnerability in the administrative password fi

CVE-2023-54336 - Mediconta 3.7.27 contains an unquoted service path vulnerability in the servermedicontservice that a

CVE-2023-54335 - eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login with

CVE-2023-54334 - Explorer32++ 1.3.5.531 contains a buffer overflow vulnerability in Structured Exception Handler (SEH

CVE-2023-54333 - Social-Share-Buttons 2.2.3 contains a critical SQL injection vulnerability in the project_id paramet

CVE-2023-54332 - Jetpack 11.4 contains a cross-site scripting vulnerability in the contact form module that allows at

CVE-2023-54331 - Outline 1.6.0 contains an unquoted service path vulnerability that allows local attackers to potenti

CVE-2023-54330 - Inbit Messenger versions 4.6.0 to 4.9.0 contain a remote stack-based buffer overflow vulnerability t

CVE-2023-54329 - Inbit Messenger 4.6.0 - 4.9.0 contains a remote command execution vulnerability that allows unauthen

CVE-2023-54328 - AimOne Video Converter 2.04 Build 103 contains a buffer overflow vulnerability in its registration f

CVE-2023-53985 - Zstore, now referred to as Zippy CRM, 6.5.4 contains a reflected cross-site scripting vulnerability

CVE-2023-53984 - Clevo HotKey Clipboard 2.1.0.6 contains an unquoted service path vulnerability in the HKClipSvc serv

CVE-2022-50939 - e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated admin

CVE-2022-50938 - CONTPAQi AdminPAQ 14.0.0 contains an unquoted service path vulnerability in the AppKeyLicenseServer

CVE-2022-50937 - Ametys CMS v4.4.1 contains a persistent cross-site scripting vulnerability in the link directory's i

CVE-2022-50936 - WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows att

CVE-2022-50935 - Flame II HSPA USB Modem contains an unquoted service path vulnerability in its Windows service confi

CVE-2022-50934 - Rejected reason: This candidate was withdrawn by its CNA. Further investigation showed that it was n

CVE-2022-50933 - Cain & Abel 4.9.56 contains an unquoted service path vulnerability that allows local attackers to po

CVE-2022-50932 - Kyocera Command Center RX ECOSYS M2035dn contains a directory traversal vulnerability that allows un

CVE-2022-50931 - TeamSpeak 3.5.6 contains an insecure file permissions vulnerability that allows local attackers to r

CVE-2022-50930 - Emerson PAC Machine Edition 9.80 contains an unquoted service path vulnerability in the TrapiServer

CVE-2022-50929 - Connectify Hotspot 2018 contains an unquoted service path vulnerability in its ConnectifyService exe

CVE-2022-50928 - BlueSoleilCS 5.4.277 contains an unquoted service path vulnerability in its Windows service configur

CVE-2022-50927 - Cyclades Serial Console Server 3.3.0 contains a local privilege escalation vulnerability due to over

CVE-2022-50926 - WAGO 750-8212 PFC200 G2 2ETH RS firmware contains a privilege escalation vulnerability that allows a

CVE-2022-50925 - Prowise Reflect version 1.0.9 contains a remote keystroke injection vulnerability that allows attack

CVE-2022-50924 - Private Internet Access 3.3 contains an unquoted service path vulnerability that allows local users

CVE-2022-50923 - Cobian Backup 0.9 contains an unquoted service path vulnerability that allows local users to execute

CVE-2022-50922 - Audio Conversion Wizard v2.01 contains a buffer overflow vulnerability that allows attackers to exec

CVE-2022-50921 - WOW21 5.0.1.9 contains an unquoted service path vulnerability that allows local attackers to potenti

CVE-2022-50920 - Sandboxie-Plus 5.50.2 contains an unquoted service path vulnerability in the SbieSvc Windows service

CVE-2022-50919 - Tdarr 2.00.15 contains an unauthenticated remote code execution vulnerability in its Help terminal t

CVE-2022-50918 - VIVE Runtime Service 1.0.0.4 contains an unquoted service path vulnerability that allows local users

CVE-2022-50917 - ProtonVPN 1.26.0 contains an unquoted service path vulnerability in its WireGuard service configurat

CVE-2022-50916 - e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrators

CVE-2022-50915 - PTPublisher 2.3.4 contains an unquoted service path vulnerability in the PTProtect service that allo

CVE-2022-50914 - EaseUS Data Recovery 15.1.0.0 contains an unquoted service path vulnerability in the EaseUS UPDATE S

