| Severity | Description | ||||||
|---|---|---|---|---|---|---|---|
| CVE-2026-59891 | Critical | 9.6 v3 | - | - | -No fix available yet | 2026-07-14 | sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 0.7.1, getRegistryCredentials() reads credentials from the Docker config file and selects an entry by checking whether any configured auth key contains the target registry string. Because this is a substring match rather than an exact host match, credentials configured for one registry can be selected for and transmitted to a different registry whose hostname has a substring relationship with a configured auth key. This issue is fixed in version 0.7.1. |
| CVE-2026-59888 | Medium | 6.5 v3 | - | - | -No fix available yet | 2026-07-14 | jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.15.0 until 2.18.8, 2.21.4, and 3.1.4, Java Records using a PropertyNamingStrategy can bypass @JsonIgnore because POJOPropertiesCollector._removeUnwantedIgnorals() records an ignored component under its original implicit name before _renameUsing() applies the naming strategy, allowing the renamed JSON key to be assigned to the Record constructor parameter. This issue is fixed in versions 2.18.8, 2.21.4, and 3.1.4. |
| CVE-2026-59886 | High | 7.5 v3 | - | - | -No fix available yet | 2026-07-14 | pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the univ.Real type converted its mantissa, base, and exponent value to a Python float using exact big-integer exponentiation. A BER, CER, or DER encoded REAL value only a few bytes long can carry a very large exponent, causing float conversion through prettyPrint(), str(), comparison, arithmetic, int(), or an explicit float() call to consume excessive CPU and memory and hang applications that decode untrusted ASN.1 data and then print, log, or compare decoded objects. This issue is fixed in version 0.6.4. |
| CVE-2026-59885 | High | 7.5 v3 | - | - | -No fix available yet | 2026-07-14 | pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the BER, CER, and DER decoders process OBJECT IDENTIFIER and RELATIVE-OID values in quadratic time relative to the number of arcs, so a small crafted payload containing an OID with many arcs consumes excessive CPU per decode() call and can deny service to applications that decode untrusted ASN.1 data. The corresponding encoders have the same quadratic behavior when an application re-encodes previously decoded attacker-supplied values. This issue is fixed in version 0.6.4. |
| CVE-2026-59884 | High | 7.5 v3 | - | - | -No fix available yet | 2026-07-14 | pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the BER decoder shared by the CER and DER codecs parses long-form tags by accumulating continuation octets without an upper bound on the tag ID size, allowing a crafted input to force construction of an arbitrarily large integer with CPU cost growing quadratically and to trigger unhandled ValueError exceptions in Python 3.11+ error formatting paths. Any application decoding untrusted BER, CER, or DER input is affected. This issue is fixed in version 0.6.4. |
| CVE-2026-59200 | High | 7.5 v3 | - | - | -No fix available yet | 2026-07-14 | Pillow is a Python imaging library. From 5.1.0 until 12.3.0, PdfParser.PdfStream.decode() in PIL/PdfParser.py calls zlib.decompress() with bufsize set to the PDF stream Length field without bounding the decompressed output size, allowing a crafted FlateDecode PDF stream to exhaust memory from a small file. This issue is fixed in version 12.3.0. |
| CVE-2026-59197 | High | 8.2 v3 | - | - | -No fix available yet | 2026-07-14 | Pillow is a Python imaging library. Prior to 12.3.0, Pillow's public rank-filter API can trigger a native heap out-of-bounds write when given a very large odd filter size because ImageFilter.RankFilter.filter() calls image.expand(size // 2, size // 2) before rank-filter size validation and ImagingExpand() computes output dimensions with unchecked signed int arithmetic. This issue is fixed in version 12.3.0. |
| CVE-2026-58647 | High | 8.0 v3 | - | - | -No fix available yet | 2026-07-14 | Improper neutralization of input during web page generation ('cross-site scripting') in Power BI allows an authorized attacker to perform spoofing over a network. |
| CVE-2026-58644 | Critical | 9.8 v3 | - | - | -No fix available yet | 2026-07-14 | Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network. |
| CVE-2026-58640 | High | 7.3 v3 | - | - | -No fix available yet | 2026-07-14 | Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally. |
