Search

Search Results (365155 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-49800 1 Microsoft 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more 2026-07-14 7.8 High
Integer overflow or wraparound in Windows Web Proxy Auto-Discovery Protocol (WPAD) allows an authorized attacker to elevate privileges locally.
CVE-2026-49794 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-14 4.6 Medium
Out-of-bounds read in Windows USB Audio Class driver (usbaudio.sys) allows an unauthorized attacker to disclose information with a physical attack.
CVE-2026-49788 1 Microsoft 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more 2026-07-14 7.5 High
Allocation of resources without limits or throttling in HTTP/2 allows an unauthorized attacker to deny service over a network.
CVE-2026-49181 1 Microsoft 8 Windows 10 1607, Windows 10 1809, Windows Server 2012 and 5 more 2026-07-14 7.5 High
Integer underflow (wrap or wraparound) in Windows DHCP Client allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-54988 1 Microsoft 8 365 Apps, Excel 2016, Office 2019 and 5 more 2026-07-14 6.1 Medium
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-40378 1 Microsoft 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more 2026-07-14 7.5 High
Memory allocation with excessive size value in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.
CVE-2026-48309 2026-07-14 7.8 High
Audition is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-58636 1 Microsoft 1 Pc Manager 2026-07-14 7.8 High
Improper link resolution before file access ('link following') in Window PC Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-47969 2026-07-14 5.5 Medium
Audition is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-48365 2026-07-14 7.8 High
Audition is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-58618 1 Microsoft 8 365 Apps, Excel 2016, Office 2019 and 5 more 2026-07-14 7.8 High
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-58609 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-14 7.8 High
Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to execute code locally.
CVE-2026-58601 1 Microsoft 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more 2026-07-14 7.8 High
Heap-based buffer overflow in Virtual Hard Disk (VHD) Miniport Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-58279 1 Microsoft 1 Azure Cyclecloud 2026-07-14 6.5 Medium
Missing authorization in Azure CycleCloud allows an authorized attacker to elevate privileges over a network.
CVE-2026-56193 1 Microsoft 8 365 Apps, Office 2016, Office 2019 and 5 more 2026-07-14 7.1 High
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-56164 1 Microsoft 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 2026-07-14 5.3 Medium
Missing authentication for critical function in Microsoft Office SharePoint allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-55948 1 Microsoft 8 365 Apps, Excel 2016, Office 2019 and 5 more 2026-07-14 7.8 High
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-45077 2026-07-14 N/A
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, the server:log listener (Symfony\Bridge\Monolog\Command\ServerLogCommand) binds to 0.0.0.0:9911 by default and processes each received frame with unserialize(base64_decode($message)) without authentication, integrity checks, or an allowed_classes allowlist, allowing any reachable host to submit attacker-chosen serialized PHP payloads that can crash the listener and may trigger object-injection gadget effects. This issue is fixed in versions 5.4.52, 6.4.40, 7.4.12, and 8.0.12.
CVE-2026-15757 2026-07-14 N/A
A security flaw was discovered in the NETGEAR DGND3700v1 that could allow someone on the same local WiFi network to send unauthorized commands to the device. This issue was identified through testing in a controlled research environment using a simulated version of the router's software and has not been confirmed on physical production devices.
CVE-2026-15715 1 Sourcecodester 1 Class And Exam Timetabling System 2026-07-14 4.3 Medium
A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /exam.php. Such manipulation of the argument day leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used.