By severity
High-severity vulnerabilities
CVEs rated High by CVSS, with SEC.co remediation and prioritization guidance.
1343 published vulnerabilities · page 14 of 14
- CVE-2026-46230HIGH 7.1
A boundary-checking flaw in the Linux kernel's AMD GPU video codec driver (VCN3) allows a local user with moderate privileges to read memory beyond allocated buffer boundaries when the driver processes video decoding messages. This out-of-bounds read could expose sensitive kernel memory or crash the system. The vulnerability requires local access and existing user-level permissions to trigger.
- CVE-2026-46243HIGH 7.1
A Linux kernel vulnerability allows unprivileged local users to manipulate CIFS (Common Internet File System) authentication credentials by creating spoofed credential requests. The vulnerability exists because the kernel's SMB client accepts cifs.spnego key descriptions that contain sensitive fields—like process ID, user ID, and credential UID—regardless of whether those fields come from the kernel itself or from untrusted userspace. An attacker with local access can forge these fields to impersonate legitimate credential requests, potentially gaining unauthorized access to network resources or intercepting authentication flows. The fix restricts acceptance of cifs.spnego keys only when they originate from the kernel's own credential handler.
- CVE-2026-46293HIGH 7.1
A Linux kernel vulnerability exists in the Microchip PolarFire SoC clock controller driver where the software attempts to write data to memory locations outside the bounds of an allocated array during clock output registration. Specifically, when the driver registers the last two clock outputs, it accesses array indices that were never allocated, corrupting adjacent memory. This occurs because the code defines space for two PLLs and their outputs but fails to properly offset the array indices when handling DLL (Delay-Locked Loop) outputs that the driver doesn't actually support. An attacker with local access can exploit this to read sensitive kernel memory or cause a denial of service.
- CVE-2026-46321HIGH 7.1
A memory leak vulnerability exists in the Linux kernel's TUN device driver. When a frame shorter than the Ethernet header minimum is rejected, the kernel fails to release allocated memory pages. An attacker with local access to /dev/net/tun and /dev/vhost-net can exploit this by repeatedly sending undersized frames through a vhost-net backend, exhausting system memory and potentially causing the host to crash.
- CVE-2026-46322HIGH 7.1
A memory leak exists in the Linux kernel's TUN network device driver. When the kernel attempts to construct a network packet (skb) from XDP program data and that construction fails, it doesn't properly release a memory page that was allocated earlier in the process. This causes a small chunk of memory to leak each time this failure occurs. In batch processing scenarios—common in virtual networking—multiple failures can accumulate, gradually consuming system memory and potentially degrading performance or availability.
- CVE-2026-46657HIGH 7.1
Bludit, a content management system, contains a flaw in how it handles user account deactivation. When an administrator disables a user account, the system fails to clear the authentication tokens stored locally. This means a user who previously selected "Remember Me" can continue accessing the system even after their account has been disabled by an administrator. The vulnerability requires the attacker to have had legitimate access before being deactivated, but once disabled, they can maintain that access indefinitely unless the underlying token data is manually cleared.
- CVE-2026-47288HIGH 7.1
CVE-2026-47288 is a high-severity integer overflow vulnerability in Windows Kerberos authentication that allows an authenticated attacker on an adjacent network to execute arbitrary code with system-level privileges. The flaw resides in how Kerberos handles certain numeric calculations, causing a wraparound condition that can be exploited to bypass security checks and inject malicious code. An attacker must already have valid credentials and network proximity to the target, which limits the immediate blast radius but makes this a serious concern for domain environments where lateral movement is a known threat model.
- CVE-2026-4776HIGH 7.1
Mautic, a popular marketing automation platform, contains an SQL injection flaw in its API that allows authenticated users to execute unauthorized database queries. The vulnerability stems from incomplete filtering of nested query parameters in the contact filtering API—an attacker with valid API credentials can craft specially formed requests to bypass safety checks and inject SQL commands directly into database queries. This could lead to unauthorized data access or limited system disruption, though the attacker must already have valid API authentication.
- CVE-2026-48209HIGH 7.1
OTRS ticket management systems contain a reflected cross-site scripting (XSS) vulnerability in how they handle user input during ticket operations. An attacker can craft a malicious URL containing JavaScript code and trick an authenticated agent into clicking it. When opened, the script executes within the agent's browser session, potentially allowing the attacker to steal session tokens, modify tickets, or perform actions on behalf of that agent. The attack requires social engineering to deliver the link but does not require the attacker to have direct system access.
- CVE-2026-48507HIGH 7.1
Snipe-IT, a popular IT asset and license management system, has a privilege escalation flaw that lets low-privileged users with basic editing permissions lock all administrators out of the system. A user granted only the `users.edit` permission can disable admin accounts by toggling login flags and blocking password reset options, effectively taking control of the instance. The vulnerability affects all versions before 8.6.0 and is fixed in that release.