| CVE-2026-58636 | High | 7.8 v3 | - | - | -No fix available yet | 2026-07-14 | Improper link resolution before file access ('link following') in Window PC Manager allows an authorized attacker to elevate privileges locally. |
| CVE-2026-58635 | High | 7.8 v3 | - | - | -No fix available yet | 2026-07-14 | Improper neutralization of special elements used in a command ('command injection') in Windows Narrator Braille allows an authorized attacker to elevate privileges locally. |
| CVE-2026-58631 | High | 7.8 v3 | - | - | -No fix available yet | 2026-07-14 | Improper authorization in Windows Admin Center allows an authorized attacker to execute code locally. |
| CVE-2026-58618 | High | 7.8 v3 | - | - | -No fix available yet | 2026-07-14 | Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
| CVE-2026-58614 | Medium | 5.5 v3 | - | - | -No fix available yet | 2026-07-14 | Out-of-bounds read in Windows Kernel allows an authorized attacker to bypass a security feature locally. |
| CVE-2026-58610 | High | 7.8 v3 | - | - | -No fix available yet | 2026-07-14 | Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code locally. |
| CVE-2026-58609 | High | 7.8 v3 | - | - | -No fix available yet | 2026-07-14 | Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to execute code locally. |
| CVE-2026-58608 | High | 8.8 v3 | - | - | -No fix available yet | 2026-07-14 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to execute code over a network. |
| CVE-2026-58602 | High | 7.8 v3 | - | - | -No fix available yet | 2026-07-14 | Use after free in Windows Kernel Mode Driver allows an authorized attacker to elevate privileges locally. |
| CVE-2026-58601 | High | 7.8 v3 | - | - | -No fix available yet | 2026-07-14 | Heap-based buffer overflow in Virtual Hard Disk (VHD) Miniport Driver allows an authorized attacker to elevate privileges locally. |
| CVE-2026-58595 | High | 8.1 v3 | - | - | -No fix available yet | 2026-07-14 | Improper restriction of rendered ui layers or frames in Microsoft Bing App for IOS allows an unauthorized attacker to perform spoofing over a network. |
| CVE-2026-58526 | High | 7.0 v3 | - | - | -No fix available yet | 2026-07-14 | Use after free in Windows Storage allows an authorized attacker to elevate privileges locally. |
| CVE-2026-58279 | Medium | 6.5 v3 | - | - | -No fix available yet | 2026-07-14 | Missing authorization in Azure CycleCloud allows an authorized attacker to elevate privileges over a network. |
| CVE-2026-57979 | Medium | 6.5 v3 | - | - | -No fix available yet | 2026-07-14 | Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network. |
| CVE-2026-57976 | Medium | 6.5 v3 | - | - | -No fix available yet | 2026-07-14 | Null pointer dereference in Active Directory Domain Services allows an authorized attacker to deny service over a network. |
| CVE-2026-57969 | High | 8.8 v3 | - | - | -No fix available yet | 2026-07-14 | Missing authentication for critical function in Azure CycleCloud allows an authorized attacker to elevate privileges over a network. |
| CVE-2026-57107 | High | 7.8 v3 | - | - | -No fix available yet | 2026-07-14 | Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges locally. |
| CVE-2026-57097 | Medium | 6.4 v3 | - | - | -No fix available yet | 2026-07-14 | Untrusted search path in Microsoft XML allows an unauthorized attacker to bypass a security feature with a physical attack. |
| CVE-2026-56193 | High | 7.1 v3 | - | - | -No fix available yet | 2026-07-14 | Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally. |
| CVE-2026-56185 | Medium | 6.5 v3 | - | - | -No fix available yet | 2026-07-14 | Improper authentication in Windows Admin Center allows an authorized attacker to disclose information over a network. |
| CVE-2026-56170 | High | 7.5 v3 | - | - | -No fix available yet | 2026-07-14 | Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network. |
| CVE-2026-56169 | High | 8.1 v3 | - | - | -No fix available yet | 2026-07-14 | Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network. |
| CVE-2026-56164 | Medium | 5.3 v3 | - | - | -No fix available yet | 2026-07-14 | Missing authentication for critical function in Microsoft Office SharePoint allows an unauthorized attacker to elevate privileges over a network. |
| CVE-2026-56155 | High | 7.8 v3 | - | - | -No fix available yet | 2026-07-14 | Insufficient granularity of access control in Active Directory Federation Services (AD FS) allows an authorized attacker to elevate privileges locally. |
