Common Vulnerabilities and Exposures (CVE)

CVE-2026-4017

Jul 14, 2026 17:25:13 UTC

Buffer Overflow in the entry handler of the TraceEvent() system call could allow an attacker with local access to cause information disclosure, data tampering or a crash of the QNX Neutrino kernel.

CVE-2026-50296

Jul 14, 2026 17:25:09 UTC

Use after free in Graphics Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-62642

Jul 14, 2026 17:18:18 UTC

In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, an infinite loop was discovered in the TNEF decoder, which may lead to denial of service upon opening an email with a TNEF attachment.

CVE-2026-62643

Jul 14, 2026 17:17:16 UTC

In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts. NO...

CVE-2026-50356

Jul 14, 2026 17:16:26 UTC

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Windows App Store allows an authorized attacker to elevate privileges locally.

CVE-2026-62644

Jul 14, 2026 17:15:20 UTC

In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the password plugin of the Roundcube Webmail was subject to username spoofing via session data, which could lead to account takeover.

CVE-2026-0515

Jul 14, 2026 17:13:07 UTC

Insufficient Parameter Validation in the SchedGet() system call could allow an attacker with local access to cause a crash of the QNX Neutrino kernel.

CVE-2026-55009

Jul 14, 2026 17:12:42 UTC

Deserialization of untrusted data in Microsoft Exchange Server allows an authorized attacker to elevate privileges locally.

CVE-2026-55008

Jul 14, 2026 17:12:42 UTC

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-55006

Jul 14, 2026 17:12:41 UTC

Insufficient granularity of access control in Microsoft Exchange Server allows an authorized attacker to elevate privileges locally.

CVE-2026-55005

Jul 14, 2026 17:12:40 UTC

Heap-based buffer overflow in Microsoft Exchange Server allows an authorized attacker to execute code over a network.

CVE-2026-58529

Jul 14, 2026 17:12:40 UTC

Out-of-bounds read in Active Directory Federation Services (AD FS) allows an authorized attacker to disclose information over a network.

CVE-2026-55121

Jul 14, 2026 17:12:39 UTC

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

CVE-2026-56181

Jul 14, 2026 17:12:39 UTC

Origin validation error in Windows Network Address Translation (NAT) allows an unauthorized attacker to perform spoofing over an adjacent network.

CVE-2026-58638

Jul 14, 2026 17:12:38 UTC

Missing cryptographic step in Windows Boot Loader allows an authorized attacker to bypass a security feature locally.