CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-21257 Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network. | 8.0 | HIGH | β | 0 |
| CVE-2026-21256 Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network. | 8.8 | HIGH | β | 0 |
| CVE-2026-21255 Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally. | 8.8 | HIGH | β | 0 |
| CVE-2026-21253 Use after free in Mailslot File System allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-21251 Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-21250 Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-21249 External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally. | 3.3 | LOW | β | 0 |
| CVE-2026-21248 Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally. | 7.3 | HIGH | β | 0 |
| CVE-2026-21247 Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally. | 7.3 | HIGH | β | 0 |
| CVE-2026-21246 Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-21245 Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-21244 Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally. | 7.3 | HIGH | β | 0 |
| CVE-2026-21243 Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network. | 7.5 | HIGH | β | 0 |
| CVE-2026-21242 Use after free in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-21241 Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-21240 Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-21239 Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-21238 Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-21237 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-21236 Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-21235 Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | 7.3 | HIGH | β | 0 |
| CVE-2026-21234 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-21232 Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-21231 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-21229 Improper input validation in Power BI allows an authorized attacker to execute code over a network. | 8.0 | HIGH | β | 0 |
| CVE-2026-21228 Improper certificate validation in Azure Local allows an unauthorized attacker to execute code over a network. | 8.1 | HIGH | β | 0 |
| CVE-2026-21222 Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | β | 0 |
| CVE-2026-21218 Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network. | 7.5 | HIGH | β | 0 |
| CVE-2026-20846 Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network. | 7.5 | HIGH | β | 0 |
| CVE-2026-20841 Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-1997 Certain HP OfficeJet Pro printers may expose information if CrossβOrigin Resource Sharing (CORS) is misconfigured, potentially allowing unauthorized web origins to access device resource. CORS is dis... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-1996 Certain HP OfficeJet Pro printers may be vulnerable to potential denial of service when the IPP requests are mishandled, failing to establish a TCP connection. | 5.3 | MEDIUM | β | 0 |
| CVE-2026-0653 On TP-Link Tapo C260 v1 and D235 v1, aΒ guestβlevel authenticated user can bypass intended access restrictions by sending crafted requests to a synchronization endpoint. This allows modification of pro... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-0652 On TP-Link Tapo C260 v1, command injection vulnerability exists due to improper sanitization in certain POST parameters during configuration synchronization. An authenticated attacker can execute arbi... | 8.8 | HIGH | β | 0 |
| CVE-2026-0651 A path traversal vulnerability was identified TP-Link Tapo C260 v1, D235 v1 and C520WS v2.6 within the HTTP serverβs handling of GET requests. The server performs path normalization before fully decod... | 7.8 | HIGH | β | 0 |
| CVE-2025-6010 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2026-25530 Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, the getSwimlane API method lacks project-level authorization, allowing authenticated users to access swimlane da... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-24885 Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a Cross-Site Request Forgery (CSRF) vulnerability exists in the ProjectPermissionController within the Kanboard ... | 5.7 | MEDIUM | β | 0 |
| CVE-2025-36522 Incorrect default permissions for some Intel(R) Chipset Software before version 10.1.20266.8668 or later. within Ring 3: User Applications may allow an escalation of privilege. System software adversa... | 6.7 | MEDIUM | β | 0 |
| CVE-2025-36511 Incorrect default permissions for some Intel(R) Memory and Storage Tool before version 2.5.2 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an au... | 6.7 | MEDIUM | β | 0 |
| CVE-2025-35999 Incorrect permission assignment for critical resource for some System Firmware Update Utility (SysFwUpdt) for Intel(R) Server Boards and Intel(R) Server Systems Based before version 16.0.12. within Ri... | 6.7 | MEDIUM | β | 0 |
| CVE-2025-35998 Missing protection mechanism for alternate hardware interface in the Intel(R) Quick Assist Technology for some Intel(R) Platforms within Ring 0: Kernel may allow an escalation of privilege. System sof... | 7.9 | HIGH | β | 0 |
| CVE-2025-35992 Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combine... | 4.7 | MEDIUM | β | 0 |
| CVE-2025-33030 Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated us... | 3.3 | LOW | β | 0 |
| CVE-2025-32739 Improper conditions check in some firmware for some Intel(R) Graphics Drivers and Intel LTS kernels within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an... | 2.8 | LOW | β | 0 |
| CVE-2025-32735 Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combine... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-32467 Use of uninitialized variable for some TDX Module before version tdx1.5 within Ring 0: Hypervisor may allow an information disclosure. Authorized adversary with a privileged user combined with a high ... | 4.1 | MEDIUM | β | 0 |
| CVE-2025-32453 Incorrect default permissions for some Intel(R) Graphics Driver software within Ring 2: Privileged Process may allow an escalation of privilege. Unprivileged software adversary with an authenticated u... | 6.7 | MEDIUM | β | 0 |
| CVE-2025-32452 Uncontrolled search path for some AI Playground before version 2.6.1 beta within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated u... | 6.7 | MEDIUM | β | 0 |
| CVE-2025-32092 Insecure inherited permissions for some Intel(R) Graphics Software before version 25.30.1702.0 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary wi... | 6.7 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.