VIR Vulnerability Intelligence Relay

Search

Found 1,508 results in 195ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-41095 high 7.8 7.8 FIX windows windows 22d ago Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally.
CVE-2026-41094 high 8.8 8.8 windows windows microsoft 22d ago Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network.
CVE-2026-41088 high 7.8 7.8 FIX windows windows 22d ago Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-41086 high 8.8 8.8 windows windows microsoft 22d ago Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
CVE-2026-40420 high 8.8 8.8 windows windows microsoft 22d ago Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVE-2026-40419 high 7.8 7.8 windows windows microsoft 22d ago Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVE-2026-40418 high 7.8 7.8 windows windows microsoft 22d ago Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVE-2026-40417 high 7.8 7.8 windows windows microsoft 22d ago Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally.
CVE-2026-40415 high 8.1 8.1 FIX windows windows 22d ago Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.
CVE-2026-40414 high 7.4 7.4 FIX windows windows 22d ago Windows TCP/IP Denial of Service Vulnerability
CVE-2026-40413 high 7.4 7.4 FIX windows windows 22d ago Windows TCP/IP Denial of Service Vulnerability
CVE-2026-40410 high 7.0 7.0 FIX windows windows 22d ago Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally.
CVE-2026-40408 high 7.8 7.8 FIX windows windows 22d ago Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
CVE-2026-40407 high 7.8 7.8 FIX windows windows 22d ago Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-40406 high 7.5 7.5 FIX windows windows 22d ago Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.
CVE-2026-40405 high 7.5 7.5 FIX windows windows 22d ago Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network.
CVE-2026-40403 high 8.8 8.8 FIX windows windows 22d ago Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
CVE-2026-40401 high 7.1 7.1 FIX windows windows 22d ago Windows TCP/IP Denial of Service Vulnerability
CVE-2026-40399 high 7.8 7.8 FIX windows windows 22d ago Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2026-40398 high 7.8 7.8 FIX windows windows 22d ago Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
CVE-2026-40397 high 7.8 7.8 FIX windows windows 22d ago Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-40382 high 7.8 7.8 FIX windows windows 22d ago Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
CVE-2026-40381 high 7.8 7.8 windows windows microsoft 22d ago Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-40377 high 7.8 7.8 FIX windows windows 22d ago Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.
CVE-2026-40370 high 8.8 8.8 windows windows 22d ago External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.
CVE-2026-40369 high 7.8 7.8 FIX windows windows 22d ago Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-40368 high 8.0 8.0 windows windows microsoft 22d ago Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-40367 high 8.4 8.4 windows windows microsoft 22d ago Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40366 high 8.4 8.4 windows windows microsoft 22d ago Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40365 high 8.8 8.8 windows windows microsoft 22d ago Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-40364 high 8.4 8.4 windows windows microsoft 22d ago Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40363 high 8.4 8.4 windows windows microsoft 22d ago Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-40362 high 7.8 7.8 windows windows microsoft 22d ago Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-40361 high 8.4 8.4 windows windows microsoft 22d ago Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-40360 high 7.8 7.8 windows windows microsoft 22d ago Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-40359 high 7.8 7.8 windows windows microsoft 22d ago Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-40358 high 8.4 8.4 windows windows microsoft 22d ago Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-40357 high 8.8 8.8 windows windows microsoft 22d ago Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-35439 high 8.8 8.8 windows windows microsoft 22d ago Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-35438 high 8.3 8.3 windows windows microsoft 22d ago Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
CVE-2026-35436 high 8.8 8.8 windows windows microsoft 22d ago Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVE-2026-35433 high 7.3 7.3 windows windows 22d ago Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
CVE-2026-35424 high 7.5 7.5 FIX windows windows 22d ago Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.
CVE-2026-35421 high 7.8 7.8 FIX windows windows 22d ago Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.
CVE-2026-35420 high 7.8 7.8 FIX windows windows 22d ago Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-35418 high 7.8 7.8 FIX windows windows 22d ago Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-35417 high 7.8 7.8 FIX windows windows 22d ago Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-35416 high 7.0 7.0 FIX windows windows 22d ago Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-35415 high 7.8 7.8 FIX windows windows 22d ago Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.
CVE-2026-34351 high 7.8 7.8 FIX windows windows 22d ago Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2026-34347 high 7.0 7.0 FIX windows windows 22d ago Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-34345 high 7.0 7.0 FIX windows windows 22d ago Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-34344 high 7.8 7.8 FIX windows windows 22d ago Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-34343 high 7.8 7.8 FIX windows windows 22d ago Heap-based buffer overflow in Windows Application Identity (AppID) Subsystem allows an authorized attacker to elevate privileges locally.
CVE-2026-34342 high 7.0 7.0 FIX windows windows 22d ago Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.
CVE-2026-34341 high 7.0 7.0 FIX windows windows 22d ago Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally.