- CVE-2026-48827HIGH 7.1
Apache MINA SSHD's sshd-git module contains a path traversal vulnerability that allows SSH-authenticated users to access git repositories and perform git operations (upload-pack, receive-pack, and others) outside the configured git server root directory. An attacker with valid SSH credentials can escape the intended directory boundary and potentially read or modify repositories they should not have access to. This affects only applications explicitly using the sshd-git component; standard SSHD deployments without sshd-git are unaffected.
- CVE-2026-48839HIGH 7.1
A cross-site scripting (XSS) vulnerability exists in VeronaLabs WP Statistics plugin versions up to 14.16.6. The flaw allows attackers to inject malicious scripts that execute in a user's browser when they interact with a compromised page. Unlike traditional XSS attacks that rely on server-side injection, this variant operates at the DOM (Document Object Model) level, meaning the vulnerability stems from how the plugin processes user input on the client side. An attacker could craft a malicious link or embed code that, when visited by a site administrator or editor, steals session tokens, modifies page content, or performs actions on their behalf.
- CVE-2026-48865HIGH 7.1
ThimPress LearnPress, a popular WordPress learning management plugin, contains a reflected cross-site scripting (XSS) vulnerability that allows attackers to inject malicious scripts into web pages viewed by users. An attacker can craft a malicious URL and trick a user into clicking it, causing the victim's browser to execute arbitrary JavaScript in the context of the LearnPress application. This could lead to session hijacking, credential theft, or unauthorized actions performed on behalf of the user.
- CVE-2026-49134HIGH 7.1
CodexBar versions before 0.32.0 contain a local privilege escalation flaw in the CLI installer. An attacker with access to the same system can intercept and modify the installer's temporary files during the installation process, tricking the system into running malicious commands with root-level privileges. This requires the attacker to be on the same machine and to time their interference with an active installation, but once successful, grants complete system control.
- CVE-2026-49135HIGH 7.1
CodexBar versions before 0.32.0 have a serious flaw in how they handle temporary files during the app release and notarization process. An attacker with access to the same machine can steal the App Store Connect API credentials or sabotage the build artifacts before they're submitted to Apple. The vulnerability exists because CodexBar writes sensitive files to predictable, fixed locations that any local user can read or manipulate.
- CVE-2026-49141HIGH 7.1
WACRM contains an authorization flaw that allows someone with valid login credentials to view and change contact records from other customers. The vulnerability exists in the automation engine and doesn't properly verify that the attacker owns the contact they're modifying. An attacker needs only to know a contact's ID number to change things like names, email addresses, and company information across different customer accounts.
- CVE-2026-49371HIGH 7.1
JetBrains TeamCity versions prior to 2026.1.1 contain a reflected cross-site scripting (XSS) vulnerability in the keyword filter feature. An attacker can craft a malicious URL containing unsanitized input that, when visited by a TeamCity user, executes arbitrary JavaScript in the victim's browser within the context of the TeamCity application. This allows session hijacking, credential theft, or unauthorized actions performed on behalf of the victim.
- CVE-2026-49373HIGH 7.1
JetBrains TeamCity versions prior to 2026.1 contain a remote code execution vulnerability accessible through the Perforce connection configuration interface. An authenticated user with permissions to modify Perforce settings can execute arbitrary code on the TeamCity server. This requires valid credentials and access to TeamCity's configuration features, but does not require user interaction or special system conditions once access is gained.
- CVE-2026-8035HIGH 7.1
CVE-2026-8035 is a denial-of-service vulnerability in National Instruments' PAL kernel driver that allows authenticated local users to crash the system. The flaw stems from inadequate input validation that fails to check for NULL pointers before dereferencing them in memory. An attacker with local system access can exploit this by supplying malformed input to the driver, causing an immediate kernel panic. The vulnerability affects NI-PAL version 26.3.0 and all earlier releases across both Windows and Linux platforms.
- CVE-2026-8036HIGH 7.1
NI-PAL, National Instruments' process abstraction layer, contains an input validation flaw that allows authenticated local users to read and modify arbitrary memory regions on affected systems. An attacker with local access could exploit this to escalate their privileges. The vulnerability affects NI-PAL version 26.3.0 and earlier on both Windows and Linux platforms.
- CVE-2026-8874HIGH 7.1
Securly Chrome Extension version 3.0.7 downloads security configuration files—specifically crisis alert keywords and filtering rules—over plain HTTP instead of the encrypted HTTPS protocol. While the same extension correctly uses HTTPS for other sensitive data (IWF and CIPA filtering data), this inconsistency leaves downloaded crisis alert configurations vulnerable to interception and modification by network-positioned attackers. An attacker on the same network could intercept these files and inject malicious keywords or rules, potentially disrupting the extension's security functionality or causing it to behave unexpectedly.
