Export limit exceeded: 366042 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366042 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-48581 | 1 Microsoft | 10 Surface Go 2, Surface Go 3, Surface Hub and 7 more | 2026-07-14 | 7.8 High |
| Insufficient granularity of access control in Microsoft Surface allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-49183 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2026-07-14 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Clipboard Server allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-49789 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-14 | 7.3 High |
| Stack-based buffer overflow in Windows NTFS allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-45756 | 2026-07-14 | N/A | ||
| Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 7.3.0-BETA1 until 7.4.12 and 8.0.12, the JsonPath component compiles attacker-controlled match() and search() filter patterns directly into preg_match() without a length cap, i-regexp restriction, or bounded backtracking, allowing catastrophic-backtracking expressions to pin worker CPU and cause denial of service. This issue is fixed in versions 7.4.12 and 8.0.12. | ||||
| CVE-2026-49795 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2026-07-14 | 8.8 High |
| Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-50311 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-14 | 7.8 High |
| Improper access control in Windows Server allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-49801 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-14 | 5.5 Medium |
| Use of uninitialized resource in Windows SMB allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-49807 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2026-07-14 | 6.2 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows DirectX allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2026-50297 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-14 | 7 High |
| Improper access control in Windows Win32K allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-50364 | 1 Microsoft | 5 Windows 10 21h2, Windows 10 22h2, Windows 11 24h2 and 2 more | 2026-07-14 | 7.3 High |
| Improper link resolution before file access ('link following') in Windows Server Backup allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-54989 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-14 | 7 High |
| Use after free in Quality Windows Audio/Video Experience (QWAVE) service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-56197 | 1 Microsoft | 1 Windows Admin Center | 2026-07-14 | 8.8 High |
| Improper neutralization of special elements used in a command ('command injection') in Windows Admin Center allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-58540 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-14 | 7.8 High |
| Improper authorization in Windows Installer allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-57094 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more | 2026-07-14 | 8.8 High |
| Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-54058 | 1 Python-pillow | 1 Pillow | 2026-07-14 | N/A |
| Pillow is a Python imaging library. Prior to 12.3.0, when Pillow loads an uncompressed McIdas AREA image from a filename through the mmap raw codec path, attacker-controlled header words can set a row stride smaller than the natural row width, causing pixel access such as Image.tobytes(), getpixel, convert, or save to read beyond the mapped region and disclose adjacent process memory or fault. This issue is fixed in version 12.3.0. | ||||
| CVE-2026-57088 | 1 Microsoft | 4 Windows 10 1809, Windows Server 2019, Windows Server 2022 and 1 more | 2026-07-14 | 7.8 High |
| Improper access control in Extensible Storage Engine (ESENT) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-45066 | 2026-07-14 | N/A | ||
| Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0-BETA1 until 6.4.40, 7.4.12, and 8.0.12, HtmlSanitizer URL sanitization can allow off-allowlist URLs through allowLinkHosts() or allowMediaHosts() because UrlSanitizer::parse() follows RFC 3986 while browsers follow WHATWG URL parsing, and because <area href> is checked against the media policy rather than the link policy. This issue is fixed in versions 6.4.40, 7.4.12, and 8.0.12. | ||||
| CVE-2026-55009 | 1 Microsoft | 3 Exchange Server 2016, Exchange Server 2019, Exchange Server Se | 2026-07-14 | 7.8 High |
| Deserialization of untrusted data in Microsoft Exchange Server allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-58547 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2026-07-14 | 5.5 Medium |
| Heap-based buffer overflow in Universal Plug and Play (upnp.dll) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-58534 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more | 2026-07-14 | 8.8 High |
| Heap-based buffer overflow in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally. | ||||