Latest CVE Feed
-
8.8
HIGHCVE-2025-30276
An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory. We have already fixed the vulnerability in the following versi... Read more
Affected Products : qsync_central- Published: Feb. 11, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2026-21232
Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.... Read more
- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Memory Corruption
-
8.1
HIGHCVE-2025-30269
A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vul... Read more
Affected Products : qsync_central- Published: Feb. 11, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Injection
-
7.0
HIGHCVE-2026-21234
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 +2 more products- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Race Condition
-
7.3
HIGHCVE-2026-21235
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2012_r2 +1 more products- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2026-21236
Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 +6 more products- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Memory Corruption
-
7.0
HIGHCVE-2026-21237
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.... Read more
- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Race Condition
-
9.6
CRITICALCVE-2024-5386
In lunary-ai/lunary version 1.2.2, an account hijacking vulnerability exists due to a password reset token leak. A user with a 'viewer' role can exploit this vulnerability to hijack another user's account by obtaining the password reset token. The vulnera... Read more
Affected Products : lunary- Published: Feb. 02, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Authorization
-
7.8
HIGHCVE-2026-21238
Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 +6 more products- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Authorization
-
7.8
HIGHCVE-2026-21239
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 +5 more products- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-30266
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in ... Read more
Affected Products : qsync_central- Published: Feb. 11, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2026-21240
Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 +2 more products- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Race Condition
-
6.5
MEDIUMCVE-2025-36009
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service due to excessive use of a global variable.... Read more
Affected Products : db2- Published: Jan. 30, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Denial of Service
-
7.0
HIGHCVE-2026-21241
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.... Read more
- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-36424
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service due to improper neutralization of special elements in data query logic.... Read more
Affected Products : db2- Published: Jan. 30, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-36427
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service due to insufficient validation of special elements in data query logic.... Read more
Affected Products : db2- Published: Jan. 30, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Denial of Service
-
7.0
HIGHCVE-2026-21242
Use after free in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.... Read more
- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Memory Corruption
-
7.3
HIGHCVE-2026-21247
Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 +4 more products- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Injection
-
7.8
HIGHCVE-2026-21245
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.... Read more
- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Memory Corruption
-
7.3
HIGHCVE-2026-21244
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 +4 more products- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Memory Corruption