Search Results (245 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-15029 1 Asus 3 Business Manager, System Control Interface, System Control Interface V3 2026-07-16 N/A
Untrusted Pointer Dereference in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to perform arbitrary physical memory read and write operations via crafted IOCTL requests to the driver, bypassing OS-enforced memory protections. Refer to the '  Security Update for ASUS System Control Interface  ' section on the ASUS Security Advisory for more information.
CVE-2026-55138 1 Microsoft 10 365 Apps, Excel 2016, Microsoft Office 365 For Mac and 7 more 2026-07-16 5.5 Medium
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-48580 1 Microsoft 9 365 Apps, Excel 2016, Office 2019 and 6 more 2026-07-15 5.5 Medium
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-50367 1 Microsoft 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more 2026-07-15 7.8 High
Incorrect access of indexable resource ('range error') in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally.
CVE-2026-50382 1 Microsoft 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more 2026-07-15 8.8 High
Untrusted pointer dereference in Windows DirectX allows an authorized attacker to execute code locally.
CVE-2026-50441 1 Microsoft 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more 2026-07-15 7.8 High
Untrusted pointer dereference in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally.
CVE-2026-48340 2026-07-15 7.8 High
Bridge is affected by an Untrusted Pointer Dereference vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-50424 1 Microsoft 4 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 1 more 2026-07-14 7.5 High
Untrusted pointer dereference in Windows Domain Controller allows an unauthorized attacker to deny service over a network.
CVE-2026-55136 1 Microsoft 8 365 Apps, Excel 2016, Office 2019 and 5 more 2026-07-14 7.8 High
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-50479 1 Microsoft 6 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 3 more 2026-07-14 7.8 High
Untrusted pointer dereference in Windows USB Hub Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-58596 1 Microsoft 1 Edge Chromium 2026-07-13 8.3 High
Untrusted pointer dereference in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-45645 1 Microsoft 8 365 Apps, Office 2016, Office 2019 and 5 more 2026-07-08 7.8 High
Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-5757 1 Ollama 1 Ollama 2026-06-29 7.5 High
Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence.
CVE-2026-45471 1 Microsoft 14 365 Apps, Microsoft 365 Apps For Enterprise, Office 2019 and 11 more 2026-06-24 7.8 High
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-48137 1 Ni 2 Grpc-device, Instrumentstudio 2026-06-22 9.1 Critical
There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attacker to cause an arbitrary memory dereference, potentially resulting in remote code execution.  Successful exploitation requires an attacker  to supply a specially crafted Moniker protobuf message.  This affects NI grpc-device 2.17.0 and prior versions.
CVE-2026-45958 1 Linux 1 Linux Kernel 2026-06-16 7.1 High
In the Linux kernel, the following vulnerability has been resolved: drm/exynos: vidi: fix to avoid directly dereferencing user pointer In vidi_connection_ioctl(), vidi->edid(user pointer) is directly dereferenced in the kernel. This allows arbitrary kernel memory access from the user space, so instead of directly accessing the user pointer in the kernel, we should modify it to copy edid to kernel memory using copy_from_user() and use it.
CVE-2026-44805 1 Microsoft 5 Windows Server 2019, Windows Server 2019 (server Core Installation), Windows Server 2022 and 2 more 2026-06-11 5.5 Medium
Use after free in Windows Network Controller (NC) Host Agent allows an authorized attacker to deny service locally.
CVE-2026-45643 1 Microsoft 13 365 Apps, Microsoft 365, Microsoft 365 Apps For Enterprise and 10 more 2026-06-11 7.8 High
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-5713 1 Python 1 Cpython 2026-06-10 6.0 Medium
The "profiling.sampling" module (Python 3.15+) and "asyncio introspection capabilities" (3.14+, "python -m asyncio ps" and "python -m asyncio pstree") features could be used to read and write addresses in a privileged process if that process connected to a malicious or "infected" Python process via the remote debugging feature. This vulnerability requires persistently and repeatedly connecting to the process to be exploited, even after the connecting process crashes with high likelihood due to ASLR.
CVE-2024-49090 1 Microsoft 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more 2026-06-09 7.8 High
Windows Common Log File System Driver Elevation of Privilege Vulnerability