Export limit exceeded: 366566 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366566 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-50470 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-15 7.5 High
Out-of-bounds read in Windows Network Policy Server SNMP allows an unauthorized attacker to disclose information over a network.
CVE-2026-50502 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-15 8 High
Insufficient granularity of access control in Windows Event Logging Service allows an authorized attacker to execute code over a network.
CVE-2026-50496 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-15 7.5 High
Out-of-bounds read in Windows Network Policy Server SNMP allows an unauthorized attacker to disclose information over a network.
CVE-2026-50680 1 Microsoft 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more 2026-07-15 8.2 High
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
CVE-2026-50686 1 Microsoft 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more 2026-07-15 8.1 High
Access of resource using incompatible type ('type confusion') in Windows OLE allows an unauthorized attacker to execute code over a network.
CVE-2026-55019 1 Microsoft 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 2026-07-15 4.6 Medium
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-50495 1 Microsoft 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more 2026-07-15 6.1 Medium
Improper access control in Microsoft Windows DNS allows an authorized attacker to perform tampering locally.
CVE-2026-56173 1 Microsoft 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more 2026-07-15 7 High
Use after free in Windows WebView allows an authorized attacker to elevate privileges locally.
CVE-2026-56183 1 Microsoft 3 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 2026-07-15 7 High
Use after free in Windows MIDI Service Module allows an authorized attacker to elevate privileges locally.
CVE-2026-50665 1 Microsoft 8 365 Apps, Office 2016, Office 2019 and 5 more 2026-07-15 7.8 High
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-56642 2 Fabric, Microsoft 2 Data Warehouse, Service Fabric 2026-07-15 8.8 High
Stack-based buffer overflow in Microsoft Fabric Data Warehouse allows an authorized attacker to execute code over a network.
CVE-2026-50483 1 Microsoft 4 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 1 more 2026-07-15 5.5 Medium
Exposure of sensitive information to an unauthorized actor in Microsoft Graphics Component allows an authorized attacker to disclose information locally.
CVE-2026-57089 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-15 7.5 High
Use after free in Windows SMB Server Network Transport Driver (srvnet.sys) allows an unauthorized attacker to execute code over a network.
CVE-2026-58628 1 Microsoft 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more 2026-07-15 7.8 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Wireless Networking allows an authorized attacker to elevate privileges locally.
CVE-2026-58638 1 Microsoft 12 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 9 more 2026-07-15 6 Medium
Missing cryptographic step in Windows Boot Loader allows an authorized attacker to bypass a security feature locally.
CVE-2026-48784 2026-07-15 N/A
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.53, 6.4.41, 7.4.13, and 8.0.13, UrlGenerator::doGenerate() used strtr() dot-segment encoding that skipped every other chained ../ or ./ segment, allowing attacker-controlled route parameters to generate URLs that collapse to a different path under RFC 3986 normalization. This issue is fixed in versions 5.4.53, 6.4.41, 7.4.13, and 8.0.13.
CVE-2026-48038 2026-07-15 5.3 Medium
joi is a schema description language and data validator for JavaScript. Prior to 17.13.4 and 18.2.1, denial of service is possible via an untrapped exception in services validating user-supplied JSON or object input with recursive link() schemas. When validate() is called without try/catch in a request handler, deeply nested input can trigger an unhandled RangeError and potentially crash the process; lower-impact paths using validateAsync() or try/catch produce a RangeError instead of a structured ValidationError. This issue is fixed in versions 17.13.4 and 18.2.1.
CVE-2026-48069 2026-07-15 7.5 High
@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4, an invalid incoming compressed message can cause a client or server process that uses @grpc/grpc-js to crash. This issue is fixed in versions 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4.
CVE-2026-50663 1 Microsoft 2 Age Of Empires Ii, Age Of Empires Ii 2026-07-15 8.8 High
Relative path traversal in Age of Empires II: Definitive Edition Game allows an unauthorized attacker to execute code over a network.
CVE-2026-53486 2026-07-15 9.1 Critical
The decompress package for Node.js extracts archives. Prior to 10.2.1 and 11.1.3, archive extraction can create files and links outside the target directory. When extracting an archive to a directory, a crafted archive can read or write files outside that directory because hardlink and symlink entries are created without checking where targets point, path containment used a string prefix comparison, and file modes failed to remove setuid, setgid, or sticky bits. This issue is fixed in @xhmikosr/decompress versions 10.2.1 and 11.1.3.