Export limit exceeded: 366508 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366508 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366508 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366508 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-50378 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2026-07-14 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Key Guard allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-50416 | 1 Microsoft | 4 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 1 more | 2026-07-14 | 3.3 Low |
| Exposure of sensitive information to an unauthorized actor in Windows Win32K allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-50315 | 1 Microsoft | 4 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 1 more | 2026-07-14 | 7.8 High |
| Null pointer dereference in Windows Image Acquisition allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-50341 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-14 | 5.5 Medium |
| Buffer over-read in Windows NTFS allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-49177 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-14 | 5.5 Medium |
| Out-of-bounds read in Windows TCP/IP allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-34348 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2026-07-14 | 6.5 Medium |
| Protection mechanism failure in Windows Event Logging Service allows an authorized attacker to disclose information over a network. | ||||
| CVE-2026-50300 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more | 2026-07-14 | 5.5 Medium |
| Integer underflow (wrap or wraparound) in Windows Kernel allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-50384 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2026-07-14 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Clip Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-54997 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-14 | 5.5 Medium |
| Use of uninitialized resource in Windows SMB allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-49165 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more | 2026-07-14 | 7.1 High |
| Use of uninitialized resource in Microsoft Windows App Store allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-58614 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-14 | 5.5 Medium |
| Out-of-bounds read in Windows Kernel allows an authorized attacker to bypass a security feature locally. | ||||
| CVE-2026-50351 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-14 | 7.8 High |
| Improper access control in Windows Audio Compression Manager (ACM) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-42900 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more | 2026-07-14 | 8.1 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows App Store allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2026-58595 | 1 Microsoft | 1 Bing Search | 2026-07-14 | 8.1 High |
| Improper restriction of rendered ui layers or frames in Microsoft Bing App for IOS allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-50294 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-14 | 6.2 Medium |
| Exposure of sensitive system information to an unauthorized control sphere in Windows Kernel allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2026-49804 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2026-07-14 | 6.6 Medium |
| Heap-based buffer overflow in Windows USB Video Driver allows an unauthorized attacker to elevate privileges with a physical attack. | ||||
| CVE-2026-45496 | 1 Microsoft | 1 Visual Studio Code | 2026-07-14 | 5.5 Medium |
| Improper limitation of a pathname to a restricted directory ('path traversal') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2026-49784 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more | 2026-07-14 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Windows App Store allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-9108 | 1 Rockwellautomation | 1 Studio 5000 Logix Designer | 2026-07-14 | N/A |
| A path traversal security issue exists within Studio 5000 Logix Designer® due to improper limitation of file paths within ACD project files. The software does not sanitize or validate file names embedded in the ACD file structure during the project opening procedure, allowing path traversal sequences to escape the intended extraction directory. If exploited, an attacker could craft a malicious ACD project file that results in arbitrary files being written to attacker-controlled locations on the file system, potentially leading to code execution. | ||||
| CVE-2026-9128 | 1 Rockwellautomation | 1 Studio 5000 Logix Designer | 2026-07-14 | N/A |
| A code execution security issue exists within Studio 5000 Logix Designer® due to an unquoted search path in the External Tools configuration. The executable paths specified in the external tools configuration file are not properly quoted, and because these paths contain spaces, the operating system may resolve them to unintended executables placed earlier in the search order. If exploited, an attacker could plant a malicious executable in a location within the search path, resulting in arbitrary code execution with the same permissions of the user running the application. | ||||