Latest CVE Feed
-
7.8
HIGHCVE-2024-44238
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An app may be able to corrupt coprocessor memory.... Read more
- Published: Jan. 16, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2026-1283
A Heap-based Buffer Overflow vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a spe... Read more
Affected Products :- Published: Jan. 26, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2026-23719
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted NDB files. This could allow an at... Read more
- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2026-23720
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted NDB files. This could allow an ... Read more
- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-48647
In cpm_fwtp_msg_handler of cpm/google/lib/tracepoint/cpm_fwtp_ipc.c, there is a possible memory overwrite due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction i... Read more
Affected Products : android- Published: Jan. 16, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-15319
Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools.... Read more
Affected Products : endpoint_patch- Published: Feb. 09, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authorization
-
7.8
HIGHCVE-2026-21277
InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a ... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2026-20957
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
7.8
HIGHCVE-2026-25880
SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, the PDF reader allows execution of a malicious binary (explorer.exe) located in the same directory as the opened PDF when the user clicks File → “Show in folder”. This behavior leads t... Read more
Affected Products : sumatrapdf- Published: Feb. 09, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authentication
-
7.8
HIGHCVE-2026-21344
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to e... Read more
- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2026-21240
Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 +2 more products- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Race Condition
-
7.8
HIGHCVE-2026-20864
Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 +1 more products- Published: Jan. 13, 2026
- Modified: Jan. 15, 2026
-
7.8
HIGHCVE-2026-21509
Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.... Read more
Affected Products : office 365_apps office_long_term_servicing_channel office_2016 office_2024 office_2021 office_2019- Actively Exploited
- Published: Jan. 26, 2026
- Modified: Feb. 11, 2026
-
7.8
HIGHCVE-2026-20870
Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 15, 2026
-
7.8
HIGHCVE-2026-20817
Improper handling of insufficient permissions or privileges in Windows Error Reporting allows an authorized attacker to elevate privileges locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
7.8
HIGHCVE-2026-20816
Time-of-check time-of-use (toctou) race condition in Windows Installer allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 +8 more products- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
7.8
HIGHCVE-2026-20950
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
7.8
HIGHCVE-2026-20938
Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 16, 2026
-
7.8
HIGHCVE-2026-20922
Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 +8 more products- Published: Jan. 13, 2026
- Modified: Jan. 15, 2026
-
7.8
HIGHCVE-2026-20859
Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 15, 2026