CVE-2022-50913 - ITeC ITeCProteccioAppServer contains an unquoted service path vulnerability that allows local attack

CVE-2022-50912 - ImpressCMS 1.4.4 contains a file upload vulnerability with weak extension sanitization that allows a

CVE-2022-50911 - Rejected reason: This candidate was withdrawn by its CNA. Further investigation showed that it was n

CVE-2022-50910 - Beehive Forum 1.5.2 contains a host header injection vulnerability in the forgot password functional

CVE-2022-50909 - Algo 8028 Control Panel version 3.3.3 contains a command injection vulnerability in the fm-data.lua

CVE-2022-50908 - Mailhog 1.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject m

CVE-2022-50907 - e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrative

CVE-2022-50906 - e107 CMS 3.2.1 contains an upload restriction bypass vulnerability that allows authenticated adminis

CVE-2022-50905 - e107 CMS version 3.2.1 contains multiple vulnerabilities that allow cross-site scripting (XSS) attac

CVE-2022-50904 - Wondershare UBackit 2.0.5 contains an unquoted service path vulnerability that allows local users to

CVE-2022-50903 - Wondershare MobileTrans 3.5.9 contains an unquoted service path vulnerability in the ElevationServic

CVE-2022-50902 - Wondershare FamiSafe 1.0 contains an unquoted service path vulnerability in the FSService that allow

CVE-2022-50901 - Wondershare Dr.Fone 11.4.9 contains an unquoted service path vulnerability in the DFWSIDService that

CVE-2022-50900 - Wondershare Dr.Fone 12.0.18 contains an unquoted service path vulnerability that allows local users

CVE-2022-50899 - Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that al

CVE-2022-50898 - NanoCMS 0.4 contains an authenticated file upload vulnerability that allows remote code execution th

CVE-2022-50897 - mPDF 7.0 contains a local file inclusion vulnerability that allows attackers to read arbitrary syste

CVE-2022-50896 - Testa 3.5.1 contains a reflected cross-site scripting vulnerability in the login.php redirect parame

CVE-2022-50895 - Aero CMS 0.0.1 contains a SQL injection vulnerability in the author parameter that allows attackers

CVE-2022-50894 - VIAVIWEB Wallpaper Admin 1.0 contains an SQL injection vulnerability that allows authenticated attac

CVE-2022-50893 - VIAVIWEB Wallpaper Admin 1.0 contains an unauthenticated remote code execution vulnerability in the

CVE-2022-50892 - VIAVIWEB Wallpaper Admin 1.0 contains a SQL injection vulnerability that allows attackers to bypass

CVE-2022-50891 - Owlfiles File Manager 12.0.1 contains a cross-site scripting vulnerability that allows attackers to

CVE-2022-50890 - Owlfiles File Manager 12.0.1 contains a path traversal vulnerability in its built-in HTTP server tha

CVE-2022-50808 - CoolerMaster MasterPlus 1.8.5 contains an unquoted service path vulnerability in the MPService that

CVE-2022-50807 - Rejected reason: This candidate was withdrawn by its CNA. Further investigation showed that it was n

CVE-2022-50806 - 4images 1.9 contains a remote command execution vulnerability that allows authenticated administrato

CVE-2022-50805 - Senayan Library Management System 9.0.0 contains a SQL injection vulnerability in the 'class' parame

CVE-2022-50693 - Splashtop 8.71.12001.0 contains an unquoted service path vulnerability in the Splashtop Software Upd

CVE-2021-47751 - CuteEditor for PHP (now referred to as Rich Text Editor) 6.6 contains a directory traversal vulnerab

CVE-2021-47750 - YouPHPTube <= 7.8 contains a cross-site scripting vulnerability that allows attackers to inject mali

CVE-2021-47749 - YouPHPTube <= 7.8 contains a local file inclusion vulnerability that allows unauthenticated attacker

CVE-2020-36919 - WPForms 1.7.8 contains a cross-site scripting vulnerability in the slider import search feature and

CVE-2020-36911 - Covenant 0.1.3 - 0.5 contains a remote code execution vulnerability that allows attackers to craft m

CVE-2026-23478 - Cal.com is open-source scheduling software. From 3.1.6 to before 6.0.7, there is a vulnerability in

CVE-2025-68947 - NSecsoft 'NSecKrnl' is a Windows driver that allows a local, authenticated attacker to terminate pro

CVE-2025-68658 - Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP us

CVE-2026-22871 - GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, there is a path traversa

