Export limit exceeded: 367167 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 367167 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 367167 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (87074 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-36819 1 Tenda 1 W20e 2026-06-10 7.5 High
Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the bindMACAddr parameter of the fromSetDhcpRules function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVE-2026-36822 1 Tenda 1 W20e 2026-06-10 7.5 High
Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the macAddr parameter of the formDelStaState function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVE-2023-29146 1 Malwarebytes 1 Endpoint Detection And Response 2026-06-10 8.2 High
The utility functions used by Malwarebytes EDR 1.0.11 on Linux for calculating a cryptographic hash of data bytes truncate the hashed data if it exceeds 4GB. This leads to an integer wrap-around if the data is larger than the maximum unsigned integer value (32-bit). Attackers could create a colliding hash value for two different strings by attaching 4GB of data to a string that is less than 4GB in size.
CVE-2026-36770 1 Tenda 1 Us W3v1.0br 2026-06-10 7.5 High
Shenzhen Tenda Technology Co., Ltd Tenda US_W3V1.0BR v1.0.0.3 was discovered to contain a stack overflow in the Go parameter of the ask_to_reboot function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2026-45476 1 Microsoft 2 Linux Kernel - Microsoft Mana Network Driver, Linux Kernel Mana Network Driver 2026-06-10 8.2 High
Use after free in Linux MANA Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-8863 7 Baramundi Software, Blancco Uk, Finland Matriculation Board and 4 more 12 Baramundi Management Suite, Whitecanyon Wipedrive, Abitti 1 and 9 more 2026-06-10 7.8 High
Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the operating system loads. Specific UEFI DBX update is required to block these vulnerable boot loaders.
CVE-2026-3326 2 Wordpress, Xstore 2 Wordpress, Xstore 2026-06-10 8.6 High
The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
CVE-2026-8071 2 Cleantalk, Wordpress 2 Spam Protection, Wordpress 2026-06-10 8.8 High
The Anti-Spam by CleanTalk. Spam protection WordPress plugin before 6.79 does not properly sanitize content within a custom shortcode used in its email-encoding feature, allowing unauthenticated attackers to inject arbitrary web scripts into approved comments that will execute when any user (including administrators) views the post.
CVE-2026-39169 1 Sem-cms 1 Semcms 2026-06-10 7.5 High
SEMCMS 5.0 is vulnerable to unauthorized access in SEMCMS_copy.php.
CVE-2026-44803 1 Microsoft 29 Excel, Powerpoint, Windows 10 1607 and 26 more 2026-06-10 7.8 High
Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
CVE-2026-44812 1 Microsoft 29 Excel, Powerpoint, Windows 10 1607 and 26 more 2026-06-10 7.8 High
Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
CVE-2026-45583 1 Microsoft 3 Exchange Server 2016, Exchange Server 2019, Exchange Server Se 2026-06-10 7.5 High
Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network.
CVE-2026-45649 1 Microsoft 6 Excel, Excel For Android, Powerpoint and 3 more 2026-06-10 7.1 High
Improper access control in Office for Android allows an unauthorized attacker to perform spoofing locally.
CVE-2026-32193 1 Microsoft 1 Azure Kubernetes Service 2026-06-10 8.8 High
Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Azure Kubernetes Service allows an authorized attacker to execute code locally.
CVE-2026-49161 1 Microsoft 1 Pc Manager 2026-06-10 7.8 High
Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security feature locally.
CVE-2026-40371 1 Microsoft 2 Dynamics 365, Dynamics 365 Server 2026-06-10 8.8 High
Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to elevate privileges over a network.
CVE-2026-47293 1 Microsoft 4 365 Apps, Office 2019, Office 2021 and 1 more 2026-06-10 7 High
Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
CVE-2026-44751 1 Sap Se 1 Sap Netweaver And Abap Platform 2026-06-10 7.1 High
Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an attacker to execute a report generation command which could overwrite information belonging to another user, resulting in escalation of privileges. This has high impact on integrity with low impact on availability and no impact on confidentiality of the application.
CVE-2026-11640 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2026-06-10 8.3 High
Integer overflow in libyuv in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-11677 2 Apple, Google 2 Macos, Chrome 2026-06-10 8.3 High
Race in Network in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the network process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)