CVE-2026-34340 high 7.0 7.0 FIX windows windows 22d ago Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-34338 high 7.8 7.8 FIX windows windows 22d ago Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
CVE-2026-34337 high 7.8 7.8 FIX windows windows 22d ago Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-34336 high 7.8 7.8 FIX windows windows 22d ago Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-34334 high 7.8 7.8 FIX windows windows 22d ago Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2026-34333 high 7.8 7.8 FIX windows windows 22d ago Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-34332 high 8.0 8.0 FIX windows windows 22d ago Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network.
CVE-2026-34331 high 7.0 7.0 FIX windows windows 22d ago Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-34330 high 7.8 7.8 FIX windows windows 22d ago Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-34329 high 8.8 8.8 FIX windows windows 22d ago Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network.
CVE-2026-33841 high 7.8 7.8 FIX windows windows 22d ago Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-33840 high 7.8 7.8 FIX windows windows 22d ago Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-33839 high 7.0 7.0 FIX windows windows 22d ago Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-33838 high 7.8 7.8 FIX windows windows 22d ago Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally.
CVE-2026-33837 high 7.8 7.8 FIX windows windows 22d ago Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2026-33835 high 7.8 7.8 FIX windows windows 22d ago Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-33834 high 7.8 7.8 FIX windows windows 22d ago Improper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally.
CVE-2026-33833 high 8.2 8.2 windows windows microsoft 22d ago Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-33821 high 7.7 7.7 windows windows microsoft 22d ago Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network.
CVE-2026-33112 high 8.8 8.8 windows windows microsoft 22d ago Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-33110 high 8.8 8.8 windows windows microsoft 22d ago Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-32204 high 7.8 7.8 windows windows microsoft 22d ago External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-32177 high 7.3 7.3 windows windows 22d ago Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
CVE-2026-32161 high 7.5 7.5 FIX windows windows 22d ago Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Native WiFi Miniport Driver allows an unauthorized attacker to execute code over an adjacent net…
CVE-2026-43284 high 8.8 9.8 EXPFIX rhel slesdebian debian awsgoogle 23d ago In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP marks…
CVE-2026-7790 high 7.5 7.5 debian debianwindows windows ninenines 23d ago cowlib cow_http_te module: Uncontrolled Resource Consumption vulnerability allows Excessive Allocation
CVE-2026-5172 high 7.3 7.3 FIX debian debian sleswindows windows 23d ago A buffer overflow in dnsmasq’s extract_addresses() function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extract_name() to advanc…
CVE-2026-43500 high 7.8 8.8 EXPFIX slesdebian debian linux-kernel 24d ago In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrpc_input_call_event() and th…
CVE-2026-8177 high 7.5 7.5 FIX debian debian sleswindows windows 24d ago XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UT…
CVE-2026-45186 high 7.5 7.5 FIX debian debian sleswindows windows libexpat_project 25d ago RHSA-2026:22721: expat security update (Important)
CVE-2026-7568 high 7.5 7.5 FIX slesdebian debianwindows windows php 25d ago Important: php:8.2 security update
CVE-2026-7262 high 7.5 7.5 FIX slesdebian debianwindows windows php 25d ago Important: php:8.2 security update
CVE-2026-7258 high 7.5 7.5 FIX slesdebian debianwindows windows php 25d ago Important: php:8.2 security update
CVE-2026-6666 high 7.5 7.5 FIX debian debianwindows windows pgbouncer 26d ago A possible null pointer reference in PgBouncer before 1.25.2 could lead to a crash, if a server sends an error response without SQLSTATE field.
CVE-2026-6664 high 7.5 7.5 FIX debian debianwindows windows pgbouncer 26d ago An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malforme…
CVE-2026-43464 high 7.5 7.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix XDP multi-buf frag counting for legacy RQ XDP multi-buf programs can modify the layout of the XDP buffer when …
CVE-2026-43456 high 7.8 7.8 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: bonding: fix type confusion in bond_setup_by_slave() kernel BUG at net/core/skbuff.c:2306! Oops: invalid opcode: 0000 [#1] SMP KA…
CVE-2026-43353 high 7.8 7.8 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Fix race in DMA ring dequeue The HCI DMA dequeue path (hci_dma_dequeue_xfer()) may be invoked for multiple tra…
CVE-2026-43352 high 7.8 7.8 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Correct RING_CTRL_ABORT handling in DMA dequeue The logic used to abort the DMA ring contains several flaws: …
CVE-2026-43321 high 7.8 7.8 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: bpf: Properly mark live registers for indirect jumps For a `gotox rX` instruction the rX register should be marked as used in the…
CVE-2026-43303 high 7.8 7.8 FIX sles rheldebian debian 27d ago In the Linux kernel, the following vulnerability has been resolved: mm/page_alloc: clear page->private in free_pages_prepare() Several subsystems (slub, shmem, ttm, etc.) use page->private but don'…
CVE-2026-41105 high 8.1 8.1 windows windows microsoft 27d ago Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a network.
CVE-2026-35435 high 8.6 8.6 windows windows microsoft 27d ago Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-34327 high 8.2 8.2 windows windows microsoft 27d ago Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network.