Common Vulnerabilities and Exposures (CVE)
CVE-2017-20272
Joomla Ultimate Property Listing 1.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the sf_selectuser_id parameter. Attackers can send GET...
CVE-2026-3195
A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the `virtio_snd_pcm_in_cb` function did not check whether the iov could fit the data buffer, potentially leading to a heap out-of-bounds write. This...
CVE-2026-3196
An integer overflow vulnerability was found in the virtio-snd device via PCM_INFO requests from the guest. A malicious guest can provide out-of-bounds stream counts, potentially leading to unbounded memory allocation on the host and a denia...
CVE-2017-20271
Joomla StreetGuessr Game 1.1.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid parameter. Attackers can send GET requests to index....
CVE-2017-20270
Joomla! Component Twitch Tv 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username and id parameters. Attackers can send GET reques...
CVE-2017-20269
Joomla! Component KissGallery 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the component URL path. Attackers can supply malicious SQL code in the kissgallery endpoint to ...
CVE-2026-32177
Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
CVE-2026-35433
Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally.
CVE-2026-33841
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-47294
Improper neutralization of special elements used in an os command ('os command injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-33840
Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
CVE-2026-45585
Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices. We ...
CVE-2026-21530
Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally.
CVE-2026-41100
Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.
CVE-2026-23663
Improper privilege management in Azure Entra ID allows an unauthorized attacker to elevate privileges over a network.