| CVE-2026-55948 | High | 7.8 v3 | - | - | -No fix available yet | 2026-07-14 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
| CVE-2026-55899 | High | 7.8 v3 | - | - | -No fix available yet | 2026-07-14 | Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
| CVE-2026-55144 | High | 7.1 v3 | - | - | -No fix available yet | 2026-07-14 | Missing cryptographic step in Windows CryptoAPI allows an authorized attacker to perform tampering locally. |
| CVE-2026-55014 | High | 7.8 v3 | - | - | -No fix available yet | 2026-07-14 | Improper access control in Windows Remote Help Defense allows an authorized attacker to elevate privileges locally. |
| CVE-2026-55012 | High | 7.8 v3 | - | - | -No fix available yet | 2026-07-14 | Integer overflow or wraparound in Microsoft Defender allows an unauthorized attacker to execute code locally. |
| CVE-2026-55011 | High | 7.8 v3 | - | - | -No fix available yet | 2026-07-14 | Integer underflow (wrap or wraparound) in Microsoft Defender allows an unauthorized attacker to execute code locally. |
| CVE-2026-55009 | High | 7.8 v3 | - | - | -No fix available yet | 2026-07-14 | Deserialization of untrusted data in Microsoft Exchange Server allows an authorized attacker to elevate privileges locally. |
| CVE-2026-55008 | Critical | 9.6 v3 | - | - | -No fix available yet | 2026-07-14 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. |
| CVE-2026-55006 | High | 7.8 v3 | - | - | -No fix available yet | 2026-07-14 | Insufficient granularity of access control in Microsoft Exchange Server allows an authorized attacker to elevate privileges locally. |
| CVE-2026-55005 | High | 8.8 v3 | - | - | -No fix available yet | 2026-07-14 | Heap-based buffer overflow in Microsoft Exchange Server allows an authorized attacker to execute code over a network. |
| CVE-2026-55004 | High | 7.8 v3 | - | - | -No fix available yet | 2026-07-14 | Double free in Microsoft Printer Drivers allows an authorized attacker to elevate privileges locally. |
| CVE-2026-55003 | Medium | 6.5 v3 | - | - | -No fix available yet | 2026-07-14 | Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network. |
| CVE-2026-55002 | High | 7.8 v3 | - | - | -No fix available yet | 2026-07-14 | External control of file name or path in SQL Server allows an authorized attacker to elevate privileges locally. |
| CVE-2026-55001 | High | 7.8 v3 | - | - | -No fix available yet | 2026-07-14 | Improper certificate validation in Windows Active Directory allows an authorized attacker to elevate privileges locally. |
| CVE-2026-55000 | Medium | 6.4 v3 | - | - | -No fix available yet | 2026-07-14 | Use after free in Windows USB Print Driver allows an unauthorized attacker to elevate privileges with a physical attack. |
| CVE-2026-54999 | High | 8.8 v3 | - | - | -No fix available yet | 2026-07-14 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over an adjacent network. |
- CriticalCVSS 9.6 v3·EPSS -·No fix yet
sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 0.7.1, getRegistryCredentials() reads credentials from the Docker config file and selects an entry by checking whether any configured auth key contains the target registry string. Because this is a substring match rather than an exact host match, credentials configured for one registry can be selected for and transmitted to a different registry whose hostname has a substring relationship with a configured auth key. This issue is fixed in version 0.7.1.
Published 2026-07-14
- MediumCVSS 6.5 v3·EPSS -·No fix yet
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.15.0 until 2.18.8, 2.21.4, and 3.1.4, Java Records using a PropertyNamingStrategy can bypass @JsonIgnore because POJOPropertiesCollector._removeUnwantedIgnorals() records an ignored component under its original implicit name before _renameUsing() applies the naming strategy, allowing the renamed JSON key to be assigned to the Record constructor parameter. This issue is fixed in versions 2.18.8, 2.21.4, and 3.1.4.
Published 2026-07-14
- HighCVSS 7.5 v3·EPSS -·No fix yet
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the univ.Real type converted its mantissa, base, and exponent value to a Python float using exact big-integer exponentiation. A BER, CER, or DER encoded REAL value only a few bytes long can carry a very large exponent, causing float conversion through prettyPrint(), str(), comparison, arithmetic, int(), or an explicit float() call to consume excessive CPU and memory and hang applications that decode untrusted ASN.1 data and then print, log, or compare decoded objects. This issue is fixed in version 0.6.4.
