Total
179 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-21232 | 1 Microsoft | 5 Windows 11 23h2, Windows 11 24h2, Windows 11 25h2 and 2 more | 2026-02-11 | N/A | 7.8 HIGH |
|
Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2026-21250 | 1 Microsoft | 4 Windows 11 24h2, Windows 11 25h2, Windows Server 2022 23h2 and 1 more | 2026-02-11 | N/A | 7.8 HIGH |
|
Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2021-26410 | 2026-02-10 | N/A | N/A | ||
|
Improper syscall input validation in ASP (AMD Secure Processor) may force the kernel into reading syscall parameter values from its own memory space allowing an attacker to infer the contents of the kernel memory leading to potential information disclosure.
|
|||||
| CVE-2025-47387 | 1 Qualcomm | 90 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 87 more | 2026-01-28 | N/A | 7.8 HIGH |
|
Memory Corruption when processing IOCTLs for JPEG data without verification.
|
|||||
| CVE-2025-47380 | 1 Qualcomm | 28 Fastconnect 7800, Fastconnect 7800 Firmware, Qcc2072 and 25 more | 2026-01-27 | N/A | 7.8 HIGH |
|
Memory corruption while preprocessing IOCTLs in sensors.
|
|||||
| CVE-2025-59959 | 1 Juniper | 2 Junos, Junos Os Evolved | 2026-01-23 | N/A | 5.5 MEDIUM |
|
An Untrusted Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to cause a Denial-of-Service (DoS).
When the command 'show route < ( receive-protocol | advertising-protocol ) bgp > detail' is executed, and at least one of the routes in the intended output has specific attributes, this will cause an rpd crash and restart.
'show route ... extensive' is not affected.
...
Show More |
|||||
| CVE-2026-20948 | 1 Microsoft | 5 365 Apps, Office, Office Long Term Servicing Channel and 2 more | 2026-01-16 | N/A | 7.8 HIGH |
|
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2026-20940 | 1 Microsoft | 10 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 7 more | 2026-01-16 | N/A | 7.8 HIGH |
|
Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2026-20938 | 1 Microsoft | 3 Windows 11 23h2, Windows 11 24h2, Windows 11 25h2 | 2026-01-16 | N/A | 7.8 HIGH |
|
Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2026-20935 | 1 Microsoft | 3 Windows 11 23h2, Windows 11 24h2, Windows 11 25h2 | 2026-01-16 | N/A | 6.2 MEDIUM |
|
Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an unauthorized attacker to disclose information locally.
|
|||||
| CVE-2026-20857 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2026-01-15 | N/A | 7.8 HIGH |
|
Untrusted pointer dereference in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2026-20819 | 1 Microsoft | 3 Windows 11 23h2, Windows 11 24h2, Windows 11 25h2 | 2026-01-14 | N/A | 5.5 MEDIUM |
|
Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to disclose information locally.
|
|||||
| CVE-2026-20811 | 1 Microsoft | 6 Windows 11 23h2, Windows 11 24h2, Windows 11 25h2 and 3 more | 2026-01-14 | N/A | 7.8 HIGH |
|
Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2026-20955 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2026-01-14 | N/A | 7.8 HIGH |
|
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2026-20956 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2026-01-14 | N/A | 7.8 HIGH |
|
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-47343 | 1 Qualcomm | 50 Cologne, Cologne Firmware, Fastconnect 6700 and 47 more | 2026-01-12 | N/A | 7.8 HIGH |
|
Memory corruption while processing a video session to set video parameters.
|
|||||
| CVE-2025-52516 | 1 Samsung | 12 Exynos 1330, Exynos 1330 Firmware, Exynos 1380 and 9 more | 2026-01-09 | N/A | 6.2 MEDIUM |
|
An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, 2500. An invalid kernel address dereference in the issimian device driver leads to a denial of service.
