DE EN FR
hlukh.ch MàJ : 2026-02-26T12:01:36.605Z · week: 2025-W11

Alertes de sécurité

Sélectionnées à partir d'avis publics. Objectif : visibilité, contexte et export rapide — sans clickbait.

85
Total
0
Critique
85
Élevée
0
Nouveaux ce mois
73
Mis à jour ce mois
Télécharger JSON Télécharger CSV
Alertes récentes
CVE-2024-12905
An Improper Link Resolution Before File Access ("Link Following") and Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package. This issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.8.
2026‑02‑21 · CVE-2024-12905
MSRC 2026‑02‑21 Élevée
CVE-2025-27363
An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.
2026‑02‑21 · CVE-2025-27363
MSRC 2026‑02‑21 Élevée
CVE-2025-24070
ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability
2026‑02‑21 · CVE-2025-24070
MSRC 2026‑02‑21 Élevée
CVE-2025-26627
Azure Arc Installer Elevation of Privilege Vulnerability
2026‑02‑21 · CVE-2025-26627
MSRC 2026‑02‑21 Élevée
CVE-2025-24049
Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability
2026‑02‑21 · CVE-2025-24049
MSRC 2026‑02‑21 Élevée
CVE-2025-21384
Azure Health Bot Elevation of Privilege Vulnerability
2026‑02‑21 · CVE-2025-21384
MSRC 2026‑02‑21 Élevée
CVE-2025-26683
Azure Playwright Elevation of Privilege Vulnerability
2026‑02‑21 · CVE-2025-26683
MSRC 2026‑02‑21 Élevée
CVE-2025-21867
bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type()
2026‑02‑21 · CVE-2025-21867
MSRC 2026‑02‑21 Élevée
CVE-2025-21858
geneve: Fix use-after-free in geneve_find_dev().
2026‑02‑21 · CVE-2025-21858
MSRC 2026‑02‑21 Élevée
CVE-2025-2915
HDF5 H5Faccum.c H5F__accum_free heap-based overflow
2026‑02‑21 · CVE-2025-2915
MSRC 2026‑02‑21 Élevée
CVE-2025-21855
ibmvnic: Don't reference skb after sending to VIOS
2026‑02‑21 · CVE-2025-21855
MSRC 2026‑02‑21 Élevée
CVE-2025-27423
Improper Input Validation in Vim
2026‑02‑21 · CVE-2025-27423
MSRC 2026‑02‑21 Élevée
CVE-2025-21863
io_uring: prevent opcode speculation
2026‑02‑21 · CVE-2025-21863
MSRC 2026‑02‑21 Élevée
CVE-2025-27516
Jinja sandbox breakout through attr filter selecting format method
2026‑02‑21 · CVE-2025-27516
MSRC 2026‑02‑21 Élevée
CVE-2025-30204
jwt-go allows excessive memory allocation during header parsing
2026‑02‑21 · CVE-2025-30204
MSRC 2026‑02‑21 Élevée
CVE-2025-24046
Kernel Streaming Service Driver Elevation of Privilege Vulnerability
2026‑02‑21 · CVE-2025-24046
MSRC 2026‑02‑21 Élevée
CVE-2025-24066
Kernel Streaming Service Driver Elevation of Privilege Vulnerability
2026‑02‑21 · CVE-2025-24066
MSRC 2026‑02‑21 Élevée
CVE-2025-24067
Kernel Streaming Service Driver Elevation of Privilege Vulnerability
2026‑02‑21 · CVE-2025-24067
MSRC 2026‑02‑21 Élevée
CVE-2025-24995
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
2026‑02‑21 · CVE-2025-24995
MSRC 2026‑02‑21 Élevée
CVE-2025-30211
KEX init error results with excessive memory usage
2026‑02‑21 · CVE-2025-30211
MSRC 2026‑02‑21 Élevée
CVE-2024-58083
KVM: Explicitly verify target vCPU is online in kvm_get_vcpu()
2026‑02‑21 · CVE-2024-58083
MSRC 2026‑02‑21 Élevée
CVE-2024-8176
Libexpat: expat: improper restriction of xml entity expansion depth in libexpat
2026‑02‑21 · CVE-2024-8176
MSRC 2026‑02‑21 Élevée
CVE-2025-29786
Memory Exhaustion in Expr Parser with Unrestricted Input
2026‑02‑21 · CVE-2025-29786
MSRC 2026‑02‑21 Élevée
CVE-2025-26630
Microsoft Access Remote Code Execution Vulnerability
2026‑02‑21 · CVE-2025-26630
MSRC 2026‑02‑21 Élevée
CVE-2025-24053
