Export limit exceeded: 366566 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366566 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-50470 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-15 | 7.5 High |
| Out-of-bounds read in Windows Network Policy Server SNMP allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-50502 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-15 | 8 High |
| Insufficient granularity of access control in Windows Event Logging Service allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-50496 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-15 | 7.5 High |
| Out-of-bounds read in Windows Network Policy Server SNMP allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-50680 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2026-07-15 | 8.2 High |
| Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-50686 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2026-07-15 | 8.1 High |
| Access of resource using incompatible type ('type confusion') in Windows OLE allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-55019 | 1 Microsoft | 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 | 2026-07-15 | 4.6 Medium |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||||
| CVE-2026-50495 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2026-07-15 | 6.1 Medium |
| Improper access control in Microsoft Windows DNS allows an authorized attacker to perform tampering locally. | ||||
| CVE-2026-56173 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2026-07-15 | 7 High |
| Use after free in Windows WebView allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-56183 | 1 Microsoft | 3 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 | 2026-07-15 | 7 High |
| Use after free in Windows MIDI Service Module allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-50665 | 1 Microsoft | 8 365 Apps, Office 2016, Office 2019 and 5 more | 2026-07-15 | 7.8 High |
| Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2026-56642 | 2 Fabric, Microsoft | 2 Data Warehouse, Service Fabric | 2026-07-15 | 8.8 High |
| Stack-based buffer overflow in Microsoft Fabric Data Warehouse allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-50483 | 1 Microsoft | 4 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 1 more | 2026-07-15 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Microsoft Graphics Component allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-57089 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-15 | 7.5 High |
| Use after free in Windows SMB Server Network Transport Driver (srvnet.sys) allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-58628 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2026-07-15 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Wireless Networking allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-58638 | 1 Microsoft | 12 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 9 more | 2026-07-15 | 6 Medium |
| Missing cryptographic step in Windows Boot Loader allows an authorized attacker to bypass a security feature locally. | ||||
| CVE-2026-48784 | 2026-07-15 | N/A | ||
| Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.53, 6.4.41, 7.4.13, and 8.0.13, UrlGenerator::doGenerate() used strtr() dot-segment encoding that skipped every other chained ../ or ./ segment, allowing attacker-controlled route parameters to generate URLs that collapse to a different path under RFC 3986 normalization. This issue is fixed in versions 5.4.53, 6.4.41, 7.4.13, and 8.0.13. | ||||
| CVE-2026-48038 | 2026-07-15 | 5.3 Medium | ||
| joi is a schema description language and data validator for JavaScript. Prior to 17.13.4 and 18.2.1, denial of service is possible via an untrapped exception in services validating user-supplied JSON or object input with recursive link() schemas. When validate() is called without try/catch in a request handler, deeply nested input can trigger an unhandled RangeError and potentially crash the process; lower-impact paths using validateAsync() or try/catch produce a RangeError instead of a structured ValidationError. This issue is fixed in versions 17.13.4 and 18.2.1. | ||||
| CVE-2026-48069 | 2026-07-15 | 7.5 High | ||
| @grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4, an invalid incoming compressed message can cause a client or server process that uses @grpc/grpc-js to crash. This issue is fixed in versions 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4. | ||||
| CVE-2026-50663 | 1 Microsoft | 2 Age Of Empires Ii, Age Of Empires Ii | 2026-07-15 | 8.8 High |
| Relative path traversal in Age of Empires II: Definitive Edition Game allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-53486 | 2026-07-15 | 9.1 Critical | ||
| The decompress package for Node.js extracts archives. Prior to 10.2.1 and 11.1.3, archive extraction can create files and links outside the target directory. When extracting an archive to a directory, a crafted archive can read or write files outside that directory because hardlink and symlink entries are created without checking where targets point, path containment used a string prefix comparison, and file modes failed to remove setuid, setgid, or sticky bits. This issue is fixed in @xhmikosr/decompress versions 10.2.1 and 11.1.3. | ||||