tag
Windows
Medium
VLC Bundled FFmpeg VP9 Decoder Resolution-Change Heap Crash
None assigned as of 2026-07-03·
VLC media player, bundled FFmpeg VP9 decoder (plugins/codec/libavcodec_plugin.dll)
unpatched
High
System Informer phsvc Trusted-Host Confused Deputy LPE
None assigned as of 2026-07-03·
System Informer (Process Hacker successor), phsvc helper process
unpatched
High
OpenVPN Connect Server-Pushed Option Current-User Command Execution
None assigned as of 2026-07-03·
OpenVPN Connect for Windows
unpatched
Critical
libssh2 Publickey Subsystem List Parser Heap Corruption to Code Execution
None assigned as of 2026-07-03·
libssh2, publickey subsystem list parser (src/publickey.c)
unpatched
High
ImageMagick Ghostscript Delegate Search Path Hijack
None assigned as of 2026-07-03·
ImageMagick (Ghostscript delegate for PDF/PS/EPS conversion) on Windows
unpatched
High
Flowise Custom MCP Environment Variable Case Bypass
None assigned as of 2026-07-03·
Flowise / flowise-components
unpatched
High
AnyDesk Printer Pipe COM Impersonation Local Privilege Escalation
None assigned as of 2026-07-03·
AnyDesk for Windows 9.7.6
unpatched
High
7-Zip RAR5 Mark-of-the-Web / ADS Full-Chain Bypass
None assigned as of 2026-07-03·
7-Zip 26.01 x64 for Windows
unpatched
High
Windows CTFMON Arbitrary Section Object EoP — GreenPlasma (CVE-2026-45586)
CVE-2026-45586·
Windows Collaborative Translation Framework (CTFMON service)
patched
High
Notepad++ <= 8.9.6 Multiple Vulnerabilities (CVE-2026-48770, CVE-2026-48778, CVE-2026-48800)
CVE-2026-48770, CVE-2026-48778, CVE-2026-48800·
Notepad++
unpatched
Medium
Windows NTLM Hash Disclosure via File Explorer - CVE-2025-24054
CVE-2025-24054·
Windows File Explorer (Windows Shell)
patched
High
Windows MMC MSC EvilTwin - CVE-2025-26633
CVE-2025-26633·
Microsoft Management Console (MMC), Windows
patched
Critical
ToolShell - SharePoint Unauthenticated RCE Chain
CVE-2025-53770, CVE-2025-53771, CVE-2025-49704, CVE-2025-49706·
Microsoft SharePoint Server
patched
Critical
Windows OLE Zero-Click RCE via Outlook RTF (CVE-2025-21298)
CVE-2025-21298·
Microsoft Windows OLE (ole32.dll) as reached by Outlook/Word RTF parsing
patched
Critical
Adobe Acrobat/Reader Prototype Pollution Sandbox Escape (CVE-2026-34621)
CVE-2026-34621·
Adobe Acrobat DC / Adobe Acrobat Reader DC / Adobe Acrobat 2024 JavaScript engine sandbox boundary
unpatched
High
WinRAR Archive Extraction Path Traversal (CVE-2025-6218)
CVE-2025-6218·
WinRAR archive extraction workflow
unpatched
High
MiniPlasma - Windows Cloud Files Mini Filter Driver LPE (CVE-2020-17103)
CVE-2020-17103·
Windows Cloud Files Mini Filter Driver (cldflt.sys) / cldapi.dll
unpatched
Critical
HTTP Protocol Stack Remote Code Execution Vulnerability (CVE-2021-31166)
CVE-2021-31166·
Microsoft Windows HTTP Protocol Stack (http.sys)
patched
High
CVE-2024-21338 — Local Privilege Escalation from Admin to Kernel
CVE-2024-21338·
Microsoft Windows AppLocker driver path (\\Device\\AppID)
patched