Microsoft Dataverse Elevation of Privilege Vulnerability
2026‑02‑21 · CVE-2025-24053
MSRC 2026‑02‑21 Élevée
CVE-2025-29807
Microsoft Dataverse Remote Code Execution Vulnerability
2026‑02‑21 · CVE-2025-29807
MSRC 2026‑02‑21 Élevée
CVE-2025-29795
Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability
2026‑02‑21 · CVE-2025-29795
MSRC 2026‑02‑21 Élevée
CVE-2025-24081
Microsoft Excel Remote Code Execution Vulnerability
2026‑02‑21 · CVE-2025-24081
MSRC 2026‑02‑21 Élevée
CVE-2025-24082
Microsoft Excel Remote Code Execution Vulnerability
2026‑02‑21 · CVE-2025-24082
MSRC 2026‑02‑21 Élevée
CVE-2025-24075
Microsoft Excel Remote Code Execution Vulnerability
2026‑02‑21 · CVE-2025-24075
MSRC 2026‑02‑21 Élevée
CVE-2025-24072
Microsoft Local Security Authority (LSA) Server Elevation of Privilege Vulnerability
2026‑02‑21 · CVE-2025-24072
MSRC 2026‑02‑21 Élevée
CVE-2025-26633
Microsoft Management Console Security Feature Bypass Vulnerability
2026‑02‑21 · CVE-2025-26633
MSRC 2026‑02‑21 Élevée
CVE-2025-24057
Microsoft Office Remote Code Execution Vulnerability
2026‑02‑21 · CVE-2025-24057
MSRC 2026‑02‑21 Élevée
CVE-2025-24080
Microsoft Office Remote Code Execution Vulnerability
2026‑02‑21 · CVE-2025-24080
MSRC 2026‑02‑21 Élevée
CVE-2025-24083
Microsoft Office Remote Code Execution Vulnerability
2026‑02‑21 · CVE-2025-24083
MSRC 2026‑02‑21 Élevée
CVE-2025-26629
Microsoft Office Remote Code Execution Vulnerability
2026‑02‑21 · CVE-2025-26629
MSRC 2026‑02‑21 Élevée
CVE-2025-24076
Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability
2026‑02‑21 · CVE-2025-24076
MSRC 2026‑02‑21 Élevée
CVE-2025-24994
Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability
2026‑02‑21 · CVE-2025-24994
MSRC 2026‑02‑21 Élevée
CVE-2025-24077
Microsoft Word Remote Code Execution Vulnerability
2026‑02‑21 · CVE-2025-24077
MSRC 2026‑02‑21 Élevée
CVE-2025-24078
Microsoft Word Remote Code Execution Vulnerability
2026‑02‑21 · CVE-2025-24078
MSRC 2026‑02‑21 Élevée
CVE-2025-24079
Microsoft Word Remote Code Execution Vulnerability
2026‑02‑21 · CVE-2025-24079
MSRC 2026‑02‑21 Élevée
CVE-2023-52935
mm/khugepaged: fix ->anon_vma race
2026‑02‑21 · CVE-2023-52935
MSRC 2026‑02‑21 Élevée
CVE-2024-48615
Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function header_pax_extension at rchive_read_support_format_tar.c:1844:8.
2026‑02‑21 · CVE-2024-48615
MSRC 2026‑02‑21 Élevée
CVE-2025-24855
numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.
2026‑02‑21 · CVE-2025-24855
MSRC 2026‑02‑21 Élevée
CVE-2025-21887
ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up
2026‑02‑21 · CVE-2025-21887
MSRC 2026‑02‑21 Élevée
CVE-2025-27152
Possible SSRF and Credential Leakage via Absolute URL in axios Requests
2026‑02‑21 · CVE-2025-27152
MSRC 2026‑02‑21 Élevée
CVE-2025-26645
Remote Desktop Client Remote Code Execution Vulnerability
2026‑02‑21 · CVE-2025-26645
MSRC 2026‑02‑21 Élevée
CVE-2024-58069
rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read
2026‑02‑21 · CVE-2024-58069
MSRC 2026‑02‑21 Élevée
CVE-2025-21856
s390/ism: add release function for struct device
2026‑02‑21 · CVE-2025-21856
MSRC 2026‑02‑21 Élevée
CVE-2025-1736
Stream HTTP wrapper header check might omit basic auth header
2026‑02‑21 · CVE-2025-1736
MSRC 2026‑02‑21 Élevée
Page 1

Remarque

Cette page n’est pas un "scanner". Elle agrège des avis de sources fiables et aide à prioriser.

Pour des revues de sécurité et un durcissement pragmatique : Security Check.