|
761
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a network.
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-42903
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
762
|
7.8 |
HIGH
Local
|
-
|
-
|
Improper authorization in Microsoft PowerToys allows an authorized attacker to elevate privileges locally.
New
|
CWE-285
Improper Authorization
|
CVE-2026-42902
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
763
|
7.8 |
HIGH
Local
|
-
|
-
|
Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-42837
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
764
|
7.0 |
HIGH
Local
|
-
|
-
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
New
|
CWE-362
CWE-416
Race Condition
Use After Free
|
CVE-2026-42836
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
765
|
8.1 |
HIGH
Network
|
-
|
-
|
Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Teams for Android allows an authorized attacker to disclose information over a network.
New
|
CWE-74
Injection
|
CVE-2026-42835
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
766
|
7.8 |
HIGH
Local
|
-
|
-
|
Improper access control in Windows Administrator Protection allows an authorized attacker to bypass a security feature locally.
New
|
CWE-284
Improper Access Control
|
CVE-2026-42829
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
767
|
7.8 |
HIGH
Local
|
-
|
-
|
Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.
New
|
CWE-126
Buffer Over-read
|
CVE-2026-42828
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
768
|
- |
|
-
|
-
|
Svelte is a performance oriented web framework. Prior to version 5.55.7, when using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-42599
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
769
|
- |
|
-
|
-
|
Svelte is a performance oriented web framework. Prior to version 5.55.7, Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks. This …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-42573
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
770
|
7.5 |
HIGH
Network
|
-
|
-
|
Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From version 5.6.3 to before version 5.8.1, devalue.parse could, due to qu…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-42570
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
