Search

Search Results (365153 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-47992 2026-07-14 7.2 High
Adobe Commerce is affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could exploit this vulnerability to execute malicious SQL commands, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue does not require user interaction.
CVE-2026-47476 2026-07-14 7.5 High
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause uncontrolled resource consumption. A successful exploit of this vulnerability might lead to denial of service.
CVE-2026-48069 2026-07-14 7.5 High
@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4, an invalid incoming compressed message can cause a client or server process that uses @grpc/grpc-js to crash. This issue is fixed in versions 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4.
CVE-2026-57102 1 Microsoft 1 Visual Studio Code 2026-07-14 8.8 High
Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-57101 1 Microsoft 1 Visual Studio Code 2026-07-14 7.1 High
Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-56644 1 Microsoft 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more 2026-07-14 7.8 High
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-15709 1 Redhat 1 Enterprise Linux 2026-07-14 7.5 High
A flaw was found in libsoup's WebSocket implementation when using the permessage-deflate extension. The extension's decompression loop (inflate()) processes data in chunks without enforcing an upper boundary limit on the output buffer size. While libsoup limits the incoming compressed frame size via max_incoming_payload_size, it fails to track or limit memory allocation during decompression. A separate check for decompressed size (max_total_message_size) exists but executes only after inflation is complete, and it is entirely disabled by default for client connections. A remote, unauthenticated attacker can exploit this by sending a small, highly compressed payload (a decompression bomb), causing unbounded memory allocation that triggers an Out-of-Memory (OOM) crash and a Denial of Service (DoS).
CVE-2026-56189 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-14 7.8 High
Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code locally.
CVE-2026-56182 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-14 7.8 High
Integer overflow or wraparound in Windows NTFS allows an authorized attacker to elevate privileges locally.
CVE-2026-56159 1 Microsoft 8 Windows 10 1607, Windows 10 1809, Windows Server 2012 and 5 more 2026-07-14 9.8 Critical
Heap-based buffer overflow in Windows DHCP Server allows an unauthorized attacker to execute code over a network.
CVE-2026-55040 1 Microsoft 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 2026-07-14 9.1 Critical
Weak authentication in Microsoft Office SharePoint allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-55053 1 Microsoft 8 365 Apps, Excel 2016, Office 2019 and 5 more 2026-07-14 7.8 High
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-55136 1 Microsoft 8 365 Apps, Excel 2016, Office 2019 and 5 more 2026-07-14 7.8 High
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-55127 1 Microsoft 11 365 Apps, Office 2019, Office 2021 and 8 more 2026-07-14 7.8 High
Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-50447 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-14 9.8 Critical
Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over a network.
CVE-2026-55018 1 Microsoft 8 365 Apps, Office 2016, Office 2019 and 5 more 2026-07-14 7.8 High
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-55017 1 Microsoft 5 365 Apps, Office 2016, Office 2019 and 2 more 2026-07-14 7.8 High
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-50301 1 Microsoft 5 365 Apps, Office 2016, Office 2019 and 2 more 2026-07-14 7.8 High
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-50655 1 Microsoft 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more 2026-07-14 7.8 High
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.
CVE-2026-50646 1 Microsoft 3 .net, Visual Studio 2022, Visual Studio 2026 2026-07-14 7.8 High
Protection mechanism failure in .NET Framework allows an unauthorized attacker to execute code locally.