Export limit exceeded: 366624 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 366624 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366624 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-11578 2026-07-14 N/A
The Fluent Forms WordPress plugin before 6.2.5 does not properly restrict the deletion of form submission entries to the forms a restricted Manager is authorized to manage, allowing a Manager limited to specific forms to permanently delete submission entries belonging to other forms. This requires a non-default configuration in which an administrator has created at least one Manager restricted to specific forms.
CVE-2026-9127 1 Rockwellautomation 1 Studio 5000 Logix Designer 2026-07-14 N/A
A remote code execution security issue exists within Studio 5000 Logix Designer® due to incorrect authorization on a configuration file. This can allow any authenticated user to modify the paths of external tools configured within the application. If exploited, an attacker could alter the configuration to point to a malicious executable, resulting in arbitrary code execution when any user interacts with the external tools functionality.
CVE-2026-59197 1 Python-pillow 1 Pillow 2026-07-14 8.2 High
Pillow is a Python imaging library. Prior to 12.3.0, Pillow's public rank-filter API can trigger a native heap out-of-bounds write when given a very large odd filter size because ImageFilter.RankFilter.filter() calls image.expand(size // 2, size // 2) before rank-filter size validation and ImagingExpand() computes output dimensions with unchecked signed int arithmetic. This issue is fixed in version 12.3.0.
CVE-2026-58629 1 Microsoft 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more 2026-07-14 7 High
Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.
CVE-2026-7494 1 Sonatype 1 Nexus Repository Manager 2026-07-14 N/A
Nexus Repository 3 is vulnerable to Server-Side Request Forgery (SSRF) via the SSL Certificate Retrieval endpoint. A user holding the nexus:ssl-truststore:read permission could cause the server to initiate outbound connections to internal or otherwise restricted network hosts. This issue affects Nexus Repository 3.0.0 through versions prior to 3.94.0.
CVE-2026-58543 1 Microsoft 4 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 1 more 2026-07-14 6.3 Medium
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges with a physical attack.
CVE-2026-58537 1 Microsoft 4 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 1 more 2026-07-14 7.8 High
Use after free in Microsoft NAT Helper Components (ipnathlp.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-57982 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-14 6.5 Medium
Use of uninitialized resource in Windows RDP allows an authorized attacker to disclose information over a network.
CVE-2026-57083 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-14 5.5 Medium
Use of uninitialized resource in Microsoft Windows Codecs Library allows an unauthorized attacker to disclose information locally.
CVE-2026-56192 1 Microsoft 11 365 Apps, Office 2016, Office 2019 and 8 more 2026-07-14 5.5 Medium
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-56184 1 Microsoft 7 Windows 10 21h2, Windows 10 22h2, Windows 11 24h2 and 4 more 2026-07-14 5.5 Medium
Exposure of sensitive information to an unauthorized actor in Windows Win32K allows an authorized attacker to disclose information locally.
CVE-2026-55135 1 Microsoft 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 2026-07-14 4.6 Medium
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-55057 1 Microsoft 8 365 Apps, Office 2016, Office 2019 and 5 more 2026-07-14 5.5 Medium
Integer overflow or wraparound in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-55124 1 Microsoft 11 365 Apps, Office 2019, Office 2021 and 8 more 2026-07-14 5.5 Medium
Improper validation of specified type of input in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-55050 1 Microsoft 11 365 Apps, Office 2019, Office 2021 and 8 more 2026-07-14 5.5 Medium
Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-55027 1 Microsoft 11 365 Apps, Office 2016, Office 2019 and 8 more 2026-07-14 5.5 Medium
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-55026 1 Microsoft 11 365 Apps, Office 2016, Office 2019 and 8 more 2026-07-14 6.2 Medium
Integer overflow or wraparound in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-55020 1 Microsoft 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 2026-07-14 4.6 Medium
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-50682 1 Microsoft 7 Windows 10 21h2, Windows 10 22h2, Windows 11 24h2 and 4 more 2026-07-14 7.1 High
Out-of-bounds read in Windows Active Directory allows an authorized attacker to deny service over a network.
CVE-2026-50666 1 Microsoft 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more 2026-07-14 8.8 High
Use after free in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges over a network.