Export limit exceeded: 85849 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (85849 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-8863 7 Baramundi Software, Blancco Uk, Finland Matriculation Board and 4 more 12 Baramundi Management Suite, Whitecanyon Wipedrive, Abitti 1 and 9 more 2026-06-10 7.8 High
Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the operating system loads. Specific UEFI DBX update is required to block these vulnerable boot loaders.
CVE-2026-3326 2 Wordpress, Xstore 2 Wordpress, Xstore 2026-06-10 8.6 High
The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
CVE-2026-8071 2 Cleantalk, Wordpress 2 Spam Protection, Wordpress 2026-06-10 8.8 High
The Anti-Spam by CleanTalk. Spam protection WordPress plugin before 6.79 does not properly sanitize content within a custom shortcode used in its email-encoding feature, allowing unauthenticated attackers to inject arbitrary web scripts into approved comments that will execute when any user (including administrators) views the post.
CVE-2026-39169 1 Sem-cms 1 Semcms 2026-06-10 7.5 High
SEMCMS 5.0 is vulnerable to unauthorized access in SEMCMS_copy.php.
CVE-2026-44803 1 Microsoft 29 Excel, Powerpoint, Windows 10 1607 and 26 more 2026-06-10 7.8 High
Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
CVE-2026-44812 1 Microsoft 29 Excel, Powerpoint, Windows 10 1607 and 26 more 2026-06-10 7.8 High
Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
CVE-2026-45583 1 Microsoft 3 Exchange Server 2016, Exchange Server 2019, Exchange Server Se 2026-06-10 7.5 High
Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network.
CVE-2026-45649 1 Microsoft 6 Excel, Excel For Android, Powerpoint and 3 more 2026-06-10 7.1 High
Improper access control in Office for Android allows an unauthorized attacker to perform spoofing locally.
CVE-2026-32193 1 Microsoft 1 Azure Kubernetes Service 2026-06-10 8.8 High
Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Azure Kubernetes Service allows an authorized attacker to execute code locally.
CVE-2026-49161 1 Microsoft 1 Pc Manager 2026-06-10 7.8 High
Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security feature locally.
CVE-2026-40371 1 Microsoft 2 Dynamics 365, Dynamics 365 Server 2026-06-10 8.8 High
Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to elevate privileges over a network.
CVE-2026-47293 1 Microsoft 4 365 Apps, Office 2019, Office 2021 and 1 more 2026-06-10 7 High
Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
CVE-2026-44751 1 Sap Se 1 Sap Netweaver And Abap Platform 2026-06-10 7.1 High
Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an attacker to execute a report generation command which could overwrite information belonging to another user, resulting in escalation of privileges. This has high impact on integrity with low impact on availability and no impact on confidentiality of the application.
CVE-2026-11640 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2026-06-10 8.3 High
Integer overflow in libyuv in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-11677 2 Apple, Google 2 Macos, Chrome 2026-06-10 8.3 High
Race in Network in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the network process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2026-11655 2 Apple, Google 2 Macos, Chrome 2026-06-10 8.3 High
Integer overflow in Media in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2026-11661 2 Google, Microsoft 2 Chrome, Windows 2026-06-10 8.3 High
Use after free in Views in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2026-11631 2 Google, Microsoft 2 Chrome, Windows 2026-06-10 8.3 High
Use after free in Aura in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-11660 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2026-06-10 8.3 High
Insufficient validation of untrusted input in New Tab Page in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2026-11667 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2026-06-10 7.5 High
Out of bounds read in WebRTC in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the GPU process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)