Common Vulnerabilities and Exposures (CVE)
CVE-2026-20871
Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-0659
A maliciously crafted USD file, when loaded or imported into Autodesk Arnold or Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of ...
CVE-2026-20873
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-20098
A vulnerability in the Certificate Management feature of Cisco Meeting Management could allow an authenticated, remote attacker to upload arbitrary files, execute arbitrary commands, and elevate privileges to root on an affected system. ...
CVE-2026-20874
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-0538
A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
CVE-2026-20929
Improper access control in Windows HTTP.sys allows an authorized attacker to elevate privileges over a network.
CVE-2026-0537
A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
CVE-2026-20931
External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network.
CVE-2026-0661
A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
CVE-2026-20948
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-0660
A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
CVE-2026-20949
Improper access control in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-0662
A maliciously crafted project directory, when opening a max file in Autodesk 3ds Max, could lead to execution of arbitrary code in the context of the current process due to an Untrusted Search Path being utilized.
CVE-2026-20950
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.