Published 2026-07-14
- HighCVSS 7.5 v3·EPSS -·No fix yet
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the BER, CER, and DER decoders process OBJECT IDENTIFIER and RELATIVE-OID values in quadratic time relative to the number of arcs, so a small crafted payload containing an OID with many arcs consumes excessive CPU per decode() call and can deny service to applications that decode untrusted ASN.1 data. The corresponding encoders have the same quadratic behavior when an application re-encodes previously decoded attacker-supplied values. This issue is fixed in version 0.6.4.
Published 2026-07-14
- HighCVSS 7.5 v3·EPSS -·No fix yet
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the BER decoder shared by the CER and DER codecs parses long-form tags by accumulating continuation octets without an upper bound on the tag ID size, allowing a crafted input to force construction of an arbitrarily large integer with CPU cost growing quadratically and to trigger unhandled ValueError exceptions in Python 3.11+ error formatting paths. Any application decoding untrusted BER, CER, or DER input is affected. This issue is fixed in version 0.6.4.
Published 2026-07-14
- HighCVSS 7.5 v3·EPSS -·No fix yet
Pillow is a Python imaging library. From 5.1.0 until 12.3.0, PdfParser.PdfStream.decode() in PIL/PdfParser.py calls zlib.decompress() with bufsize set to the PDF stream Length field without bounding the decompressed output size, allowing a crafted FlateDecode PDF stream to exhaust memory from a small file. This issue is fixed in version 12.3.0.
Published 2026-07-14
- HighCVSS 8.2 v3·EPSS -·No fix yet
Pillow is a Python imaging library. Prior to 12.3.0, Pillow's public rank-filter API can trigger a native heap out-of-bounds write when given a very large odd filter size because ImageFilter.RankFilter.filter() calls image.expand(size // 2, size // 2) before rank-filter size validation and ImagingExpand() computes output dimensions with unchecked signed int arithmetic. This issue is fixed in version 12.3.0.
Published 2026-07-14
- HighCVSS 8.0 v3·EPSS -·No fix yet
Improper neutralization of input during web page generation ('cross-site scripting') in Power BI allows an authorized attacker to perform spoofing over a network.
Published 2026-07-14
- CriticalCVSS 9.8 v3·EPSS -·No fix yet
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.
Published 2026-07-14
- HighCVSS 7.3 v3·EPSS -·No fix yet
Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.
Published 2026-07-14
- HighCVSS 7.8 v3·EPSS -·No fix yet
Improper link resolution before file access ('link following') in Window PC Manager allows an authorized attacker to elevate privileges locally.
Published 2026-07-14
- HighCVSS 7.8 v3·EPSS -·No fix yet
Improper neutralization of special elements used in a command ('command injection') in Windows Narrator Braille allows an authorized attacker to elevate privileges locally.
Published 2026-07-14
- HighCVSS 7.8 v3·EPSS -·No fix yet
Improper authorization in Windows Admin Center allows an authorized attacker to execute code locally.
Published 2026-07-14
- HighCVSS 7.8 v3·EPSS -·No fix yet
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Published 2026-07-14
- MediumCVSS 5.5 v3·EPSS -·No fix yet
Out-of-bounds read in Windows Kernel allows an authorized attacker to bypass a security feature locally.
Published 2026-07-14
- HighCVSS 7.8 v3·EPSS -·No fix yet
Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code locally.
Published 2026-07-14
- HighCVSS 7.8 v3·EPSS -·No fix yet
Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to execute code locally.
Published 2026-07-14
- HighCVSS 8.8 v3·EPSS -·No fix yet
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to execute code over a network.
Published 2026-07-14
- HighCVSS 7.8 v3·EPSS -·No fix yet
Use after free in Windows Kernel Mode Driver allows an authorized attacker to elevate privileges locally.
Published 2026-07-14
- HighCVSS 7.8 v3·EPSS -·No fix yet
Heap-based buffer overflow in Virtual Hard Disk (VHD) Miniport Driver allows an authorized attacker to elevate privileges locally.
Published 2026-07-14
- HighCVSS 8.1 v3·EPSS -·No fix yet
Improper restriction of rendered ui layers or frames in Microsoft Bing App for IOS allows an unauthorized attacker to perform spoofing over a network.
Published 2026-07-14
- HighCVSS 7.0 v3·EPSS -·No fix yet
Use after free in Windows Storage allows an authorized attacker to elevate privileges locally.
Published 2026-07-14
- MediumCVSS 6.5 v3·EPSS -·No fix yet
Missing authorization in Azure CycleCloud allows an authorized attacker to elevate privileges over a network.