- CVE-2026-9808HIGH 7.1
Mautic 7's API has a flaw where user permission restrictions aren't being honored properly. Specifically, permissions designed to let users only see or edit their own resources (called 'owner-scope' restrictions) are being bypassed. An attacker with low-level API access can exploit this to view or modify other users' data, even though they shouldn't have that permission.
- CVE-2026-34335HIGH 7.0
A use-after-free memory vulnerability exists in Windows Ancillary Function Driver for WinSock (AFD.sys), affecting Windows 10 and Windows 11 across multiple versions, as well as Windows Server 2012 through 2025. An authenticated local attacker can exploit this flaw to escalate their privileges to SYSTEM level. The vulnerability requires local access and specific conditions to trigger, but once exploited, grants complete control over the affected system.
- CVE-2026-41108HIGH 7.0
A memory safety flaw in Windows DNS could allow someone with local system access to break out of normal restrictions and gain full control of the computer. The vulnerability exists because DNS processes input in a way that can overflow a memory buffer, and an attacker positioned locally—such as a low-privilege user or service—could exploit this to run code with elevated permissions. This is not a remote vulnerability, but it poses a significant risk in multi-user or shared-system environments.
- CVE-2026-42836HIGH 7.0
A race condition in Windows' Function Discovery Service (fdwsd.dll) allows a user already logged into a machine to escalate their privileges to administrator level. The vulnerability exists because the service does not properly synchronize access to shared resources when multiple processes run concurrently, creating a narrow window where an attacker can manipulate the process. An authorized user would need local access and specific timing to exploit this, but successful exploitation grants full system-level permissions.
- CVE-2026-42911HIGH 7.0
A use-after-free memory vulnerability exists in Windows' Ancillary Function Driver for WinSock (AFD.sys). An attacker who already has local access to a machine can exploit this flaw to gain elevated privileges, potentially running code with system-level permissions. The vulnerability requires specific conditions to trigger—it is not trivially exploitable—but once successful grants significant control over the affected system.
- CVE-2026-42912HIGH 7.0
A race condition in Windows Telephony Service allows an attacker who already has local user access to exploit improper synchronization of shared resources and gain system-level privileges. The vulnerability requires the attacker to perform specific timing-dependent actions during concurrent operations—making it moderately difficult to exploit in practice, but reliably escalatable once triggered. No user interaction is required beyond the attacker's ability to run code as a local user.
- CVE-2026-42984HIGH 7.0
A use-after-free memory vulnerability exists in the Windows Kernel that allows an authorized local user to escalate their privileges to a higher level of access. An attacker with standard user permissions could exploit this flaw to gain system-level control on an affected machine. The vulnerability requires local access and specific conditions to trigger, but successful exploitation would grant complete compromise of the target system.
- CVE-2026-44604HIGH 7.0
A flaw in RPM's archive extraction tool allows an attacker to run arbitrary commands on a system by crafting a malicious archive with shell metacharacters embedded in its folder name. When a user extracts such an archive using the rpmuncompress utility, the unsanitized folder name is passed directly into a shell command, enabling code execution with the privileges of the extracting user. The vulnerability affects ZIP, 7z, and GEM archive formats.
- CVE-2026-44818HIGH 7.0
A race condition vulnerability in Microsoft Office Excel could allow an attacker to execute code on a user's computer. The flaw arises from improper synchronization when multiple processes access shared resources simultaneously. An attacker would need to trick a user into opening a malicious Excel file, but once triggered, the vulnerability can grant full control over the affected system. The vulnerability affects multiple versions of Excel and Office across 365 subscriptions, on-premises deployments, and older perpetual licenses.
- CVE-2026-45596HIGH 7.0
A use-after-free vulnerability in the Windows Ancillary Function Driver for WinSock (AFD) allows an authenticated attacker to elevate their privileges on a local system. The vulnerability requires the attacker to already have user-level access and involves a race condition during memory management. Successfully exploiting it grants the attacker full system-level control.
- CVE-2026-45597HIGH 7.0
A race condition vulnerability in Windows UI Automation Manager allows an authorized local user to escalate privileges on affected systems. The flaw arises from improper synchronization when multiple processes access shared resources simultaneously. An attacker with existing local access can exploit timing windows to gain system-level privileges. This is not a remote vulnerability and requires prior authentication or local access, which narrows but does not eliminate the risk in shared computing environments.
