Export limit exceeded: 366368 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366368 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-49804 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2026-07-14 | 6.6 Medium |
| Heap-based buffer overflow in Windows USB Video Driver allows an unauthorized attacker to elevate privileges with a physical attack. | ||||
| CVE-2026-54987 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2026-07-14 | 7.8 High |
| Heap-based buffer overflow in Windows Overlay Filter allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-42982 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2026-07-14 | 7.8 High |
| Improper validation of consistency within input in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-55014 | 1 Microsoft | 1 Windows-remote-help | 2026-07-14 | 7.8 High |
| Improper access control in Windows Remote Help Defense allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-50299 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2026-07-14 | 6.8 Medium |
| Integer overflow or wraparound in Windows Storage Spaces Direct allows an unauthorized attacker to execute code with a physical attack. | ||||
| CVE-2026-45496 | 1 Microsoft | 1 Visual Studio Code | 2026-07-14 | 5.5 Medium |
| Improper limitation of a pathname to a restricted directory ('path traversal') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2026-47282 | 1 Microsoft | 1 Visual Studio Code | 2026-07-14 | 6.5 Medium |
| Insufficiently protected credentials in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-49784 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more | 2026-07-14 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Windows App Store allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-49796 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-14 | 7.8 High |
| Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-57979 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2026-07-14 | 6.5 Medium |
| Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-56185 | 1 Microsoft | 1 Windows Admin Center | 2026-07-14 | 6.5 Medium |
| Improper authentication in Windows Admin Center allows an authorized attacker to disclose information over a network. | ||||
| CVE-2026-49783 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more | 2026-07-14 | 7.8 High |
| Improperly implemented security check for standard in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. | ||||
| CVE-2026-54127 | 1 Microsoft | 5 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 2 more | 2026-07-14 | 7.4 High |
| Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2026-49184 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-14 | 8.4 High |
| Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-15703 | 1 Sourcecodester | 1 Simple And Nice Shopping Cart Script | 2026-07-14 | 7.3 High |
| A vulnerability was detected in SourceCodester Simple and Nice Shopping Cart Script 1.0. This vulnerability affects unknown code of the file /admin/userproductdeletequery.php. Performing a manipulation of the argument user_id results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. | ||||
| CVE-2026-9108 | 1 Rockwellautomation | 1 Studio 5000 Logix Designer | 2026-07-14 | N/A |
| A path traversal security issue exists within Studio 5000 Logix Designer® due to improper limitation of file paths within ACD project files. The software does not sanitize or validate file names embedded in the ACD file structure during the project opening procedure, allowing path traversal sequences to escape the intended extraction directory. If exploited, an attacker could craft a malicious ACD project file that results in arbitrary files being written to attacker-controlled locations on the file system, potentially leading to code execution. | ||||
| CVE-2026-9128 | 1 Rockwellautomation | 1 Studio 5000 Logix Designer | 2026-07-14 | N/A |
| A code execution security issue exists within Studio 5000 Logix Designer® due to an unquoted search path in the External Tools configuration. The executable paths specified in the external tools configuration file are not properly quoted, and because these paths contain spaces, the operating system may resolve them to unintended executables placed earlier in the search order. If exploited, an attacker could plant a malicious executable in a location within the search path, resulting in arbitrary code execution with the same permissions of the user running the application. | ||||
| CVE-2026-38969 | 1 Ruby | 1 Webrick | 2026-07-14 | 6.5 Medium |
| DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | ||||
| CVE-2026-59891 | 2026-07-14 | 9.6 Critical | ||
| sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 0.7.1, getRegistryCredentials() reads credentials from the Docker config file and selects an entry by checking whether any configured auth key contains the target registry string. Because this is a substring match rather than an exact host match, credentials configured for one registry can be selected for and transmitted to a different registry whose hostname has a substring relationship with a configured auth key. This issue is fixed in version 0.7.1. | ||||
| CVE-2026-14646 | 1 Sonatype | 1 Nexus Repository Manager | 2026-07-14 | N/A |
| Nexus Repository 3 did not apply its existing Server-Side Request Forgery (SSRF) protections to HTTP redirect targets returned by proxy repository upstream servers. Any user with read access to a proxy repository backed by an attacker-controlled or compromised upstream server — including an anonymous user, if anonymous access is enabled — could receive a response from an internal network address or cloud metadata endpoint as repository content, potentially exposing sensitive information such as cloud IAM credentials. | ||||