CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-22614 The encryption mechanism used in Eaton's EasySoft project file wasΒ insecure and susceptible to brute force attacks, an attacker with access to this file and the local host machine could potentially re... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-22627 A buffer copy without checking size of input ('classic buffer overflow') vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an unauthenticated attacker within the same adjacent... | 8.8 | HIGH | β | 0 |
| CVE-2026-22628 An improper access control vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an authenticated admin to execute system commands via a specifically crafted SSH config file. | 5.3 | MEDIUM | β | 0 |
| CVE-2026-22629 An improper restriction of excessive authentication attempts vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4 all versions, FortiAnalyzer 7.2 all versions, FortiAnalyzer ... | 3.7 | LOW | β | 0 |
| CVE-2026-30405 An issue in GoBGP gobgpd v.4.2.0 allows a remote attacker to cause a denial of service via the NEXT_HOP path attribute | 7.5 | HIGH | β | 0 |
| CVE-2026-5573 A weakness has been identified in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. This impacts an unknown function of the file /fs. Executing a manipulation of the argument cwd can lead to unrestricted ... | 7.3 | HIGH | β | 0 |
| CVE-2026-5574 A security vulnerability has been detected in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Affected is the function deletefile of the component FsBrowseClean. The manipulation of the argument dir/pat... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-23654 Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network. | 8.8 | HIGH | β | 0 |
| CVE-2026-23656 Insufficient verification of data authenticity in Windows App Installer allows an unauthorized attacker to perform spoofing over a network. | 5.9 | MEDIUM | β | 0 |
| CVE-2026-23660 Improper access control in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-23661 Cleartext transmission of sensitive information in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network. | 7.5 | HIGH | β | 0 |
| CVE-2026-23662 Missing authentication for critical function in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network. | 7.5 | HIGH | β | 0 |
| CVE-2026-23664 Improper restriction of communication channel to intended endpoints in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network. | 7.5 | HIGH | β | 0 |
| CVE-2026-22316 A remote attacker with user privileges for the webUI can use the setting of the TFTP Filename with a POST Request to trigger a stack-based Buffer Overflow, resulting in a DoS attack. | 6.5 | MEDIUM | β | 0 |
| CVE-2026-5575 A vulnerability was detected in SourceCodester/jkev Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the file index.php of the component Login. The manipulat... | 7.3 | HIGH | β | 0 |
| CVE-2026-23667 Use after free in Broadcast DVR allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-23668 Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-5576 A flaw has been found in SourceCodester/jkev Record Management System 1.0. Affected by this issue is some unknown functionality of the file save_emp.php of the component Add Employee Page. This manipu... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-23671 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-23672 Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2026-23673 Out-of-bounds read in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-23674 Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. | 7.5 | HIGH | β | 0 |
| CVE-2026-24285 Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-23907 This issue affects the ExtractEmbeddedFiles example inΒ Apache PDFBox: from 2.0.24 through 2.0.35, from 3.0.0 through 3.0.6. The ExtractEmbeddedFiles example contains a path traversal vulnerability ... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-24017 An Improper Control of Interaction Frequency vulnerability [CWE-799] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0... | 8.1 | HIGH | β | 0 |
| CVE-2026-24018 A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, FortiClientLinux 7.2.2 through 7.2.12 may allow a local and unprivileged user to escalate their... | 7.8 | HIGH | β | 0 |
| CVE-2026-24282 Out-of-bounds read in Push Message Routing Service allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | β | 0 |
| CVE-2026-24283 Heap-based buffer overflow in Windows File Server allows an authorized attacker to elevate privileges locally. | 8.8 | HIGH | β | 0 |
| CVE-2026-24287 External control of file name or path in Windows Kernel allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-24288 Heap-based buffer overflow in Windows Mobile Broadband allows an unauthorized attacker to execute code with a physical attack. | 6.8 | MEDIUM | β | 0 |
| CVE-2026-24289 Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-24290 Improper access control in Windows Projected File System allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-24291 Incorrect permission assignment for critical resource in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-25169 Divide by zero in Microsoft Graphics Component allows an unauthorized attacker to deny service locally. | 6.2 | MEDIUM | β | 0 |
| CVE-2026-1323 The extension fails to properly define allowed classes used when deserializing transport failure metadata. An attacker may exploit this to execute untrusted serialized code. Note that an active exploi... | N/A | NONE | β | 0 |
| CVE-2026-24292 Use after free in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-24293 Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-24295 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Device Association Service allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-24296 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Device Association Service allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-24297 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kerberos allows an unauthorized attacker to bypass a security feature over a network. | 6.5 | MEDIUM | β | 0 |
| CVE-2026-25178 Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-24640 A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiW... | 6.6 | MEDIUM | β | 0 |
| CVE-2026-24641 A NULL Pointer Dereference vulnerability [CWE-476] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb ... | 2.7 | LOW | β | 0 |
| CVE-2026-25165 Null pointer dereference in Windows Performance Counters allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-25166 Deserialization of untrusted data in Windows System Image Manager allows an authorized attacker to execute code locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-25167 Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally. | 7.4 | HIGH | β | 0 |
| CVE-2026-25168 Null pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to deny service locally. | 6.2 | MEDIUM | β | 0 |
| CVE-2026-25170 Use after free in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-25171 Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2023-7343 HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to t... | 7.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.