| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Out-of-bounds read in Windows Kernel allows an unauthorized attacker to disclose information over a network. |
| Insufficient granularity of access control in Windows Filtering Platform (WFP) allows an authorized attacker to elevate privileges locally. |
| CVE-2026-40953 is a heap overflow in the
certificate parsing function of Secure Access clients prior to 14.55. Attackers
with local access and administrator permissions can create a denial of service
attack against the client over which they have control. |
| Repomix is a tool that packs repositories into AI-friendly files. Prior to 1.14.1, src/core/git/gitCommand.ts execGitShallowClone passes the --remote-branch value directly to git fetch and git checkout without validation or --end-of-options, allowing --upload-pack or other Git option injection that bypasses validateGitUrl() dangerous parameter checks and can execute commands through local or SSH-style transports. This issue is fixed in version 1.14.1. |
| Exposure of sensitive information to an unauthorized actor in Windows Notification allows an authorized attacker to disclose information locally. |
| Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed. |
| Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed. |
| Use of uninitialized resource in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally. |
| Buffer over-read in Windows Overlay Filter allows an authorized attacker to elevate privileges locally. |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. |
| Exposure of sensitive information to an unauthorized actor in Windows Media allows an unauthorized attacker to disclose information over a network. |
| Exposure of sensitive information to an unauthorized actor in Windows Overlay Filter allows an authorized attacker to disclose information locally. |
| Buffer over-read in Windows Print Spooler Components allows an authorized attacker to disclose information locally. |
| Access of resource using incompatible type ('type confusion') in Windows Connected User Experiences and Telemetry allows an authorized attacker to elevate privileges locally. |
| Use after free in Content Delivery Manager allows an authorized attacker to elevate privileges locally. |
| Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network. |
| Improper authorization in RPC Runtime allows an authorized attacker to elevate privileges locally. |
| Exposure of sensitive information to an unauthorized actor in Windows Win32K allows an authorized attacker to disclose information locally. |
| An issue in DokuWiki 2025-05-14b "Librarian" 56.2 allows a remote attacker to create an account via the register function in inc/auth.php. NOTE: this is disputed by the Supplier because this is the intentional behavior when the product is configured for self-registration (a non-default feature). The supplier also notes that there is no configuration migration scenario that would result in the self-registration being enabled without the administrators knowledge. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Clip Service allows an authorized attacker to elevate privileges locally. |