Common Vulnerabilities and Exposures (CVE)

CVE-2026-23673

Jun 19, 2026 18:17:25 UTC

Out-of-bounds read in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally.

CVE-2026-23672

Jun 19, 2026 18:17:25 UTC

Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability

CVE-2026-23671

Jun 19, 2026 18:17:24 UTC

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-23669

Jun 19, 2026 18:17:23 UTC

Use after free in RPC Runtime allows an authorized attacker to execute code over a network.

CVE-2026-23668

Jun 19, 2026 18:17:23 UTC

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

CVE-2026-23667

Jun 19, 2026 18:17:22 UTC

Use after free in Broadcast DVR allows an authorized attacker to elevate privileges locally.

CVE-2026-23664

Jun 19, 2026 18:17:21 UTC

Improper restriction of communication channel to intended endpoints in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.

CVE-2026-23660

Jun 19, 2026 18:17:20 UTC

Improper access control in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally.

CVE-2026-21262

Jun 19, 2026 18:17:19 UTC

Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.

CVE-2026-49293

Jun 19, 2026 18:14:20 UTC

js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. Versions up to and including 1.1.0 parse hexadecimal / octal / binary integer literals via a hand-written `parseBigInt` loop that multiplies a `BigInt` accum...

CVE-2026-49288

Jun 19, 2026 18:11:53 UTC

Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.23 and 6.20.0, an authenticated Control Panel user could view metadata and content for resources they don't have permission to view, including entries, ass...

CVE-2026-49291

Jun 19, 2026 17:59:48 UTC

mcp-memory-service is a semantic memory layer for AI applications. Prior to version 10.65.3, the HTTP MCP JSON-RPC endpoint at `/mcp` requires only OAuth `read` scope for all requests, then dispatches `tools/call` directly to handlers that ...

CVE-2023-54357

Jun 19, 2026 17:52:06 UTC

Joomla com_booking component 2.4.9 contains an information disclosure vulnerability that allows unauthenticated attackers to enumerate user accounts by exploiting the getUserData function in the customer controller. Attackers can send GET r...

CVE-2019-25762

Jun 19, 2026 17:48:44 UTC

Joomla! Component JoomProject 1.1.3.2 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive user data by exploiting the projects endpoint. Attackers can send requests to index.php with op...

CVE-2026-56211

Jun 19, 2026 17:47:00 UTC

A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation. Insufficient bounds validation in the AV1 encoder's SVC (Scalable Video Coding) layer ID control allows an attacker to supply crafted video f...