Latest CVE Feed
-
7.8
HIGHCVE-2026-21322
After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute c... Read more
Affected Products : after_effects- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2026-21318
After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open ... Read more
Affected Products : after_effects- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2026-21259
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally.... Read more
- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-69604
An issue in Shirt Pocket's SuperDuper! 3.11 and earlier allow a local attacker to modify the default task template to install an arbitrary package that can run shell scripts with root privileges and Full Disk Access, thus bypassing macOS privacy controls.... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Path Traversal
-
7.8
HIGHCVE-2026-21519
Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 windows_11_24h2 +3 more products- Actively Exploited
- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2026-21418
Dell Unity, version(s) 5.5.2 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leadi... Read more
Affected Products : unity_operating_environment- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection
-
7.8
HIGHCVE-2026-21251
Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_server_2022 windows_server_23h2 windows_server_2025- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2026-21231
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +5 more products- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Race Condition
-
7.8
HIGHCVE-2026-20831
Time-of-check time-of-use (toctou) race condition in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 +8 more products- Published: Jan. 13, 2026
- Modified: Jan. 15, 2026
-
7.8
HIGHCVE-2026-20877
Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 +1 more products- Published: Jan. 13, 2026
- Modified: Jan. 15, 2026
-
7.8
HIGHCVE-2026-21246
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +4 more products- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2026-20865
Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 +1 more products- Published: Jan. 13, 2026
- Modified: Jan. 15, 2026
-
7.8
HIGHCVE-2026-21239
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +4 more products- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-60865
Insecure Permissions vulnerability in avanquest Driver Updater v.9.1.57803.1174 allows a local attacker to escalate privileges via the Driver Updater Service windows component.... Read more
Affected Products : pc_helpsoft_driver_updater- Published: Feb. 03, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authorization
-
7.8
HIGHCVE-2026-21321
After Effects versions 25.6 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim... Read more
Affected Products : after_effects- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-69875
A vulnerability exists in Quick Heal Total Security 23.0.0 in the quarantine management component where insufficient validation of restore paths and improper permission handling allow a low-privileged local user to restore quarantined files into protected... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Path Traversal
-
7.8
HIGHCVE-2025-33233
NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability where an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tam... Read more
Affected Products :- Published: Jan. 20, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Injection
-
7.8
HIGHCVE-2026-20843
Improper access control in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 +8 more products- Published: Jan. 13, 2026
- Modified: Jan. 15, 2026
-
7.8
HIGHCVE-2025-13455
A vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to bypass ThinkPlus device authentication and enroll an untrusted fingerprint.... Read more
Affected Products :- Published: Jan. 14, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Authentication
-
7.8
HIGHCVE-2026-0859
TYPO3's mail‑file spool deserialization flaw lets local users with write access to the spool directory craft a malicious file that is deserialized during the mailer:spool:send command, enabling arbitrary PHP code execution on the web server. This issue af... Read more
Affected Products : typo3- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Authentication