|
|||||
| CVE-2024-23136 | 1 Autodesk | 9 Advance Steel, Autocad, Autocad Architecture and 6 more | 2025-12-31 | N/A | 7.8 HIGH |
|
A maliciously crafted STP file in ASMKERN228A.dll when parsed through Autodesk applications can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
|
|||||
| CVE-2025-62549 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2025-12-24 | N/A | 8.8 HIGH |
|
Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
|
|||||
| CVE-2025-47325 | 1 Qualcomm | 88 Csr8811, Csr8811 Firmware, Ipq8070 and 85 more | 2025-12-23 | N/A | 6.5 MEDIUM |
|
Information disclosure while processing system calls with invalid parameters.
|
|||||
| CVE-2025-62556 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-12-10 | N/A | 7.8 HIGH |
|
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-62560 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-12-10 | N/A | 7.8 HIGH |
|
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-62561 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-12-10 | N/A | 7.8 HIGH |
|
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-20090 | 1 Intel | 1 Quickassist Technology | 2025-12-05 | N/A | 5.5 MEDIUM |
|
Untrusted Pointer Dereference for some Intel(R) QuickAssist Technology software before version 2.5.0 may allow an authenticated user to potentially enable denial of service via local access.
|
|||||
| CVE-2025-27710 | 1 Intel | 1 Quickassist Technology | 2025-11-26 | N/A | 6.5 MEDIUM |
|
Untrusted pointer dereference for some Intel(R) QAT Windows software before version 2.6.0. within Ring 3: User Applications may allow an information disclosure. System software adversary with an authenticated user combined with a low complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (h ...
Show More |
|||||
| CVE-2025-32446 | 1 Intel | 1 Quickassist Technology | 2025-11-26 | N/A | 6.5 MEDIUM |
|
Untrusted pointer dereference for some Intel QuickAssist Technology software before version 2.6.0 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a low complexity attack may enable data manipulation. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confid ...
Show More |
|||||
| CVE-2025-54114 | 1 Microsoft | 10 Windows 10 1607, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-11-21 | N/A | 7.0 HIGH |
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-24990 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2025-11-18 | N/A | 7.8 HIGH |
|
Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update.
Fax modem hardware dependent on this specific driver will no longer work on Windows.
Microsoft recommends removing any existing dependencies on this hardware.
|
|||||
| CVE-2025-60728 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2025-11-17 | N/A | 4.3 MEDIUM |
|
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
|
|||||
| CVE-2025-62200 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-11-17 | N/A | 7.8 HIGH |
|
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-60708 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2025-11-17 | N/A | 6.5 MEDIUM |
|
Untrusted pointer dereference in Storvsp.sys Driver allows an authorized attacker to deny service locally.
|
|||||
| CVE-2025-60703 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2025-11-17 | N/A | 7.8 HIGH |
|
Untrusted pointer dereference in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-60713 | 1 Microsoft | 5 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 2 more | 2025-11-17 | N/A | 7.8 HIGH |
|
Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-60719 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2025-11-17 | N/A | 7.0 HIGH |
|
Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-54331 | 1 Samsung | 2 Exynos 1380, Exynos 1380 Firmware | 2025-11-07 | N/A | 5.3 MEDIUM |
|
An issue was discovered in NPU in Samsung Mobile Processor Exynos 1380 through July 2025. There is an Untrusted Pointer Dereference of src_hdr in the copy_ncp_header function.
|
|||||
| CVE-2025-59187 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2025-11-05 | N/A | 7.8 HIGH |
|
Improper input validation in Windows Kernel allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-27048 | 1 Qualcomm | 36 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 33 more | 2025-11-05 | N/A | 7.8 HIGH |
|
Memory corruption while processing camera platform driver IOCTL calls.
|
|||||
| CVE-2025-47338 | 1 Qualcomm | 36 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 33 more | 2025-11-05 | N/A | 7.8 HIGH |
|
Memory corruption while processing escape commands from userspace.
|
|||||
| CVE-2024-36461 | 1 Zabbix | 1 Zabbix | 2025-11-03 | N/A | 9.1 CRITICAL |
|
Within Zabbix, users have the ability to directly modify memory pointers in the JavaScript engine.
|
|||||
| CVE-2023-42772 | 2025-11-03 | N/A | 8.2 HIGH | ||
|
Untrusted pointer dereference in UEFI firmware for some Intel(R) reference processors may allow a privileged user to potentially enable escalation of privilege via local access.
|
|||||