🔥 Trending CVEs - Last 90 Days

This vulnerability is a use-after-free memory corruption flaw in Microsoft Office Excel that allows an attacker to execute arbitrary code on a victim'...

This vulnerability allows an unauthorized attacker to execute arbitrary code on SharePoint servers through improper input validation. Organizations us...

A heap-based buffer overflow vulnerability in the Windows Cloud Files Mini Filter Driver allows authenticated attackers to execute arbitrary code with...

This vulnerability allows an authenticated attacker to exploit improper link resolution in the Windows Task Host process to elevate privileges locally...

CVE-2026-20938 is an untrusted pointer dereference vulnerability in Windows Virtualization-Based Security (VBS) Enclave that allows an authenticated a...

This vulnerability is a use-after-free flaw in Windows Management Services that allows an authenticated attacker to execute arbitrary code with elevat...

This is a use-after-free vulnerability in the Windows Win32K ICOMP component that allows an authenticated attacker to execute arbitrary code with elev...

A heap-based buffer overflow vulnerability in Windows NTFS allows authenticated attackers to execute arbitrary code locally on affected systems. This ...

This CVE describes a use-after-free vulnerability in Windows Management Services that allows an authenticated attacker to execute arbitrary code with ...

A race condition vulnerability in Windows Management Services allows authenticated attackers to execute code concurrently with improper synchronizatio...

This CVE describes a race condition vulnerability in Windows Management Services that allows an authenticated attacker to escalate privileges on a loc...

This CVE describes a use-after-free vulnerability in Windows Management Services that allows an authenticated attacker to execute arbitrary code with ...

A race condition vulnerability in Windows Management Services allows authenticated attackers to escalate privileges on local systems. This affects Win...

This CVE describes a race condition vulnerability in Windows Management Services that allows an authenticated attacker to escalate privileges on a loc...

This CVE describes a use-after-free vulnerability in the Windows Win32K ICOMP component that allows an authenticated attacker to escalate privileges l...

This CVE describes a use-after-free vulnerability in Desktop Windows Manager that allows an authenticated attacker to execute arbitrary code with elev...

This CVE describes a race condition vulnerability in Windows Management Services that allows an authenticated attacker to escalate privileges on a loc...

This vulnerability is a heap-based buffer overflow in the Connected Devices Platform Service (Cdpsvc) on Windows systems. It allows an authenticated a...

This vulnerability involves a use-after-free memory corruption flaw in Windows Management Services that allows an authenticated attacker to execute ar...

A race condition vulnerability in Windows Management Services allows authenticated attackers to execute code concurrently with improper synchronizatio...

This vulnerability allows an authorized attacker to exploit an untrusted pointer dereference in the Windows Cloud Files Mini Filter Driver to elevate ...

This vulnerability is a use-after-free flaw in Windows Management Services that allows an authenticated attacker to execute arbitrary code with elevat...

This CVE describes a use-after-free vulnerability in Windows Kernel-Mode Drivers that allows an authenticated attacker to execute arbitrary code with ...

This vulnerability is a type confusion flaw in Windows Ancillary Function Driver for WinSock that allows an authenticated attacker to escalate privile...

A heap-based buffer overflow vulnerability in Windows NTFS allows authenticated attackers to execute arbitrary code locally on affected systems. This ...

This vulnerability in Windows Routing and Remote Access Service (RRAS) allows authenticated attackers to escalate privileges on the local system. Atta...

This vulnerability allows an authenticated attacker to execute code with elevated privileges on Windows systems by exploiting a flaw in the Remote Pro...

A heap-based buffer overflow vulnerability in Windows Media allows local attackers to execute arbitrary code on affected systems. This affects Windows...

This CVE describes a race condition vulnerability in the Tablet Windows User Interface (TWINUI) subsystem that allows an authenticated attacker to esc...

A time-of-check time-of-use race condition in Windows Ancillary Function Driver for WinSock allows authenticated attackers to escalate privileges loca...

This vulnerability is a heap-based buffer overflow in the Windows Common Log File System Driver that allows an authenticated attacker to execute arbit...

This vulnerability involves a use-after-free flaw in Microsoft's Graphics Component that allows an authenticated attacker to execute arbitrary code wi...

A Time-of-Check Time-of-Use (TOCTOU) race condition vulnerability in Windows Installer allows authenticated attackers to elevate privileges locally. T...

This vulnerability allows an authenticated attacker with limited privileges to elevate their access rights on Windows systems through improper handlin...

A Time-of-Check Time-of-Use (TOCTOU) race condition vulnerability in the Windows Kernel Memory allows authenticated attackers to escalate privileges l...

This vulnerability in Windows Ancillary Function Driver for WinSock allows an authorized attacker to perform a use-after-free attack on non-heap memor...

This vulnerability is a type confusion flaw in Windows Win32K - ICOMP that allows an authenticated attacker to escalate privileges locally. It affects...

This CVE describes a use-after-free vulnerability in Imagination Technologies GPU drivers where improper reference counting allows non-privileged user...

An authentication bypass vulnerability in NETGEAR Orbi routers allows local network users to access the administrative web interface without credentia...

A Linux kernel vulnerability in IOMMU Shared Virtual Addressing (SVA) on x86 systems allows stale kernel page table entries to persist in IOMMU caches...

This CVE describes a use-after-free vulnerability in the Linux kernel's ksmbd SMB server module. Under high concurrency conditions, a tree-connection ...

This CVE describes a deserialization vulnerability in TYPO3 CMS mail file spool functionality. Local users with write access to the spool directory ca...

This vulnerability allows attackers to execute arbitrary commands on systems running vulnerable versions of Kiro IDE by tricking users into opening ma...

An improper input validation vulnerability in Galaxy Store allows local attackers to execute arbitrary scripts on affected devices. This affects Samsu...

This vulnerability allows local attackers on Samsung devices to execute privileged APIs due to improper access control in SLocation. It affects Samsun...

A use-after-free vulnerability in Samsung's PROCA driver allows local attackers to potentially execute arbitrary code with kernel privileges. This aff...

This vulnerability allows authenticated Backup or Tape Operators to execute arbitrary code with root privileges by creating a malicious backup configu...

This vulnerability allows attackers to execute arbitrary code by exploiting DLL hijacking in PIONEER CORPORATION installers. When users run affected i...

Bio-Formats up to version 8.3.0 has unsafe Java deserialization in the Memoizer class, allowing attackers to execute arbitrary code by providing malic...

CVE-2026-21678 is a heap-buffer-overflow vulnerability in the IccTagXml() function of iccDEV, a library for ICC color management profiles. It allows a...