Export limit exceeded: 366186 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366186 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366186 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-54989 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-14 | 7 High |
| Use after free in Quality Windows Audio/Video Experience (QWAVE) service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-56197 | 1 Microsoft | 1 Windows Admin Center | 2026-07-14 | 8.8 High |
| Improper neutralization of special elements used in a command ('command injection') in Windows Admin Center allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-58540 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-14 | 7.8 High |
| Improper authorization in Windows Installer allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-57094 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more | 2026-07-14 | 8.8 High |
| Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-54058 | 1 Python-pillow | 1 Pillow | 2026-07-14 | N/A |
| Pillow is a Python imaging library. Prior to 12.3.0, when Pillow loads an uncompressed McIdas AREA image from a filename through the mmap raw codec path, attacker-controlled header words can set a row stride smaller than the natural row width, causing pixel access such as Image.tobytes(), getpixel, convert, or save to read beyond the mapped region and disclose adjacent process memory or fault. This issue is fixed in version 12.3.0. | ||||
| CVE-2026-57088 | 1 Microsoft | 4 Windows 10 1809, Windows Server 2019, Windows Server 2022 and 1 more | 2026-07-14 | 7.8 High |
| Improper access control in Extensible Storage Engine (ESENT) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-45066 | 2026-07-14 | N/A | ||
| Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0-BETA1 until 6.4.40, 7.4.12, and 8.0.12, HtmlSanitizer URL sanitization can allow off-allowlist URLs through allowLinkHosts() or allowMediaHosts() because UrlSanitizer::parse() follows RFC 3986 while browsers follow WHATWG URL parsing, and because <area href> is checked against the media policy rather than the link policy. This issue is fixed in versions 6.4.40, 7.4.12, and 8.0.12. | ||||
| CVE-2026-55009 | 1 Microsoft | 3 Exchange Server 2016, Exchange Server 2019, Exchange Server Se | 2026-07-14 | 7.8 High |
| Deserialization of untrusted data in Microsoft Exchange Server allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-58547 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2026-07-14 | 5.5 Medium |
| Heap-based buffer overflow in Universal Plug and Play (upnp.dll) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-58534 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more | 2026-07-14 | 8.8 High |
| Heap-based buffer overflow in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-58535 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-14 | 6.5 Medium |
| Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-15429 | 2026-07-14 | N/A | ||
| A privilege escalation vulnerability exists in the HTTP authentication component in Archer VX1800v v1. Improper handling of user-controlled input may allow newline characters to be injected into internally constructed configuration data. An authenticated user with sufficient privileges may be able to modify account settings and gain elevated administrative privileges. | ||||
| CVE-2026-59888 | 2026-07-14 | 6.5 Medium | ||
| jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.15.0 until 2.18.8, 2.21.4, and 3.1.4, Java Records using a PropertyNamingStrategy can bypass @JsonIgnore because POJOPropertiesCollector._removeUnwantedIgnorals() records an ignored component under its original implicit name before _renameUsing() applies the naming strategy, allowing the renamed JSON key to be assigned to the Record constructor parameter. This issue is fixed in versions 2.18.8, 2.21.4, and 3.1.4. | ||||
| CVE-2026-15428 | 2026-07-14 | N/A | ||
| An OS command injection vulnerability exists in Archer VX800v v1 due to insufficient input sanitization of the domain name parameter. An adjacent attacker who can access the relevant HTTP interface can modify the parameter to inject shell metacharacters, resulting in arbitrary code execution with root privileges. Successful exploitation may allow remote code execution and complete compromise of the device. | ||||
| CVE-2026-50356 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more | 2026-07-14 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Windows App Store allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-50296 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more | 2026-07-14 | 7 High |
| Use after free in Graphics Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-49806 | 1 Microsoft | 4 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 1 more | 2026-07-14 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-50333 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more | 2026-07-14 | 7.8 High |
| Missing authentication for critical function in Windows Spaceport.sys allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-50308 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-14 | 7.8 High |
| Integer underflow (wrap or wraparound) in Windows NTFS allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-49800 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2026-07-14 | 7.8 High |
| Integer overflow or wraparound in Windows Web Proxy Auto-Discovery Protocol (WPAD) allows an authorized attacker to elevate privileges locally. | ||||