Published 2026-07-14
- MediumCVSS 6.5 v3·EPSS -·No fix yet
Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
Published 2026-07-14
- MediumCVSS 6.5 v3·EPSS -·No fix yet
Null pointer dereference in Active Directory Domain Services allows an authorized attacker to deny service over a network.
Published 2026-07-14
- HighCVSS 8.8 v3·EPSS -·No fix yet
Missing authentication for critical function in Azure CycleCloud allows an authorized attacker to elevate privileges over a network.
Published 2026-07-14
- HighCVSS 7.8 v3·EPSS -·No fix yet
Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges locally.
Published 2026-07-14
- MediumCVSS 6.4 v3·EPSS -·No fix yet
Untrusted search path in Microsoft XML allows an unauthorized attacker to bypass a security feature with a physical attack.
Published 2026-07-14
- HighCVSS 7.1 v3·EPSS -·No fix yet
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
Published 2026-07-14
- MediumCVSS 6.5 v3·EPSS -·No fix yet
Improper authentication in Windows Admin Center allows an authorized attacker to disclose information over a network.
Published 2026-07-14
- HighCVSS 7.5 v3·EPSS -·No fix yet
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
Published 2026-07-14
- HighCVSS 8.1 v3·EPSS -·No fix yet
Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
Published 2026-07-14
- MediumCVSS 5.3 v3·EPSS -·No fix yet
Missing authentication for critical function in Microsoft Office SharePoint allows an unauthorized attacker to elevate privileges over a network.
Published 2026-07-14
- HighCVSS 7.8 v3·EPSS -·No fix yet
Insufficient granularity of access control in Active Directory Federation Services (AD FS) allows an authorized attacker to elevate privileges locally.
Published 2026-07-14
- HighCVSS 7.8 v3·EPSS -·No fix yet
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Published 2026-07-14
- HighCVSS 7.8 v3·EPSS -·No fix yet
Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Published 2026-07-14
- HighCVSS 7.1 v3·EPSS -·No fix yet
Missing cryptographic step in Windows CryptoAPI allows an authorized attacker to perform tampering locally.
Published 2026-07-14
- HighCVSS 7.8 v3·EPSS -·No fix yet
Improper access control in Windows Remote Help Defense allows an authorized attacker to elevate privileges locally.
Published 2026-07-14
- HighCVSS 7.8 v3·EPSS -·No fix yet
Integer overflow or wraparound in Microsoft Defender allows an unauthorized attacker to execute code locally.
Published 2026-07-14
- HighCVSS 7.8 v3·EPSS -·No fix yet
Integer underflow (wrap or wraparound) in Microsoft Defender allows an unauthorized attacker to execute code locally.
Published 2026-07-14
- HighCVSS 7.8 v3·EPSS -·No fix yet
Deserialization of untrusted data in Microsoft Exchange Server allows an authorized attacker to elevate privileges locally.
Published 2026-07-14
- CriticalCVSS 9.6 v3·EPSS -·No fix yet
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
Published 2026-07-14
- HighCVSS 7.8 v3·EPSS -·No fix yet
Insufficient granularity of access control in Microsoft Exchange Server allows an authorized attacker to elevate privileges locally.
Published 2026-07-14
- HighCVSS 8.8 v3·EPSS -·No fix yet
Heap-based buffer overflow in Microsoft Exchange Server allows an authorized attacker to execute code over a network.
Published 2026-07-14
- HighCVSS 7.8 v3·EPSS -·No fix yet
Double free in Microsoft Printer Drivers allows an authorized attacker to elevate privileges locally.
Published 2026-07-14
- MediumCVSS 6.5 v3·EPSS -·No fix yet
Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.
Published 2026-07-14
- HighCVSS 7.8 v3·EPSS -·No fix yet
External control of file name or path in SQL Server allows an authorized attacker to elevate privileges locally.
Published 2026-07-14
- HighCVSS 7.8 v3·EPSS -·No fix yet
Improper certificate validation in Windows Active Directory allows an authorized attacker to elevate privileges locally.
Published 2026-07-14
- MediumCVSS 6.4 v3·EPSS -·No fix yet
Use after free in Windows USB Print Driver allows an unauthorized attacker to elevate privileges with a physical attack.
Published 2026-07-14
- HighCVSS 8.8 v3·EPSS -·No fix yet
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over an adjacent network.
Published 2026-07-14
Free CVE lookup by TridentStack Control, automated patching for Windows, macOS, and Linux fleets. Learn more·Uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog.