Search Results (23232 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-45463 1 Microsoft 9 365 Apps, Office, Office 2016 and 6 more 2026-07-08 8.4 High
Integer underflow (wrap or wraparound) in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-45457 1 Microsoft 7 365 Apps, Microsoft 365, Office 2021 and 4 more 2026-07-08 7.8 High
Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-45455 1 Microsoft 10 365 Apps, Excel 2016, Microsoft 365 Apps For Enterprise and 7 more 2026-07-08 3.3 Low
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-47652 1 Microsoft 11 Windows 11 23h2, Windows 11 23h2, Windows 11 24h2 and 8 more 2026-07-08 8.2 High
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.
CVE-2026-47635 1 Microsoft 1 Office 2024 2026-07-08 8.4 High
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-45641 1 Microsoft 15 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 12 more 2026-07-08 8.4 High
Access of resource using incompatible type ('type confusion') in Windows Hyper-V allows an unauthorized attacker to execute code locally.
CVE-2026-45460 1 Microsoft 8 365 Apps, Office, Office 2019 and 5 more 2026-07-08 4.7 Medium
Buffer over-read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-44820 1 Microsoft 11 365 Apps, Excel, Excel 2016 and 8 more 2026-07-08 7.8 High
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-15165 1 Wireshark 1 Wireshark 2026-07-08 5.5 Medium
TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows denial of service
CVE-2026-15170 1 Wireshark 1 Wireshark 2026-07-08 5.5 Medium
Z39.50 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
CVE-2026-15167 1 Wireshark 1 Wireshark 2026-07-08 7.5 High
DBS Etherwatch file parser crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
CVE-2026-15169 1 Wireshark 1 Wireshark 2026-07-08 5.5 Medium
UMTS FP protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
CVE-2026-15174 1 Wireshark 1 Wireshark 2026-07-08 5.5 Medium
Catapult DCT2000 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
CVE-2026-15166 1 Wireshark 1 Wireshark 2026-07-08 5.5 Medium
IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
CVE-2026-11610 1 Redhat 10 Directory Server, Directory Server E4s, Enterprise Linux and 7 more 2026-07-08 8.8 High
A heap buffer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base). After a successful SASL bind with integrity protection (SSF > 0), an authenticated attacker can send a specially crafted oversized LDAP UNBIND packet that is copied into a 512-byte heap receive buffer without a bounds check in sasl_io_recv() in sasl_io.c. This allows up to approximately 2 megabytes of attacker-controlled data to overflow the buffer, causing a denial of service (server crash). In FreeIPA and Red Hat Identity Management deployments, any domain user with a valid Kerberos ticket, any enrolled host, or any service account can trigger this vulnerability over the network after authenticating via GSSAPI. The vulnerable code path has existed since approximately 2013 (389-ds-base 1.3.2) and was not addressed by the CVE-2025-14905 fix, which patched a separate heap overflow in schema.c only.
CVE-2026-50811 1 Freetype 1 Freetype 2026-07-08 6.5 Medium
An out-of-bounds read vulnerability exists in FreeType 2.14.3 and versions before commit 5a280ecde6f324de0d226261036e736e0cb49a71 in src/truetype/ttgxvar.c, in the TT_Get_Var_Design implementation used by FT_Get_Var_Design_Coordinates
CVE-2026-57869 2026-07-08 N/A
Broken object-level access controls and the use of a deterministic pattern during random ID generation in MicroRealEstate allows attackers to access documents uploaded by landlords or tenants without authorization. This issue affects MicroRealEstate: through 1.0.0-alpha3.
CVE-2026-15173 2026-07-08 4.7 Medium
pcapng file parser crash in Wireshark 4.6.0 to 4.6.6 allows denial of service
CVE-2026-15164 2026-07-08 5.5 Medium
Crash in ciscodump 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
CVE-2026-56002 1 X.org 1 Libxfont2 2026-07-08 8.5 High
A heap bufferflow in pcfReadFont() due to missing glyph bounds checking in libXfont2 before 2.0.8  allows attackers authenticated as X client to execute code within the X server.