Common Vulnerabilities and Exposures (CVE)

CVE-2026-20922

Feb 26, 2026 15:04:30 UTC

Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.

A vulnerability in Brocade Fabric OS versions before 9.2.1c2 could allow an administrator-level user to execute the bind command, to escalate privileges and bypass security controls allowing the execution of arbitrary commands.

CVE-2026-20923

Feb 26, 2026 15:04:29 UTC

Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.

CVE-2026-0383

Feb 26, 2026 15:04:29 UTC

A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to access the Bash shell to access insecurely stored file contents including the history command.

CVE-2026-20924

Feb 26, 2026 15:04:29 UTC

Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.

CVE-2025-9711

Feb 26, 2026 15:04:29 UTC

A vulnerability in Brocade Fabric OS before 9.2.1c3 could allow elevating the privileges of the local authenticated user to “root” using the export option of seccertmgmt and seccryptocfg commands.

CVE-2026-20926

Feb 26, 2026 15:04:29 UTC

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.

CVE-2025-67848

Feb 26, 2026 15:04:29 UTC

A flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability (LTI) Provider. The issue arises from the LTI authentication handlers failing to enforce...

CVE-2026-20934

Feb 26, 2026 15:04:28 UTC

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.

CVE-2025-67849

Feb 26, 2026 15:04:28 UTC

A flaw was found in Moodle. This cross-site scripting (XSS) vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised p...

CVE-2026-20938

Feb 26, 2026 15:04:28 UTC

Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.

CVE-2025-67850

Feb 26, 2026 15:04:28 UTC

A flaw was found in moodle. This vulnerability, known as Cross-Site Scripting (XSS), occurs due to insufficient checks on user-provided data in the formula editor's arithmetic expression fields. A remote attacker could inject malicious code...

CVE-2026-20940

Feb 26, 2026 15:04:28 UTC

Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-1814

Feb 26, 2026 15:04:28 UTC

Rapid7 Nexpose versions 6.4.50 and later are vulnerable to an insufficient entropy issue in the CredentialsKeyStorePassword.generateRandomPassword() method. When updating legacy keystore passwords, the application generates a new password w...

CVE-2026-20943

Feb 26, 2026 15:04:27 UTC

Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally.

Page: 234