Export limit exceeded: 341102 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341102 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-33992 | 2026-03-27 | N/A | ||
| pyLoad is a free and open-source download manager written in Python. Prior to version 0.5.0b3.dev97, PyLoad's download engine accepts arbitrary URLs without validation, enabling Server-Side Request Forgery (SSRF) attacks. An authenticated attacker can exploit this to access internal network services and exfiltrate cloud provider metadata. On DigitalOcean droplets, this exposes sensitive infrastructure data including droplet ID, network configuration, region, authentication keys, and SSH keys configured in user-data/cloud-init. Version 0.5.0b3.dev97 contains a patch. | ||||
| CVE-2026-33991 | 2026-03-27 | 8.8 High | ||
| WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file `html/socio/sistema/deletar_tag.php` uses `extract($_REQUEST)` on line 14 and directly concatenates the `$id_tag` variable into SQL queries on lines 16-17 without prepared statements or sanitization. Version 3.6.7 patches the vulnerability. | ||||
| CVE-2026-33936 | 2026-03-27 | 5.3 Medium | ||
| The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie-Hellman). Prior to version 0.19.2, an issue in the low-level DER parsing functions can cause unexpected exceptions to be raised from the public API functions. `ecdsa.der.remove_octet_string()` accepts truncated DER where the encoded length exceeds the available buffer. For example, an OCTET STRING that declares a length of 4096 bytes but provides only 3 bytes is parsed successfully instead of being rejected. Because of that, a crafted DER input can cause `SigningKey.from_der()` to raise an internal exception (`IndexError: index out of bounds on dimension 1`) rather than cleanly rejecting malformed DER (e.g., raising `UnexpectedDER` or `ValueError`). Applications that parse untrusted DER private keys may crash if they do not handle unexpected exceptions, resulting in a denial of service. Version 0.19.2 patches the issue. | ||||
| CVE-2026-26137 | 1 Microsoft | 3 365 Copilot Business Chat, 365 Copilot Chat, Exchange Online | 2026-03-27 | 9.9 Critical |
| Server-side request forgery (ssrf) in Microsoft Exchange allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-32187 | 1 Microsoft | 1 Edge Chromium | 2026-03-27 | 4.2 Medium |
| Microsoft Edge (Chromium-based) Defense in Depth Vulnerability | ||||
| CVE-2026-0385 | 1 Microsoft | 2 Edge, Edge For Android | 2026-03-27 | 5 Medium |
| Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability | ||||
| CVE-2026-26133 | 1 Microsoft | 33 365 Copilot Android, 365 Copilot For Android, 365 Copilot For Ios and 30 more | 2026-03-27 | 7.1 High |
| AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-26144 | 1 Microsoft | 1 365 Apps | 2026-03-27 | 7.5 High |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-26141 | 1 Microsoft | 1 Azure Automation Hybrid Worker Windows Extension | 2026-03-27 | 7.8 High |
| Improper authentication in Azure Arc allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-26130 | 2 Microsoft, Redhat | 2 Asp.net Core, Enterprise Linux | 2026-03-27 | 7.5 High |
| Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-26123 | 1 Microsoft | 3 Authenticator, Authenticator For Android, Authenticator For Ios | 2026-03-27 | 5.5 Medium |
| Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2026-26118 | 1 Microsoft | 4 Azure Mcp Server, Azure Mcp Server Tools, Azure Mcp Server Tools 1 and 1 more | 2026-03-27 | 8.8 High |
| Server-side request forgery (ssrf) in Azure MCP Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-26117 | 1 Microsoft | 1 Arc Enabled Servers Azure Connected Machine Agent | 2026-03-27 | 7.8 High |
| Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-26110 | 1 Microsoft | 9 365 Apps, Office, Office 2016 and 6 more | 2026-03-27 | 8.4 High |
| Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-26109 | 1 Microsoft | 13 365 Apps, Excel, Excel 2016 and 10 more | 2026-03-27 | 8.4 High |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-26108 | 1 Microsoft | 11 365 Apps, Excel, Excel 2016 and 8 more | 2026-03-27 | 7.8 High |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-26107 | 1 Microsoft | 11 365 Apps, Excel, Excel 2016 and 8 more | 2026-03-27 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-26106 | 1 Microsoft | 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 | 2026-03-27 | 8.8 High |
| Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-23665 | 1 Microsoft | 2 Azure Linux Virtual Machines Azure Diagnostics, Linux Diagnostic Extension | 2026-03-27 | 7.8 High |
| Heap-based buffer overflow in Azure Linux Virtual Machines allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-23662 | 1 Microsoft | 1 Azure Iot Explorer | 2026-03-27 | 7.5 High |
| Missing authentication for critical function in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network. | ||||