CVE-2026-22870 - GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, GuardDog's safe_extract(

CVE-2026-22869 - Eigent is a multi-agent Workforce. A critical security vulnerability in the CI workflow (.github/wor

CVE-2026-22868 - go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable

CVE-2026-22862 - go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable

CVE-2026-22861 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and appli

CVE-2026-21303 - Substance3D - Modeler versions 1.22.4 and earlier are affected by an Out-of-bounds Read vulnerabilit

CVE-2026-21302 - Substance3D - Modeler versions 1.22.4 and earlier are affected by an Out-of-bounds Read vulnerabilit

CVE-2026-21301 - Substance3D - Modeler versions 1.22.4 and earlier are affected by a NULL Pointer Dereference vulnera

CVE-2026-21300 - Substance3D - Modeler versions 1.22.4 and earlier are affected by a NULL Pointer Dereference vulnera

CVE-2026-21299 - Substance3D - Modeler versions 1.22.4 and earlier are affected by an out-of-bounds write vulnerabili

CVE-2026-21298 - Substance3D - Modeler versions 1.22.4 and earlier are affected by an out-of-bounds write vulnerabili

CVE-2026-0543 - Improper Input Validation (CWE-20) in Kibana's Email Connector can allow an attacker to cause an Exc

CVE-2026-0531 - Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana Fleet can lead to Excessive

CVE-2026-0530 - Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana Fleet can lead to Excessive

CVE-2026-0528 - Improper Validation of Array Index (CWE-129) exists in Metricbeat can allow an attacker to cause a D

CVE-2025-37186 - A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking Virtual I

CVE-2025-15056 - A lack of data validation vulnerability in the HTML export feature in Quill in allows Cross-Site Scr

CVE-2026-22818 - Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.

CVE-2026-22817 - Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.

CVE-2026-22814 - @adonisjs/lucid is an SQL ORM for AdonisJS built on top of Knex. Prior to 21.8.2 and 22.0.0-next.6,

CVE-2026-22809 - tarteaucitron.js is a compliant and accessible cookie banner. Prior to 1.29.0, a Regular Expression

CVE-2026-21308 - Substance3D - Designer versions 15.0.3 and earlier are affected by an Out-of-bounds Read vulnerabili

CVE-2026-21307 - Substance3D - Designer versions 15.0.3 and earlier are affected by an out-of-bounds write vulnerabil

CVE-2026-21306 - Substance3D - Sampler versions 5.1.0 and earlier are affected by an out-of-bounds write vulnerabilit

CVE-2026-21305 - Substance3D - Painter versions 11.0.3 and earlier are affected by an out-of-bounds write vulnerabili

CVE-2026-21287 - Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that

CVE-2025-68931 - Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2,

CVE-2025-68925 - Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2,

CVE-2025-68704 - Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2,

CVE-2025-68703 - Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2,

CVE-2025-68702 - Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2,

CVE-2025-68701 - Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2,

CVE-2025-68698 - Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2,

CVE-2025-37179 - Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for ha

CVE-2025-37178 - Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for ha

CVE-2025-37177 - An arbitrary file deletion vulnerability has been identified in the command-line interface of mobili

CVE-2025-37176 - A command injection vulnerability in AOS-8 allows an authenticated privileged user to alter a packag

CVE-2025-37175 - Arbitrary file upload vulnerability exists in the web-based management interface of mobility conduct

CVE-2025-37174 - Authenticated arbitrary file write vulnerability exists in the web-based management interface of mob

CVE-2025-37173 - An improper input handling vulnerability exists in the web-based management interface of mobility co

CVE-2025-37172 - Authenticated command injection vulnerabilities exist in the web-based management interface of mobil

CVE-2025-37171 - Authenticated command injection vulnerabilities exist in the web-based management interface of mobil

CVE-2025-37170 - Authenticated command injection vulnerabilities exist in the web-based management interface of mobil

CVE-2025-37169 - A stack overflow vulnerability exists in the AOS-10 web-based management interface of a Mobility Gat

CVE-2025-37168 - Arbitrary file deletion vulnerability have been identified in a system function of mobility conducto

CVE-2026-22791 - openCryptoki is a PKCS#11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap

CVE-2026-21304 - InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vuln

CVE-2026-21288 - Illustrator versions 29.8.3, 30.0 and earlier are affected by a NULL Pointer Dereference vulnerabili

CVE-2026-21283 - Bridge versions 15.1.2, 16.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability

