TROYANOSYVIRUS

Vulnerabilites CVE

Base de donnees CVE enrichie avec CISA KEV et NVD

Total: 326,239 CVEs
CVE IDCVSSSeveriteKEVObservations
CVE-2026-21313

Audition versions 25.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive informati...

5.5MEDIUM0
CVE-2026-21312

Audition versions 25.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue req...

7.8HIGH0
CVE-2026-21261

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

5.5MEDIUM0
CVE-2026-21260

Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.

7.5HIGH0
CVE-2026-21259

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally.

7.8HIGH0
CVE-2026-21258

Improper input validation in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

5.5MEDIUM0
CVE-2026-21257

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network.

8.0HIGH0
CVE-2026-21256

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network.

8.8HIGH0
CVE-2026-21255

Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally.

8.8HIGH0
CVE-2026-21253

Use after free in Mailslot File System allows an authorized attacker to elevate privileges locally.

7.0HIGH0
CVE-2026-21251

Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privileges locally.

7.8HIGH0
CVE-2026-21250

Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.

7.8HIGH0
CVE-2026-21249

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally.

3.3LOW0
CVE-2026-21248

Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.

7.3HIGH0
CVE-2026-21247

Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.

7.3HIGH0
CVE-2026-21246

Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

7.8HIGH0
CVE-2026-21245

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

7.8HIGH0
CVE-2026-21244

Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.

7.3HIGH0
CVE-2026-21243

Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.

7.5HIGH0
CVE-2026-21242

Use after free in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.

7.0HIGH0
CVE-2026-21241

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

7.0HIGH0
CVE-2026-21240

Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.

7.8HIGH0
CVE-2026-21239

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

7.8HIGH0
CVE-2026-21238

Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

7.8HIGH0
CVE-2026-21237

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.

7.0HIGH0
CVE-2026-21236

Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

7.8HIGH0
CVE-2026-21235

Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

7.3HIGH0
CVE-2026-21234

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.

7.0HIGH0
CVE-2026-21232

Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.

7.8HIGH0
CVE-2026-21231

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.

7.8HIGH0
CVE-2026-21229

Improper input validation in Power BI allows an authorized attacker to execute code over a network.

8.0HIGH0
CVE-2026-21228

Improper certificate validation in Azure Local allows an unauthorized attacker to execute code over a network.

8.1HIGH0
CVE-2026-21222

Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.

5.5MEDIUM0
CVE-2026-21218

Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network.

7.5HIGH0
CVE-2026-20846

Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network.

7.5HIGH0
CVE-2026-20841

Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code locally.

7.8HIGH0
CVE-2026-1997

Certain HP OfficeJet Pro printers may expose information if Cross‑Origin Resource Sharing (CORS) is misconfigured, potentially allowing unauthorized web origins to access device resource. CORS is dis...

5.3MEDIUM0
CVE-2026-1996

Certain HP OfficeJet Pro printers may be vulnerable to potential denial of service when the IPP requests are mishandled, failing to establish a TCP connection.

5.3MEDIUM0
CVE-2026-0653

On TP-Link Tapo C260 v1 and D235 v1, a guest‑level authenticated user can bypass intended access restrictions by sending crafted requests to a synchronization endpoint. This allows modification of pro...

6.5MEDIUM0
CVE-2026-0652

On TP-Link Tapo C260 v1, command injection vulnerability exists due to improper sanitization in certain POST parameters during configuration synchronization. An authenticated attacker can execute arbi...

8.8HIGH0
CVE-2026-0651

On TP-Link Tapo C260 v1 and D235 v1, path traversal is possible due to improper handling of specific GET request paths via https, allowing local unauthenticated probing of filesystem paths. An attacke...

7.8HIGH0
CVE-2025-6010

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

N/ANONE0
CVE-2026-25530

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, the getSwimlane API method lacks project-level authorization, allowing authenticated users to access swimlane da...

4.3MEDIUM0
CVE-2026-24885

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a Cross-Site Request Forgery (CSRF) vulnerability exists in the ProjectPermissionController within the Kanboard ...

5.7MEDIUM0
CVE-2025-36522

Incorrect default permissions for some Intel(R) Chipset Software before version 10.1.20266.8668 or later. within Ring 3: User Applications may allow an escalation of privilege. System software adversa...

6.7MEDIUM0
CVE-2025-36511

Incorrect default permissions for some Intel(R) Memory and Storage Tool before version 2.5.2 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an au...

6.7MEDIUM0
CVE-2025-35999

Incorrect permission assignment for critical resource for some System Firmware Update Utility (SysFwUpdt) for Intel(R) Server Boards and Intel(R) Server Systems Based before version 16.0.12. within Ri...

6.7MEDIUM0
CVE-2025-35998

Missing protection mechanism for alternate hardware interface in the Intel(R) Quick Assist Technology for some Intel(R) Platforms within Ring 0: Kernel may allow an escalation of privilege. System sof...

7.9HIGH0
CVE-2025-35992

Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combine...

4.7MEDIUM0
CVE-2025-33030

Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated us...

3.3LOW0
Page 160 de 6525

This product uses data from the NVD API but is not endorsed or certified by the NVD.