Discover Vulnerabilities Now!

Vulnerabilities
---
Vendors
---
Products
---
Vulnerability Media Exposure
These listed vulnerabilities have been referenced across multiple public sources, indicating high media attention and potential significance.
See more
CVE-2026-21533
HIGH

Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

microsoft:windows_10_1607
microsoft:windows_10_1809
microsoft:windows_10_21h2
microsoft:windows_10_22h2
microsoft:windows_11_23h2
microsoft:windows_11_24h2
microsoft:windows_11_25h2
microsoft:windows_server_2012
microsoft:windows_server_2016
microsoft:windows_server_2019
microsoft:windows_server_2022
microsoft:windows_server_2022_23h2
microsoft:windows_server_2025
CVE-2026-21525
MEDIUM

Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally.

microsoft:windows_10_1607
microsoft:windows_10_1809
microsoft:windows_10_21h2
microsoft:windows_10_22h2
microsoft:windows_11_23h2
microsoft:windows_11_24h2
microsoft:windows_11_25h2
microsoft:windows_server_2012
microsoft:windows_server_2016
microsoft:windows_server_2019
microsoft:windows_server_2022
microsoft:windows_server_2022_23h2
microsoft:windows_server_2025
CVE-2026-21519
HIGH

Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

microsoft:windows_10_1607
microsoft:windows_10_1809
microsoft:windows_10_21h2
microsoft:windows_10_22h2
microsoft:windows_11_23h2
microsoft:windows_11_24h2
microsoft:windows_11_25h2
microsoft:windows_server_2016
microsoft:windows_server_2019
microsoft:windows_server_2022
microsoft:windows_server_2022_23h2
microsoft:windows_server_2025
CVE-2026-21513
HIGH

Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.

microsoft:windows_10_1607
microsoft:windows_10_1809
microsoft:windows_10_21h2
microsoft:windows_10_22h2
microsoft:windows_11_23h2
microsoft:windows_11_24h2
microsoft:windows_11_25h2
microsoft:windows_server_2012
microsoft:windows_server_2016
microsoft:windows_server_2019
microsoft:windows_server_2022
microsoft:windows_server_2022_23h2
microsoft:windows_server_2025
CVE-2026-21510
HIGH

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

microsoft:windows_10_1607
microsoft:windows_10_1809
microsoft:windows_10_21h2
microsoft:windows_10_22h2
microsoft:windows_11_23h2
microsoft:windows_11_24h2
microsoft:windows_11_25h2
microsoft:windows_server_2012
microsoft:windows_server_2016
microsoft:windows_server_2019
microsoft:windows_server_2022
microsoft:windows_server_2022_23h2
microsoft:windows_server_2025
Newly recorded security issues per week
Stay up to date! New information is added to our knowledge database every day. Here you can see the history of newly added vulnerabilities that have been added to our CVE DB in recent years.
Vulnerabilities by severity (over the last 7 days)
Information about the vulnerabilities of the last 7 days can be found here. As you can see, critical vulnerabilities are also added on a daily basis. Therefore, validate your current security situation sets on a daily basis to ensure the security of your IT.
CVSS Score Distribution
The CVSS score rates security vulnerabilities from 0 to 10, based on factors like attack vectors and impacts on confidentiality, integrity, and availability.
EPSS Score Distribution
The EPSS score predicts the likelihood of a known vulnerability being exploited, complementing CVSS by assessing real-world exploitability based on threat activity and exploit availability.
Latest Vulnerability Reports
The 10 most recently published CVE reports.

  • CVE-2026-2545

    LOW

    A weakness has been identified in LigeroSmart up to 6.1.26. Impacted is an unknown function of the file /otrs/index.pl?Action=AgentTicketSearch. This manipulation of the argument Profile causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

  • CVE-2026-2544

    HIGH

    A security flaw has been discovered in yued-fe LuLu UI up to 3.0.0. This issue affects the function child_process.exec of the file run.js. The manipulation results in os command injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

  • CVE-2026-2543

    LOW

    A vulnerability was identified in vichan-devel vichan up to 5.1.5. This vulnerability affects unknown code of the file inc/mod/pages.php of the component Password Change Handler. The manipulation of the argument Password leads to unverified password change. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way.

  • CVE-2026-2542

    HIGH

    A weakness has been identified in Total VPN 0.5.29.0 on Windows. Affected by this vulnerability is an unknown functionality of the file C:\Program Files\Total VPN\win-service.exe. Executing a manipulation can lead to unquoted search path. It is possible to launch the attack on the local host. This attack is characterized by high complexity. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.

  • CVE-2026-2538

    HIGH

    A security flaw has been discovered in Flos Freeware Notepad2 4.2.22/4.2.23/4.2.24/4.2.25. Affected is an unknown function in the library Msimg32.dll. Performing a manipulation results in uncontrolled search path. Attacking locally is a requirement. The attack's complexity is rated as high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.

  • CVE-2026-0929

    UNKNOWN

    The RegistrationMagic WordPress plugin before 6.0.7.2 does not have proper capability checks, allowing subscribers and above to create forms on the site.

  • CVE-2026-2537

    MEDIUM

    A vulnerability was identified in Comfast CF-E4 2.6.0.1. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET&section=ntp_timezone of the component HTTP POST Request Handler. Such manipulation of the argument timestr leads to command injection. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

  • CVE-2026-2536

    MEDIUM

    A vulnerability was determined in opencc JFlow up to 20260129. This affects the function Imp_Done of the file src/main/java/bp/wf/httphandler/WF_Admin_AttrFlow.java of the component Workflow Engine. This manipulation of the argument File causes xml external entity reference. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.

  • CVE-2026-2535

    MEDIUM

    A vulnerability was found in Comfast CF-N1 V2 2.6.0.2. The impacted element is the function sub_44AB9C of the file /cgi-bin/mbox-config?method=SET&section=ptest_channel. The manipulation of the argument channel results in command injection. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

  • CVE-2026-2534

    MEDIUM

    A vulnerability has been found in Comfast CF-N1 V2 2.6.0.2. The affected element is the function sub_44AC4C of the file /cgi-bin/mbox-config?method=SET&section=ptest_bandwidth. The manipulation of the argument bandwidth leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.