Common Vulnerabilities and Exposures (CVE)
CVE-2026-2634
Malicious scripts could cause desynchronization between the address bar and web content before a response is received in Firefox iOS, allowing attacker-controlled pages to be presented under spoofed domains. This vulnerability affects Firef...
CVE-2026-27572
Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.6, 36.0.6, 4.0.04, 41.0.4, and 42.0.0, Wasmtime's implementation of the `wasi:http/types.fields` resource is susceptible to panics when too many fields are added to the set of he...
CVE-2026-21523
Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.
CVE-2026-21518
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-26119
Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
CVE-2026-20841
Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code locally.
CVE-2026-20846
Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network.
CVE-2026-21222
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2026-21228
Improper certificate validation in Azure Local allows an unauthorized attacker to execute code over a network.
CVE-2026-21231
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-21232
Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
CVE-2026-21237
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.
CVE-2026-21238
Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-21239
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-21241
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.