Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

CVE-2026-20810: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

Microsoft Security Response Center
Open in Source
#vulnerability#windows#Windows Ancillary Function Driver for WinSock#Security Vulnerability
CVE-2026-20808: Windows File Explorer Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Printer Association Object allows an authorized attacker to elevate privileges locally.

CVE-2026-21265: Secure Boot Certificate Expiration Security Feature Bypass Vulnerability

**What kind of security feature could be bypassed by successfully exploiting this vulnerability?** An attacker who successfully exploited this vulnerability could bypass Secure Boot.

CVE-2026-20809: Windows Kernel Memory Elevation of Privilege Vulnerability

Time-of-check time-of-use (toctou) race condition in Windows Kernel Memory allows an authorized attacker to elevate privileges locally.

CVE-2026-20803: Microsoft SQL Server Elevation of Privilege Vulnerability

Missing authentication for critical function in SQL Server allows an authorized attacker to elevate privileges over a network.

CISA Warns of Active Exploitation of Gogs Vulnerability Enabling Code Execution

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of active exploitation of a high-severity security flaw impacting Gogs by adding it to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, tracked as CVE-2025-8110 (CVSS score: 8.7), relates to a case of path traversal in the repository file editor that could result in code execution. "Gogs Path

Received an Instagram password reset email? Here’s what you need to know

Instagram users received emails last week about purported password reset attempts. At the same time, Instagram data appeared on the dark web.

5 Best Secure Container Images for Modern Applications (2026)

Secure container images are now essential for modern apps. These five options help teams reduce risk, cut patching effort, and improve long-term security.

GHSA-9rp8-h4g8-8766: Weblate wlc has insecure API key configuration

### Impact Historically, wlc supported providing unscoped API keys in the setting. This practice was discouraged for years, but the code was never removed. This might cause the API key to be used against different server. ### Patches * https://github.com/WeblateOrg/wlc/pull/1098 ### Workarounds Remove unscoped `key` from wlc configuration. Only use URL-scoped keys in the `[keys]` sections. ### References This issue was reported to us by [wh1zee](https://hackerone.com/wh1zee) via HackerOne.

Cybersecurity in the Public Sector: Challenges, Strategies and Best Practices

Public sector cybersecurity faces outdated systems, budget gaps, and rising attacks. Learn key challenges, defense strategies, and proven best practices.