CVE-2026-21281 - InCopy versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability

CVE-2026-21280 - Illustrator versions 29.8.3, 30.0 and earlier are affected by an Untrusted Search Path vulnerability

CVE-2026-21278 - InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Out-of-bounds Read vulnerabili

CVE-2026-21277 - InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vuln

CVE-2026-21276 - InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Access of Uninitialized Pointe

CVE-2026-21275 - InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Access of Uninitialized Pointe

CVE-2026-21274 - Dreamweaver Desktop versions 21.6 and earlier are affected by an Incorrect Authorization vulnerabili

CVE-2026-21272 - Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerabi

CVE-2026-21271 - Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerabi

CVE-2026-21268 - Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerabi

CVE-2026-21267 - Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Neutralization of Special

CVE-2026-21226 - Deserialization of untrusted data in Azure Core shared client library for Python allows an authorize

CVE-2025-68949 - n8n is an open source workflow automation platform. From 1.36.0 to before 2.2.0, the Webhook node’s

CVE-2025-68271 - OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or mor

CVE-2026-21265 - Windows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. These original certificate

CVE-2026-21224 - Stack-based buffer overflow in Azure Connected Machine Agent allows an authorized attacker to elevat

CVE-2026-21221 - Concurrent execution using shared resource with improper synchronization ('race condition') in Capab

CVE-2026-21219 - Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.

CVE-2026-20965 - Improper verification of cryptographic signature in Windows Admin Center allows an authorized attack

CVE-2026-20963 - Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to

CVE-2026-20962 - Use of uninitialized resource in Dynamic Root of Trust for Measurement (DRTM) allows an authorized a

CVE-2026-20959 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of

CVE-2026-20958 - Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to d

CVE-2026-20957 - Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to

CVE-2026-20956 - Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute c

CVE-2026-20955 - Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute c

CVE-2026-20953 - Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-20952 - Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-20951 - Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to execute

CVE-2026-20950 - Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-20949 - Improper access control in Microsoft Office Excel allows an unauthorized attacker to bypass a securi

CVE-2026-20948 - Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute co

CVE-2026-20947 - Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Of

CVE-2026-20946 - Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally

CVE-2026-20944 - Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-20943 - Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-20941 - Improper link resolution before file access ('link following') in Host Process for Windows Tasks all

CVE-2026-20940 - Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker t

CVE-2026-20939 - Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an author

CVE-2026-20938 - Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an autho

CVE-2026-20937 - Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an author

CVE-2026-20936 - Out-of-bounds read in Windows NDIS allows an authorized attacker to disclose information with a phys

CVE-2026-20935 - Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an unaut

CVE-2026-20934 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windo

CVE-2026-20932 - Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an author

CVE-2026-20931 - External control of file name or path in Windows Telephony Service allows an authorized attacker to

CVE-2026-20929 - Improper access control in Windows HTTP.sys allows an authorized attacker to elevate privileges over

CVE-2026-20927 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windo

CVE-2026-20926 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windo

CVE-2026-20925 - External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spo

CVE-2026-20924 - Use after free in Windows Management Services allows an authorized attacker to elevate privileges lo

CVE-2026-20923 - Use after free in Windows Management Services allows an authorized attacker to elevate privileges lo

CVE-2026-20922 - Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.

CVE-2026-20921 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windo

CVE-2026-20920 - Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally

CVE-2026-20919 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windo

CVE-2026-20918 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windo

CVE-2026-20877 - Use after free in Windows Management Services allows an authorized attacker to elevate privileges lo

CVE-2026-20876 - Heap-based buffer overflow in Windows Virtualization-Based Security (VBS) Enclave allows an authoriz

CVE-2026-20875 - Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an una

CVE-2026-20874 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windo

CVE-2026-20873 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windo

CVE-2026-20872 - External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spo

CVE-2026-20871 - Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locall

CVE-2026-20870 - Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally

CVE-2026-20869 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windo

CVE-2026-20868 - Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorize

CVE-2026-20867 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windo

CVE-2026-20866 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windo

CVE-2026-20865 - Use after free in Windows Management Services allows an authorized attacker to elevate privileges lo

CVE-2026-20864 - Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attac

CVE-2026-20863 - Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

CVE-2026-20862 - Exposure of sensitive information to an unauthorized actor in Windows Management Services allows an

CVE-2026-20861 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windo

CVE-2026-20860 - Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver f

CVE-2026-20859 - Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges lo

CVE-2026-20858 - Use after free in Windows Management Services allows an authorized attacker to elevate privileges lo