Export limit exceeded: 366088 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366088 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-15642 | 2026-07-14 | N/A | ||
| Insertion of sensitive information into a file in the Recovery Kit response file generation feature in Devolutions Server 2026.1.22.0, 2026.2.11.0 allows an attacker with access to the generated response file to obtain the Azure Key Vault client secret in cleartext, even when the option to exclude sensitive data is selected. | ||||
| CVE-2026-15641 | 2026-07-14 | N/A | ||
| Improper authorization in the access request status endpoint in Devolutions Server 2026.2.11, 2026.1.22 allows an authenticated low-privileged user to approve their own pending access request via a direct call to the request status endpoint, bypassing the required approver review. | ||||
| CVE-2026-58640 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-07-14 | 7.3 High |
| Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally. | ||||
| CVE-2026-55133 | 1 Microsoft | 4 365 Apps, Office 365, Office Macos 2021 and 1 more | 2026-07-14 | 7.8 High |
| Heap-based buffer overflow in Microsoft Office OneNote allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-56648 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-14 | 7.5 High |
| Time-of-check time-of-use (toctou) race condition in Windows Network File System allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-56649 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-14 | 5.9 Medium |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Network File System allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-54117 | 1 Microsoft | 1 Sql Server 2025 | 2026-07-14 | 8.8 High |
| Deserialization of untrusted data in SQL Server allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-15637 | 2026-07-14 | N/A | ||
| Improper authorization in the PAM SSH key and certificate retrieval endpoints in Devolutions Server 2026.2.11, 2026.1.22 allows an authenticated low-privileged user to disclose the private key of an SSH key or certificate PAM credential via a direct object reference to the credential identifier. | ||||
| CVE-2026-55011 | 1 Microsoft | 1 Malware Protection Engine | 2026-07-14 | 7.8 High |
| Integer underflow (wrap or wraparound) in Microsoft Defender allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-57087 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more | 2026-07-14 | 8.8 High |
| Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-57093 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-14 | 7 High |
| Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-54132 | 1 Microsoft | 9 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 6 more | 2026-07-14 | 6.8 Medium |
| Heap-based buffer overflow in Windows Kernel allows an unauthorized attacker to elevate privileges with a physical attack. | ||||
| CVE-2026-57108 | 1 Microsoft | 1 .net | 2026-07-14 | 7.5 High |
| Access of resource using incompatible type ('type confusion') in .NET Core allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-50520 | 1 Microsoft | 1 Visual Studio Code | 2026-07-14 | 8.4 High |
| Improper neutralization of special elements used in a command ('command injection') in Visual Studio Code allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-55944 | 1 Microsoft | 1 Dynamics Nav 2018 | 2026-07-14 | 9.8 Critical |
| Deserialization of untrusted data in Microsoft Dynamics NAV allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-5040 | 2026-07-14 | N/A | ||
| TP-Link Deco M5 v1 uses a weak password hashing mechanism to store user credentials. An attacker who obtains the password hash through system compromise or privileged access could perform brute-force or dictionary attacks. Successful exploitation may result in disclosure of authentication credentials, enabling unauthorized access to device management functions, depending on the privileges associated with the recovered password. The primary security impact is loss of confidentiality. | ||||
| CVE-2026-14404 | 1 Google | 1 Chrome | 2026-07-14 | 6.5 Medium |
| Inappropriate implementation in PDFium in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted PDF file. (Chromium security severity: Medium) | ||||
| CVE-2026-14415 | 1 Google | 1 Chrome | 2026-07-14 | 8.8 High |
| Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14401 | 1 Google | 1 Chrome | 2026-07-14 | 8.3 High |
| Insufficient validation of untrusted input in ANGLE in Google Chrome on Android prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-14411 | 1 Google | 1 Chrome | 2026-07-14 | 9.6 Critical |
| Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||