Common Vulnerabilities and Exposures (CVE)
CVE-2026-20808
Concurrent execution using shared resource with improper synchronization ('race condition') in Printer Association Object allows an authorized attacker to elevate privileges locally.
CVE-2026-20805
Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.
CVE-2026-20804
Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally.
CVE-2026-20965
Improper verification of cryptographic signature in Windows Admin Center allows an authorized attacker to elevate privileges locally.
CVE-2026-20803
Missing authentication for critical function in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-0386
Improper access control in Windows Deployment Services allows an unauthorized attacker to execute code over an adjacent network.
CVE-2026-21265
Windows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. These original certificates are approaching expiration, and devices containing affected certificate versions must update them to maintain Secure Boot functionality an...
CVE-2026-20962
Use of uninitialized resource in Dynamic Root of Trust for Measurement (DRTM) allows an authorized attacker to disclose information locally.
CVE-2026-20045
A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Ci...
CVE-2026-20620
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3, macOS Sonoma 14.8.4. An attacker may be able to cause unexpected system termination or read kernel memo...
CVE-2023-23915
A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed t...
CVE-2023-27533
A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input s...
CVE-2020-6096
An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter r...
CVE-2026-20636
The issue was addressed with improved memory handling. This issue is fixed in iOS 26.3 and iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2026-25964
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, a Path Traversal vulnerability in the RecipeImport workflow of Tandoor Recipes allows authenticated users with import permi...