- CVE-2026-45598HIGH 7.0
A race condition in Windows' Ancillary Function Driver for WinSock (AFD.sys) allows an attacker who already has local access to a system to escalate their privileges to a higher level. The vulnerability stems from improper synchronization when the driver handles shared resources, meaning that under specific timing conditions, an attacker can exploit the flaw to gain elevated permissions. This is not a remote attack—the attacker must already have a foothold on the machine, such as a low-privileged user account or compromised application context.
- CVE-2026-45601HIGH 7.0
A race condition in the Windows Ancillary Function Driver for WinSock allows someone already logged into a Windows system to escalate their privileges to a higher level of access. The vulnerability arises from improper synchronization of shared resources, meaning two processes can interfere with each other when accessing the same data simultaneously. An attacker with local user privileges can exploit this timing-dependent flaw to gain elevated system rights, though doing so requires specific conditions and is not trivial to reproduce reliably.
- CVE-2026-45603HIGH 7.0
A race condition vulnerability exists in Windows' Ancillary Function Driver for WinSock (AFD) that allows an authorized local user to escalate privileges to a higher level on the system. The flaw arises from improper synchronization when multiple processes access a shared resource simultaneously, creating a narrow window of opportunity for an attacker to manipulate the driver's behavior. An authenticated user with basic local access can exploit this to gain elevated privileges, potentially achieving full system compromise. This is not a remote vulnerability and requires the attacker already has some level of access to the target machine.
- CVE-2026-45640HIGH 7.0
A use-after-free vulnerability in the Windows Bluetooth Port Driver permits a user with local system access to escalate their privileges to a higher level. The flaw exists because the driver fails to properly manage memory when Bluetooth port operations conclude, leaving a freed memory region accessible for malicious manipulation. An attacker must already have some level of local authentication and user rights to exploit this issue, but successful exploitation grants full system control.
- CVE-2026-45653HIGH 7.0
A heap-based buffer overflow vulnerability in the Windows Kernel allows a user with local system access to overflow a memory buffer, enabling them to execute code with elevated privileges. The attack requires an authenticated user account and moderate technical effort to exploit, but if successful grants attacker control over the affected system. This is a local privilege escalation issue, not a remote attack vector.
- CVE-2026-46154HIGH 7.0
A race condition exists in the Linux kernel's scheduler extension (sched_ext) cgroup interface that can lead to use-after-free memory access. When system administrators adjust cgroup scheduling parameters like weight, idle status, or bandwidth, the kernel reads a pointer to the scheduler without proper synchronization. If another process simultaneously disables and re-enables a different scheduler, the cached pointer becomes stale and points to freed memory. When the original operation tries to use this pointer, it dereferences already-freed kernel memory, potentially allowing local privilege escalation.
- CVE-2026-46164HIGH 7.0
A memory management bug in the Linux kernel's Btrfs filesystem can cause the same memory region to be freed twice when a sysfs initialization step fails. This double-free condition can lead to memory corruption and potentially allow an attacker with local access to crash the system or execute code with elevated privileges. The issue occurs in error handling code that wasn't properly coordinated between two layers of the filesystem's initialization logic.
- CVE-2026-46299HIGH 7.0
CVE-2026-46299 is a lock-handling bug in the Linux kernel's HFS+ filesystem driver that can allow a local attacker with moderate privileges to crash the system or potentially escalate privileges. The vulnerability occurs during filesystem mount when the code acquires a lock but fails to release it properly if certain filename validation steps fail. This causes the system to detect a memory leak while a critical lock is still held, triggering a kernel warning and potential system instability.
- CVE-2026-46309HIGH 7.0
CVE-2026-46309 is a memory access control flaw in the Linux kernel's GPU driver (xe) that can leak sensitive data. When a privileged process uses a low-coherency GPU memory mode on CPU-cached buffers, the GPU can bypass CPU caches and read stale data directly from RAM—including sensitive information from previously freed memory of other processes. The fix validates GPU memory configuration requests to prevent this dangerous combination.
- CVE-2026-47293HIGH 7.0
A use-after-free vulnerability exists in Microsoft Office's Click-To-Run installation and update mechanism. An attacker with valid credentials on a local machine can exploit a memory management flaw to gain elevated (administrator) privileges. This is not a remote vulnerability—it requires an authorized user account and local access—but the privilege escalation risk makes it a meaningful threat in environments where credential compromise or insider activity is a concern.
- CVE-2026-47648HIGH 7.0
CVE-2026-47648 is a privilege escalation vulnerability in Windows Storage that affects multiple versions of Windows 10, Windows 11, and Windows Server. An authorized local user can exploit an untrusted search path flaw to gain elevated privileges on a compromised system. The vulnerability requires local access and user interaction is not needed, but exploitation depends on specific system conditions. With a CVSS score of 7.0 (HIGH), this poses a meaningful risk to environments where local account compromise is plausible.