Common Vulnerabilities and Exposures (CVE)

CVE-2026-42936

Jul 15, 2026 05:12:08 UTC

The installer of HYPER SBI 2 insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when invoking the affected installer, arbitrary code may be executed with the privilege of the user invoking the installer...

CVE-2026-12505

Jul 15, 2026 04:44:43 UTC

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by...

CVE-2026-32144

Jul 15, 2026 04:14:22 UTC

Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows OCSP designated-responder authorization bypass via missing signature verification. The OCSP response validation in public_key:pkix_ocsp_vali...

CVE-2026-42789

Jul 15, 2026 04:14:19 UTC

Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP public_key (pubkey_cert module) allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In lib/public_key/sr...

CVE-2026-28808

Jul 15, 2026 04:14:15 UTC

Incorrect Authorization vulnerability in Erlang OTP (inets modules) allows unauthenticated access to CGI scripts protected by directory rules when served via script_alias. When script_alias maps a URL prefix to a directory outside Document...

CVE-2026-49759

Jul 15, 2026 04:14:13 UTC

Stack-based Buffer Overflow vulnerability in Erlang OTP erts (inet_drv) allows an unauthenticated remote attacker to crash the BEAM VM by sending a crafted SCTP ERROR chunk. The sctp_parse_error_chunk function in erts/emulator/drivers/comm...

CVE-2026-32146

Jul 15, 2026 04:14:12 UTC

Improper path validation vulnerability in the Gleam compiler's handling of git dependencies allows arbitrary file system modification during dependency download. Dependency names from gleam.toml and manifest.toml are incorporated into file...

CVE-2026-55954

Jul 15, 2026 04:14:10 UTC

Authentication Bypass by Spoofing vulnerability in ueberauth ueberauth_apple allows account takeover via unvalidated ID token claims. The Ueberauth.Strategy.Apple.Token.payload/2 function verifies the JWT signature of the callback id_token...

CVE-2026-42790

Jul 15, 2026 04:14:08 UTC

Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subo...

CVE-2026-57107

Jul 15, 2026 04:01:11 UTC

Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges locally.

CVE-2026-49178

Jul 15, 2026 04:01:10 UTC

Heap-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code over a network.

CVE-2026-49164

Jul 15, 2026 04:01:09 UTC

Heap-based buffer overflow in Active Directory Domain Services allows an unauthorized attacker to execute code over a network.

CVE-2026-55884

Jul 15, 2026 04:01:09 UTC

Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.20.8 through 0.37.3, the Tilt HUD HTTP server registers handlers on a gorilla/mux router with no authenticating middleware. When the HUD is bound to a non-loo...

CVE-2026-48358

Jul 15, 2026 04:01:08 UTC

Adobe Commerce is affected by an Improper Encoding or Escaping of Output vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is ...

CVE-2026-15777

Jul 15, 2026 04:01:07 UTC

Use after free in UI in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security sever...