Latest CVE Feed
-
7.8
HIGHCVE-2020-36933
HTC IPTInstaller 4.0.9 contains an unquoted service path vulnerability in the PassThru Service configuration. Attackers can exploit the unquoted binary path to inject and execute malicious code with elevated LocalSystem privileges.... Read more
Affected Products :- Published: Jan. 25, 2026
- Modified: Jan. 25, 2026
- Vuln Type: Misconfiguration
-
7.8
HIGHCVE-2026-20859
Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 15, 2026
-
7.8
HIGHCVE-2026-20816
Time-of-check time-of-use (toctou) race condition in Windows Installer allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 +8 more products- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
7.8
HIGHCVE-2026-20976
Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute arbitrary script.... Read more
Affected Products : galaxy_store- Published: Jan. 09, 2026
- Modified: Jan. 15, 2026
- Vuln Type: Cross-Site Scripting
-
7.8
HIGHCVE-2021-47879
eBeam Interactive Suite 3.6 contains an unquoted service path vulnerability in the eBeam Stylus Driver service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\... Read more
Affected Products :- Published: Jan. 21, 2026
- Modified: Jan. 21, 2026
- Vuln Type: Misconfiguration
-
7.8
HIGHCVE-2020-36936
Magic Mouse 2 Utilities 2.20 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path to inject malicious executables and gain elevated system privileges by placing a malicious file in t... Read more
Affected Products :- Published: Jan. 25, 2026
- Modified: Jan. 25, 2026
- Vuln Type: Misconfiguration
-
7.8
HIGHCVE-2025-15150
A vulnerability was found in PX4 PX4-Autopilot up to 1.16.0. Affected by this issue is the function MavlinkLogHandler::state_listing/MavlinkLogHandler::log_entry_from_id of the file src/modules/mavlink/mavlink_log_handler.cpp. The manipulation results in ... Read more
Affected Products : px4_drone_autopilot- Published: Dec. 28, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2026-20822
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 +3 more products- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
7.8
HIGHCVE-2025-47396
Memory corruption occurs when a secure application is launched on a device with insufficient memory.... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-68973
In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)... Read more
Affected Products : gnupg- Published: Dec. 28, 2025
- Modified: Jan. 14, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-15413
A vulnerability was detected in wasm3 up to 0.5.0. Impacted is the function op_SetSlot_i32/op_CallIndirect of the file m3_exec.h. Performing manipulation results in memory corruption. The attack needs to be approached locally. The exploit is now public an... Read more
Affected Products : wasm3- Published: Jan. 01, 2026
- Modified: Jan. 12, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2026-20860
Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 +8 more products- Published: Jan. 13, 2026
- Modified: Jan. 15, 2026
-
7.8
HIGHCVE-2025-47339
Memory corruption while deinitializing a HDCP session.... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2021-47867
WIN-PACK PRO4.8 contains an unquoted service path vulnerability in the ScheduleService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in 'C:\Program Files <x86>\WINPAKPRO\Schedu... Read more
Affected Products :- Published: Jan. 21, 2026
- Modified: Jan. 21, 2026
- Vuln Type: Misconfiguration
-
7.8
HIGHCVE-2026-20831
Time-of-check time-of-use (toctou) race condition in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 +8 more products- Published: Jan. 13, 2026
- Modified: Jan. 15, 2026
-
7.8
HIGHCVE-2026-21307
Substance3D - Designer versions 15.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim... Read more
Affected Products : substance_3d_designer- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-47348
Memory corruption while processing identity credential operations in the trusted application.... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2021-47861
Event Log Explorer 4.9.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path by placing malicious executables in spe... Read more
Affected Products :- Published: Jan. 21, 2026
- Modified: Jan. 21, 2026
- Vuln Type: Misconfiguration
-
7.8
HIGHCVE-2025-47394
Memory corruption when copying overlapping buffers during memory operations due to incorrect offset calculations.... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2021-47864
OSAS Traverse Extension 11 contains an unquoted service path vulnerability in the TravExtensionHostSvc service running with LocalSystem privileges. Attackers can exploit the unquoted path to inject and execute malicious code by placing executable files in... Read more
Affected Products :- Published: Jan. 21, 2026
- Modified: Jan. 21, 2026
- Vuln Type: Path Traversal