Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2026-21243 Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network. | 7.5 | HIGH | — | 0 |
| CVE-2026-21242 Use after free in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2026-21241 Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2026-21240 Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2026-21239 Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2026-21238 Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2026-21237 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2026-21236 Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2026-21235 Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | 7.3 | HIGH | — | 0 |
| CVE-2026-21234 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2026-21232 Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2026-21231 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2026-21229 Improper input validation in Power BI allows an authorized attacker to execute code over a network. | 8.0 | HIGH | — | 0 |
| CVE-2026-21228 Improper certificate validation in Azure Local allows an unauthorized attacker to execute code over a network. | 8.1 | HIGH | — | 0 |
| CVE-2026-21222 Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-21218 Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network. | 7.5 | HIGH | — | 0 |
| CVE-2026-20846 Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network. | 7.5 | HIGH | — | 0 |
| CVE-2026-20841 Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code locally. | 7.8 | HIGH | — | 0 |
| CVE-2026-1997 Certain HP OfficeJet Pro printers may expose information if Cross‑Origin Resource Sharing (CORS) is misconfigured, potentially allowing unauthorized web origins to access device resource. CORS is dis... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-1996 Certain HP OfficeJet Pro printers may be vulnerable to potential denial of service when the IPP requests are mishandled, failing to establish a TCP connection. | 5.3 | MEDIUM | — | 0 |
| CVE-2026-0653 On TP-Link Tapo C260 v1 and D235 v1, a guest‑level authenticated user can bypass intended access restrictions by sending crafted requests to a synchronization endpoint. This allows modification of pro... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-0652 On TP-Link Tapo C260 v1, command injection vulnerability exists due to improper sanitization in certain POST parameters during configuration synchronization. An authenticated attacker can execute arbi... | 8.8 | HIGH | — | 0 |
| CVE-2026-0651 A path traversal vulnerability was identified TP-Link Tapo C260 v1, D235 v1 and C520WS v2.6 within the HTTP server’s handling of GET requests. The server performs path normalization before fully decod... | 7.8 | HIGH | — | 0 |
| CVE-2025-6010 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2026-25530 Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, the getSwimlane API method lacks project-level authorization, allowing authenticated users to access swimlane da... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-24885 Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a Cross-Site Request Forgery (CSRF) vulnerability exists in the ProjectPermissionController within the Kanboard ... | 5.7 | MEDIUM | — | 0 |
| CVE-2025-36522 Incorrect default permissions for some Intel(R) Chipset Software before version 10.1.20266.8668 or later. within Ring 3: User Applications may allow an escalation of privilege. System software adversa... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-36511 Incorrect default permissions for some Intel(R) Memory and Storage Tool before version 2.5.2 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an au... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-35999 Incorrect permission assignment for critical resource for some System Firmware Update Utility (SysFwUpdt) for Intel(R) Server Boards and Intel(R) Server Systems Based before version 16.0.12. within Ri... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-35998 Missing protection mechanism for alternate hardware interface in the Intel(R) Quick Assist Technology for some Intel(R) Platforms within Ring 0: Kernel may allow an escalation of privilege. System sof... | 7.9 | HIGH | — | 0 |
| CVE-2025-35992 Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combine... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-33030 Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated us... | 3.3 | LOW | — | 0 |
| CVE-2025-32739 Improper conditions check in some firmware for some Intel(R) Graphics Drivers and Intel LTS kernels within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an... | 2.8 | LOW | — | 0 |
| CVE-2025-32735 Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combine... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-32467 Use of uninitialized variable for some TDX Module before version tdx1.5 within Ring 0: Hypervisor may allow an information disclosure. Authorized adversary with a privileged user combined with a high ... | 4.1 | MEDIUM | — | 0 |
| CVE-2025-32453 Incorrect default permissions for some Intel(R) Graphics Driver software within Ring 2: Privileged Process may allow an escalation of privilege. Unprivileged software adversary with an authenticated u... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-32452 Uncontrolled search path for some AI Playground before version 2.6.1 beta within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated u... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-32092 Insecure inherited permissions for some Intel(R) Graphics Software before version 25.30.1702.0 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary wi... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-32008 Out-of-bounds write in the firmware for the Intel(R) AMT and Intel(R) Standard Manageability within Ring 3: User Applications may allow a denial of service. Network adversary with an unauthenticated u... | 8.6 | HIGH | — | 0 |
| CVE-2025-32007 Out-of-bounds read for some TDX before version tdx module 1.5.24 within Ring 0: Hypervisor may allow an information disclosure. Authorized adversary with a privileged user combined with a low complexi... | 4.4 | MEDIUM | — | 0 |
| CVE-2025-32003 Out-of-bounds read in the firmware for some 100GbE Intel(R) Ethernet Network Adapter E810 before version cvl fw 1.7.6, cpk 1.3.7 within Ring 0: Bare Metal OS may allow a denial of service. Network adv... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-31944 Race condition for some TDX Module before version tdx1.5 within Ring 0: Hypervisor may allow a denial of service. Authorized adversary with a privileged user combined with a high complexity attack may... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-31655 Incorrect default permissions for some Intel(R) Battery Life Diagnostic Tool within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticate... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-31648 Improper handling of values in the microcode flow for some Intel(R) Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high co... | 3.9 | LOW | — | 0 |
| CVE-2025-30513 Race condition for some TDX Module within Ring 0: Hypervisor may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable esc... | 7.9 | HIGH | — | 0 |
| CVE-2025-30508 Improper authorization in the Intel(R) Quick Assist Technology for some Intel(R) Platforms within Ring 0: Kernel may allow a denial of service. Unprivileged software adversary with an authenticated us... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-27940 Out-of-bounds read for some TDX Module before version tdx1.5 within Ring 0: Hypervisor may allow an information disclosure. Software side channel adversary with a privileged user combined with a high ... | 4.1 | MEDIUM | — | 0 |
| CVE-2025-27708 Out-of-bounds read in the firmware for some Intel(R) Converged Security and Management Engine (CSME) Firmware (FW) within Ring 0: Kernel may allow an information disclosure. System software adversary ... | 4.1 | MEDIUM | — | 0 |
| CVE-2025-27572 Exposure of sensitive information during transient execution for some TDX within Ring 0: Hypervisor may allow an information disclosure. Authorized adversary with a privileged user combined with a hig... | 4.1 | MEDIUM | — | 0 |
| CVE-2025-27560 Loop with unreachable exit condition ('infinite loop') for some Intel(R) Platform within Ring 0: Kernel may allow a denial of service. System software adversary with a privileged user combined with a ... | 6.0 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.