Export limit exceeded: 366567 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 366567 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 366567 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366567 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-50402 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-15 7.8 High
Incorrect conversion between numeric types in Windows NTFS allows an authorized attacker to elevate privileges locally.
CVE-2026-50438 1 Microsoft 1 Pc Manager 2026-07-15 8.8 High
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-54118 1 Microsoft 15 Microsoft Sql Server 2016 Service Pack 3 (gdr), Microsoft Sql Server 2016 Service Pack 3 Azure Connect Feature Pack, Microsoft Sql Server 2017 (cu 31) and 12 more 2026-07-15 8.8 High
Deserialization of untrusted data in SQL Server allows an authorized attacker to execute code over a network.
CVE-2026-50329 1 Microsoft 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more 2026-07-15 7.8 High
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-12512 2026-07-15 8.6 High
The Quotes llama WordPress plugin before 3.1.6 does not properly sanitize and escape a user-supplied parameter before using it in a SQL query, allowing unauthenticated attackers to perform UNION-based SQL injection and read arbitrary data from the database, including password hashes.
CVE-2026-50439 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-15 8.1 High
Use after free in Microsoft Message Queuing Queue Manager allows an unauthorized attacker to execute code over a network.
CVE-2026-56169 1 Microsoft 1 Windows Admin Center 2026-07-15 8.1 High
Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
CVE-2026-50518 1 Microsoft 8 Windows 10 1607, Windows 10 1809, Windows Server 2012 and 5 more 2026-07-15 9.8 Critical
Heap-based buffer overflow in Windows DHCP Server allows an unauthorized attacker to execute code over a network.
CVE-2026-54128 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-15 8.4 High
Use after free in Windows DHCP Client allows an unauthorized attacker to execute code locally.
CVE-2026-50683 1 Microsoft 8 Windows 10 1607, Windows 10 1809, Windows Server 2012 and 5 more 2026-07-15 8 High
Heap-based buffer overflow in Windows DHCP Server allows an authorized attacker to elevate privileges over an adjacent network.
CVE-2026-5040 2026-07-15 N/A
TP-Link Deco M5 v1 uses a weak password hashing mechanism to store user credentials. An attacker who obtains the password hash through system compromise or privileged access could perform brute-force or dictionary attacks. Successful exploitation may result in disclosure of authentication credentials, enabling unauthorized access to device management functions, depending on the privileges associated with the recovered password. The primary security impact is loss of confidentiality.
CVE-2026-47992 2026-07-15 7.2 High
Adobe Commerce is affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could exploit this vulnerability to execute malicious SQL commands, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue does not require user interaction.
CVE-2026-48356 2026-07-15 9.6 Critical
Adobe Commerce is affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.
CVE-2026-48358 2026-07-15 9.1 Critical
Adobe Commerce is affected by an Improper Encoding or Escaping of Output vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.
CVE-2026-49164 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-15 8.1 High
Heap-based buffer overflow in Active Directory Domain Services allows an unauthorized attacker to execute code over a network.
CVE-2026-49178 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-15 8.8 High
Heap-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code over a network.
CVE-2026-57107 1 Microsoft 1 Windows Admin Center 2026-07-15 7.8 High
Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges locally.
CVE-2026-24245 1 Nvidia 1 Megatron-bridge 2026-07-15 7.8 High
NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
CVE-2026-14385 1 Google 1 Chrome 2026-07-15 8.8 High
Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
CVE-2026-14407 1 Google 1 Chrome 2026-07-15 8.8 High
Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)