Export limit exceeded: 357426 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (357426 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-41108 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-06-11 | 7 High |
| Heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-42829 | 1 Microsoft | 6 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 3 more | 2026-06-11 | 7.8 High |
| Improper access control in Windows Administrator Protection allows an authorized attacker to bypass a security feature locally. | ||||
| CVE-2026-42836 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-06-11 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-42979 | 1 Microsoft | 18 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 15 more | 2026-06-11 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-41007 | 2 Spring, Vmware | 2 Spring Hateoas, Spring Hateoas | 2026-06-11 | 7.5 High |
| Spring HATEOAS maintains an unbounded static cache of StringLinkRelation instances keyed on attacker-supplied strings. Affected versions: Spring HATEOAS 1.5.0 through 1.5.6; 2.3.0 through 2.3.4; 2.4.0 through 2.4.1; 2.5.0 through 2.5.2; 3.0.0 through 3.0.3. | ||||
| CVE-2026-42980 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-06-11 | 7.8 High |
| Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-42981 | 1 Microsoft | 11 Windows 11 23h2, Windows 11 23h2, Windows 11 24h2 and 8 more | 2026-06-11 | 8.1 High |
| Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-42983 | 1 Microsoft | 18 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 15 more | 2026-06-11 | 7.8 High |
| Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-41838 | 2 Spring, Vmware | 2 Spring Framework, Spring Framework | 2026-06-11 | 4.8 Medium |
| IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequate authorization rules. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48. | ||||
| CVE-2026-42837 | 1 Microsoft | 18 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 15 more | 2026-06-11 | 7.8 High |
| Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-4096 | 1 Ibm | 1 Devops Plan | 2026-06-11 | 6.5 Medium |
| IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking | ||||
| CVE-2026-41844 | 2 Spring, Vmware | 2 Spring Framework, Spring Framework | 2026-06-11 | 4.2 Medium |
| A Spring MVC or Spring WebFlux application which configures a mapping for "/**" where the view name is not explicitly specified allows an attacker to craft a link resulting in a 302 redirect to an arbitrary external host via the redirect: prefix. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48. | ||||
| CVE-2026-42903 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-06-11 | 6.5 Medium |
| Null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a network. | ||||
| CVE-2026-7870 | 1 Ibm | 1 I | 2026-06-11 | 8.8 High |
| IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. | ||||
| CVE-2026-7787 | 1 Ibm | 1 Langflow Oss | 2026-06-11 | 7.5 High |
| IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references. | ||||
| CVE-2026-50223 | 1 Apache | 1 Ofbiz | 2026-06-11 | 8.8 High |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks that could lead to Remote Code Execution. This issue affects Apache OFBiz: before 24.09.07. Users are recommended to upgrade to version 24.09.07, which fixes the issue. | ||||
| CVE-2026-3341 | 1 Ibm | 1 Langflow Desktop | 2026-06-11 | 5.4 Medium |
| IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | ||||
| CVE-2026-11839 | 2026-06-11 | 9.9 Critical | ||
| Unrestricted upload of file with dangerous type vulnerability in Başarsoft Information Technologies Inc. Rotaban allows Upload a Web Shell to a Web Server. This issue affects Rotaban: from V2026.06.002 before V2026.06.003. | ||||
| CVE-2024-45636 | 1 Ibm | 1 Security Qradar Edr | 2026-06-11 | 4.1 Medium |
| IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user. | ||||
| CVE-2026-42904 | 1 Microsoft | 15 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 12 more | 2026-06-11 | 9.6 Critical |
| Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network. | ||||