) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.
For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
Legal Disclaimer:
Here is where you can read the NVD legal disclaimer.
-
CVE-2026-21245 - Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
Published: February 10, 2026; 1:16:25 PM -0500V3.1: 7.8 HIGH
-
CVE-2026-21244 - Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.
Published: February 10, 2026; 1:16:25 PM -0500V3.1: 7.3 HIGH
-
CVE-2026-21243 - Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.
Published: February 10, 2026; 1:16:25 PM -0500V3.1: 7.5 HIGH
-
CVE-2026-24070 - During the installation of the Native Access application, a privileged helper `com.native-instruments.NativeAccess.Helper2`, which is used by Native Access to trigger functions via XPC communication like copy-file, remove or set-permissions, is de... read CVE-2026-24070
Published: February 02, 2026; 9:16:35 AM -0500 -
CVE-2026-24071 - It was found that the XPC service offered by the privileged helper of Native Access uses the PID of the connecting client to verify its code signature. This is considered insecure and can be exploited by PID reuse attacks. The connection handler ... read CVE-2026-24071
Published: February 02, 2026; 9:16:35 AM -0500 -
CVE-2026-21246 - Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
Published: February 10, 2026; 1:16:26 PM -0500V3.1: 7.8 HIGH
-
CVE-2025-15395 - IBM Jazz Foundation 7.0.3 through 7.0.3 iFix019 and 7.1.0 through 7.1.0 iFix005 is vulnerable to access control violations that allows the users to view or access/perform actions beyond their expected capability.
Published: February 02, 2026; 11:16:18 AM -0500V3.1: 5.4 MEDIUM
-
CVE-2025-36253 - IBM Concert 1.0.0 through 2.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
Published: February 02, 2026; 6:15:59 PM -0500V3.1: 7.5 HIGH
-
CVE-2025-70958 - Multiple reflected cross-site scripting (XSS) vulnerabilities in the installation module of Subrion CMS v4.2.1 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, d... read CVE-2025-70958
Published: February 02, 2026; 6:16:02 PM -0500 -
CVE-2025-70959 - A stored cross-site scripting (XSS) vulnerability in the Jobs module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.
Published: February 02, 2026; 6:16:02 PM -0500 -
CVE-2026-20846 - Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network.
Published: February 10, 2026; 1:16:22 PM -0500V3.1: 7.5 HIGH
-
CVE-2025-70960 - A stored cross-site scripting (XSS) vulnerability in the Forums module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.
Published: February 02, 2026; 6:16:02 PM -0500 -
CVE-2026-23571 - A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-RunPkgStatusRequest instruction. Improper input validation allows authenticated attackers with actioner privilege to run elevated ... read CVE-2026-23571
Published: January 29, 2026; 4:16:04 AM -0500 -
CVE-2025-59818 - This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file.
Published: February 04, 2026; 6:16:01 AM -0500V3.1: 9.8 CRITICAL
-
CVE-2026-23570 - A missing validation of a user-controlled value in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an adjacent network attacker to tamper with log timestamps via c... read CVE-2026-23570
Published: January 29, 2026; 4:16:04 AM -0500 -
CVE-2026-21248 - Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.
Published: February 10, 2026; 1:16:26 PM -0500V3.1: 7.3 HIGH
-
CVE-2025-70997 - A vulnerability has been discovered in eladmin v2.7 and before. This vulnerability allows for an arbitrary user password reset under any user permission level.
Published: February 04, 2026; 10:16:13 AM -0500V3.1: 6.5 MEDIUM
-
CVE-2026-23569 - An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows a remote attacker to leak stack memory and cause a denial of service via a c... read CVE-2026-23569
Published: January 29, 2026; 4:16:04 AM -0500V3.1: 7.5 HIGH
-
CVE-2025-69618 - An arbitrary file overwrite vulnerability in the file import process of Tarot, Astro & Healing v11.4.0 allows attackers to overwrite critical internal files, potentially leading to arbitrary code execution or exposure of sensitive information.
Published: February 04, 2026; 10:16:13 AM -0500V3.1: 6.5 MEDIUM
-
CVE-2026-23568 - An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause information disclosure or denia... read CVE-2026-23568
Published: January 29, 2026; 4:16:04 AM -0500V3.1: 8.1 HIGH