Common Vulnerabilities and Exposures (CVE)

CVE-2026-1344

Feb 17, 2026 23:43:30 UTC

Tanium addressed an insecure file permissions vulnerability in Enforce Recovery Key Portal.

CVE-2026-2441

Feb 17, 2026 23:20:24 UTC

Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVE-2008-0015

Feb 17, 2026 23:20:24 UTC

Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Serv...

CVE-2024-7694

Feb 17, 2026 23:20:24 UTC

ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files, which can be used to execute arbitrary sys...

CVE-2020-7796

Feb 17, 2026 23:20:23 UTC

Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.

CVE-2026-23599

Feb 17, 2026 23:04:36 UTC

A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking ClearPass OnGuard Software for Linux. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution ...

CVE-2026-22048

Feb 17, 2026 23:01:30 UTC

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.12 and 12.0.0.4 with Single Sign-on enabled and configured to use Microsoft Entra ID (formerly Azure AD) as an IdP are susceptible to a Server-Side Request Forgery (SSRF) ...

CVE-2026-26119

Feb 17, 2026 22:56:03 UTC

Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

CVE-2026-20841

Feb 17, 2026 22:56:03 UTC

Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code locally.

CVE-2026-20846

Feb 17, 2026 22:56:02 UTC

Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network.

CVE-2026-21222

Feb 17, 2026 22:56:01 UTC

Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.

CVE-2026-21228

Feb 17, 2026 22:56:00 UTC

Improper certificate validation in Azure Local allows an unauthorized attacker to execute code over a network.

CVE-2026-1670

Feb 17, 2026 22:56:00 UTC

The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address.

CVE-2026-21231

Feb 17, 2026 22:56:00 UTC

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-21232

Feb 17, 2026 22:55:59 UTC

Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.