Latest CVE Feed
-
7.8
HIGHCVE-2026-21232
Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.... Read more
- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-15310
Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools.... Read more
Affected Products : endpoint_patch- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authorization
-
7.8
HIGHCVE-2026-1283
A Heap-based Buffer Overflow vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a spe... Read more
Affected Products :- Published: Jan. 26, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-15062
Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerab... Read more
Affected Products : sketchup- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
-
7.8
HIGHCVE-2025-67264
An OS command injection vulnerability in the com.sprd.engineermode component in Doogee Note59, Note59 Pro, and Note59 Pro+ allows a local attacker to execute arbitrary code and escalate privileges via the EngineerMode ADB shell, due to incomplete patching... Read more
Affected Products : note59_pro\+_firmware note59_pro\+ note59_pro_firmware note59_pro note59_firmware note59- Published: Jan. 23, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Injection
-
7.8
HIGHCVE-2025-41727
A local low privileged attacker can bypass the authentication of the Device Manager user interface, allowing them to perform privileged operations and gain administrator access.... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Authentication
-
7.8
HIGHCVE-2026-24875
Integer Overflow or Wraparound vulnerability in yoyofr modizer.This issue affects modizer: before 4.1.1.... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-15350
Anritsu VectorStar CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu VectorStar. User interaction is required t... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
-
7.8
HIGHCVE-2025-46691
Dell PremierColor Panel Driver, versions prior to 1.0.0.1 A01, contains an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.... Read more
Affected Products :- Published: Jan. 28, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Authorization
-
7.8
HIGHCVE-2026-24856
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Versions prior to 2.3.1.2 have an undefined behavior issue when floating-point NaN values are converted to unsigne... Read more
Affected Products : iccdev- Published: Jan. 28, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2026-21259
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally.... Read more
- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2026-1361
ASDA-Soft Stack-based Buffer Overflow Vulnerability... Read more
Affected Products : asda_soft- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2026-20412
In cameraisp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID... Read more
- Published: Feb. 02, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2026-21509
Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.... Read more
Affected Products : office 365_apps office_long_term_servicing_channel office_2016 office_2024 office_2021 office_2019- Actively Exploited
- Published: Jan. 26, 2026
- Modified: Feb. 11, 2026
-
7.8
HIGHCVE-2026-21231
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 +6 more products- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Race Condition
-
7.8
HIGHCVE-2025-63421
An issue in filosoft Comerc.32 Commercial Invoicing v.16.0.0.3 allows a local attacker to execute arbitrary code via the comeinst.exe file... Read more
Affected Products :- Published: Feb. 12, 2026
- Modified: Feb. 13, 2026
-
7.8
HIGHCVE-2025-48503
A DLL hijacking vulnerability in the AMD Software Installer could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Misconfiguration
-
7.8
HIGHCVE-2026-26264
BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.5.0rc4 and 1.4.3rc2, a malformed WriteProperty request can trigger a length underflow in the BACnet stack, leading to an out‑of‑bounds read and a crash (DoS). T... Read more
Affected Products :- Published: Feb. 13, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Denial of Service
-
7.8
HIGHCVE-2026-26208
ADB Explorer is a fluent UI for ADB on Windows. Prior to Beta 0.9.26020, ADB Explorer is vulnerable to Insecure Deserialization leading to Remote Code Execution. The application attempts to deserialize the App.txt settings file using Newtonsoft.Json with ... Read more
Affected Products :- Published: Feb. 13, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Misconfiguration
-
7.8
HIGHCVE-2026-25676
The installer of M-Track Duo HD version 1.0.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrator privileges.... Read more
Affected Products :- Published: Feb. 12, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Misconfiguration