CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-42978
High

A race condition in Windows Push Notifications allows for concurrent execution using shared resources with improper synchronization. This enables an authorized attacker to elevate privileges locally.

CVE-2026-42977
High

A race condition in Windows Push Notifications allows for concurrent execution using shared resources with improper synchronization. This enables an authorized attacker to elevate privileges locally.

CVE-2026-42974
High

An integer overflow or wraparound vulnerability exists in the Windows Performance Monitor component. It allows an unauthenticated attacker to execute code remotely over the network.

CVE-2026-42916
High

An integer overflow or wraparound vulnerability in the Windows NT OS Kernel allows an authenticated attacker to elevate privileges locally.

CVE-2026-42913
High

A race condition in the Remote Desktop Client due to improper synchronization of shared resources allows an unauthorized attacker to execute code over the network.

CVE-2026-42912
High

In Windows Telephony Service, there is a concurrent execution issue using shared resources with improper synchronization, leading to a race condition. This allows an authorized attacker to elevate privileges locally.

CVE-2026-42911
High

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2026-42910
High

An out-of-bounds write in Windows Hotpatch Monitoring Service allows an authorized attacker to elevate privileges locally.

CVE-2026-42909
High

A race condition vulnerability exists in the Remote Desktop Client due to improper synchronization of shared resources. This allows an unauthorized attacker to execute code remotely over a network.

CVE-2026-42908
High

An out-of-bounds read vulnerability in Windows RDP allows an unauthorized attacker to disclose information over a network.

CVE-2026-42905
High

A use after free vulnerability in the Windows DWM Core Library allows an authorized attacker to locally elevate privileges.

CVE-2026-42902
High

Improper authorization in Microsoft PowerToys allows an authorized attacker to elevate privileges locally.

CVE-2026-42837
High

An out-of-bounds read vulnerability in the Windows Projected File System Filter Driver allows an authenticated attacker to elevate privileges locally. This flaw can be exploited to gain higher-level access on the affected system.

CVE-2026-42836
High

A race condition in Function Discovery Service (fdwsd.dll) allows an authorized attacker to locally elevate privileges due to improper synchronization during concurrent execution using shared resources.

CVE-2026-42835
High

Microsoft Teams for Android has improper neutralization of special elements in output, allowing an authorized attacker to disclose information over a network.

CVE-2026-42829
High

Improper access control in Windows Administrator Protection allows an authorized attacker to bypass a security feature locally.

CVE-2026-42828
High

Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-42765
High

The vulnerability occurs when partial-chain certificate verification is enabled along with OCSP response checking for the entire chain. If there is no self-signed trusted anchor, a NULL pointer dereference occurs, crashing the process.

CVE-2026-42764
High

Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled, leading to abnormal termination of the server process and Denial of Service.

CVE-2026-42570
High

The Svelte devalue library in versions 5.6.3 through 5.8.0 contains a vulnerability that causes excessive memory consumption when deserializing sparse arrays. This is due to quirks in some JavaScript engines that may allocate more memory than needed.

PreviousPage 171 of 3362Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS