Export limit exceeded: 366468 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366468 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-50658 | 1 Microsoft | 1 Defender For Endpoint | 2026-07-15 | 7 High |
| Time-of-check time-of-use (toctou) race condition in Microsoft Defender allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-13461 | 1 Payrange | 1 Payrange | 2026-07-15 | 9.6 Critical |
| When coupled with the SSL bypass vulnerability, JavaScript can be injected into a WebView in the PayRange version 7.0.7 app. The injection of specific JavaScript function calls allows the attacker to escape the WebView sandbox and perform a number of dangerous actions on the user's device. | ||||
| CVE-2026-15427 | 2026-07-15 | N/A | ||
| An OS command injection vulnerability exists in the TR-069 / CWMP management interface of Archer VX1800v v1 due to insufficient input validation and sanitization of parameters, allowing crafted input to be executed as system-level commands. Exploitation requires specific conditions such as TR-069 being enabled and ability to influence ACS-delivered commands, compromise or control an ACS server. Successful exploitation may allow arbitrary command execution with root privileges, resulting in complete compromise of the device. | ||||
| CVE-2026-50499 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2026-07-15 | 7.8 High |
| Heap-based buffer overflow in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-44761 | 2026-07-15 | 9.1 Critical | ||
| SAP Commerce Cloud could retain a sample OAuth2 client with publicly documented sample credentials originating from sample configuration provided in SAP Help Portal documentation. If left unchanged, an unauthenticated attacker could use these well-known credentials to obtain a valid access token and invoke certain APIs to read and modify data. Successful exploitation results in high impact on confidentiality and integrity, with no impact on availability. | ||||
| CVE-2026-50677 | 1 Microsoft | 3 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 | 2026-07-15 | 7.8 High |
| Use after free in Windows Media allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-50688 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-15 | 7.8 High |
| Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-50674 | 1 Microsoft | 4 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 1 more | 2026-07-15 | 7 High |
| Use after free in Windows USB Print Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-50340 | 1 Microsoft | 4 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 1 more | 2026-07-15 | 8.5 High |
| Use after free in Windows Runtime allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-50385 | 1 Microsoft | 4 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 1 more | 2026-07-15 | 8.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-54125 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2026-07-15 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-50501 | 1 Microsoft | 4 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 1 more | 2026-07-15 | 7.8 High |
| Stack-based buffer overflow in Windows Resilient File System (ReFS) allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-55021 | 1 Microsoft | 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 | 2026-07-15 | 7.3 High |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||||
| CVE-2026-54121 | 1 Microsoft | 8 Windows 10 1607, Windows 10 1809, Windows Server 2012 and 5 more | 2026-07-15 | 8.8 High |
| Improper authorization in Active Directory Certificate Services (AD CS) allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-55033 | 1 Microsoft | 11 365 Apps, Office 2019, Office 2021 and 8 more | 2026-07-15 | 7.8 High |
| Integer overflow or wraparound in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-50354 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more | 2026-07-15 | 7.1 High |
| Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-50669 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-15 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telephony Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-55045 | 1 Microsoft | 11 365 Apps, Office 2016, Office 2019 and 8 more | 2026-07-15 | 8.4 High |
| Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-55039 | 1 Microsoft | 8 365 Apps, Excel 2016, Office 2019 and 5 more | 2026-07-15 | 7.8 High |
| Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-51119 | 2026-07-15 | 9.1 Critical | ||
| An issue in Invixium IXM WEB v.2.3.85.25 allows an attacker to escalate privileges via the /SystemUsers/CreateAppUser components | ||||