Export limit exceeded: 85668 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (85668 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-41006 2 Spring, Vmware 2 Hateoas, Spring Hateoas 2026-06-11 7.5 High
Spring HATEOAS's internal PropertyUtils.createObjectFromProperties method, used by the Collection+JSON and UBER media type deserializers, performs bean property binding via reflection without consulting Jackson access-control annotations. Affected versions: Spring HATEOAS 1.5.0 through 1.5.6; 2.3.0 through 2.3.4; 2.4.0 through 2.4.1; 2.5.0 through 2.5.2; 3.0.0 through 3.0.3.
CVE-2026-41108 1 Microsoft 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more 2026-06-11 7 High
Heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privileges locally.
CVE-2026-42829 1 Microsoft 6 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 3 more 2026-06-11 7.8 High
Improper access control in Windows Administrator Protection allows an authorized attacker to bypass a security feature locally.
CVE-2026-42836 1 Microsoft 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more 2026-06-11 7 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-42979 1 Microsoft 18 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 15 more 2026-06-11 7.8 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-41007 2 Spring, Vmware 2 Spring Hateoas, Spring Hateoas 2026-06-11 7.5 High
Spring HATEOAS maintains an unbounded static cache of StringLinkRelation instances keyed on attacker-supplied strings. Affected versions: Spring HATEOAS 1.5.0 through 1.5.6; 2.3.0 through 2.3.4; 2.4.0 through 2.4.1; 2.5.0 through 2.5.2; 3.0.0 through 3.0.3.
CVE-2026-42981 1 Microsoft 11 Windows 11 23h2, Windows 11 23h2, Windows 11 24h2 and 8 more 2026-06-11 8.1 High
Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.
CVE-2026-42983 1 Microsoft 18 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 15 more 2026-06-11 7.8 High
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-42837 1 Microsoft 18 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 15 more 2026-06-11 7.8 High
Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-42905 1 Microsoft 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more 2026-06-11 7.8 High
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-40998 1 Spring 1 Spring Web Services 2026-06-11 8.2 High
Jaxp13XPathTemplate evaluated XPath expressions for StreamSource and SAXSource inputs using a code path that parsed attacker-controlled XML with the JDK's default DocumentBuilderFactory behavior instead of Spring's hardened parser configuration. Applications that evaluate XPath against untrusted XML payloads could therefore be exposed to XML External Entity (XXE) style attacks. Affected versions: Spring Web Services 5.0.0 through 5.0.1; 4.1.0 through 4.1.3; 4.0.0 through 4.0.18; 3.1.0 through 3.1.8.
CVE-2026-40999 1 Spring 1 Spring Web Services 2026-06-11 8.6 High
When WS-Addressing is used with non-anonymous ReplyTo or FaultTo addresses, Spring WS may initiate outbound connections through configured WebServiceMessageSender instances to destinations taken directly from request headers without verifying that those destinations are safe to connect to. Affected versions: Spring Web Services 5.0.0 through 5.0.1; 4.1.0 through 4.1.3; 4.0.0 through 4.0.18; 3.1.0 through 3.1.8.
CVE-2026-41845 2 Spring, Vmware 2 Spring Framework, Spring Framework 2026-06-11 7.1 High
Due to incorrect escaping, the use of JavaScriptUtils.javaScriptEscape() may lead to JavaScript code injection in the browser, potentially resulting in a cross-site scripting (XSS) vulnerability. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
CVE-2026-42986 1 Microsoft 27 Graphics Component, Windows 10 1607, Windows 10 1809 and 24 more 2026-06-11 7.8 High
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2023-33999 2 Wordpress, Wpvibes 2 Wordpress, Wp Mail Log 2026-06-11 7.1 High
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in WPVibes WP Mail Log allows DOM-Based XSS. This issue affects WP Mail Log: from n/a through 1.0.2.
CVE-2026-44693 1 Pi-hole 1 Ftl 2026-06-11 8.8 High
Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. Prior to version 6.6.1, Pi-hole FTL contains a race condition vulnerability in the HTTP session management subsystem, introduced with the v6.0 rewrite of the embedded CivetWeb-based web server. This issue has been patched in version 6.6.1.
CVE-2026-42987 1 Microsoft 12 Windows Server 2012, Windows Server 2012 (server Core Installation), Windows Server 2012 R2 and 9 more 2026-06-11 8.1 High
Use after free in Windows Deployment Services allows an unauthorized attacker to execute code over a network.
CVE-2026-42989 1 Microsoft 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more 2026-06-11 7.8 High
Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.
CVE-2026-42991 1 Microsoft 18 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 15 more 2026-06-11 7.8 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-45458 1 Microsoft 13 365 Apps, Microsoft 365, Office 2019 and 10 more 2026-06-11 8.4 High
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.