|
1251
|
7.0 |
HIGH
Local
|
microsoft
|
windows_10_1607
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2012
windows_server_2016
w…
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
|
CWE-362
Race Condition
|
CVE-2026-42912
|
2026-06-12 04:47 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1252
|
7.0 |
HIGH
Local
|
microsoft
|
windows_10_1607
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2012
windows_server_2016
w…
|
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
|
CWE-416
Use After Free
|
CVE-2026-42911
|
2026-06-12 04:47 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1253
|
7.8 |
HIGH
Local
|
microsoft
|
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2025
|
Out-of-bounds write in Windows Hotpatch Monitoring Service allows an authorized attacker to elevate privileges locally.
|
CWE-787
Out-of-bounds Write
|
CVE-2026-42910
|
2026-06-12 04:46 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1254
|
5.5 |
MEDIUM
Local
|
x.org
redhat
|
x_server
xwayland
enterprise_linux
|
A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow(). A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, le…
|
CWE-416
Use After Free
|
CVE-2026-50263
|
2026-06-12 04:46 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1255
|
7.1 |
HIGH
Local
|
samsung
|
assistant
|
Improper export of android application components in ExpressHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script.
|
NVD-CWE-noinfo
|
CVE-2026-21033
|
2026-06-12 04:43 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1256
|
7.1 |
HIGH
Local
|
samsung
|
assistant
|
Improper export of android application components in SmartHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script.
|
NVD-CWE-noinfo
|
CVE-2026-21032
|
2026-06-12 04:42 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1257
|
6.5 |
MEDIUM
Network
|
erlang
|
erlang\/inets
erlang\/otp
ftp
|
Server-Side Request Forgery (SSRF) vulnerability in Erlang/OTP ftp (ftp_internal module) allows FTP bounce attacks and SSRF via an unvalidated PASV response IP address.
The ftp_internal:handle_ctrl_…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-48858
|
2026-06-12 04:27 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1258
|
6.5 |
MEDIUM
Network
|
microsoft
|
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2019
windows_server_2022
windows_server_2025
|
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.
|
CWE-200
Information Exposure
|
CVE-2026-42907
|
2026-06-12 04:23 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1259
|
8.6 |
HIGH
Local
|
adobe
|
dreamweaver
|
Dreamweaver Desktop versions 21.7 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in arbitrary code execution in the context of the curren…
|
NVD-CWE-noinfo
|
CVE-2026-47906
|
2026-06-12 04:22 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1260
|
6.3 |
MEDIUM
Local
|
adobe
|
dreamweaver
|
Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to a…
|
CWE-284
NVD-CWE-noinfo
Improper Access Control
|
CVE-2026-47907
|
2026-06-12 04:21 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
