Export limit exceeded: 20107 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (51 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-56650 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-15 | 7.8 High |
| Heap-based buffer overflow in Windows Network File System allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-49792 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more | 2026-07-15 | 7.8 High |
| Numeric truncation error in Windows Resilient File System (ReFS) allows an authorized attacker to execute code locally. | ||||
| CVE-2026-50357 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more | 2026-07-15 | 7.8 High |
| Numeric truncation error in Windows Resilient File System (ReFS) allows an authorized attacker to execute code locally. | ||||
| CVE-2026-50332 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-14 | 7.8 High |
| Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-55142 | 1 Microsoft | 9 365 Apps, Office 2019, Office 2021 and 6 more | 2026-07-14 | 5.5 Medium |
| Numeric truncation error in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2026-44823 | 1 Microsoft | 9 365 Apps, Excel 2016, Office 2019 and 6 more | 2026-07-08 | 7.8 High |
| Numeric truncation error in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-6039 | 1 The Document Foundation | 1 Libreoffice | 2026-06-16 | 5.5 Medium |
| LibreOffice can import drawings in the DXF format used by CAD software. A heap buffer overflow existed when importing a DXF polyline. The point count taken from the file was truncated to a 16-bit value when the point buffer was sized, while the full count was used to fill it, so a polyline whose point count exceeded the 16-bit range was written past the end of the buffer. In fixed versions such oversized polylines are rejected. | ||||
| CVE-2026-40409 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-06-11 | 7.8 High |
| Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability | ||||
| CVE-2026-40404 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-06-10 | 7.8 High |
| Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability | ||||
| CVE-2024-43519 | 1 Microsoft | 25 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 22 more | 2026-06-09 | 8.8 High |
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | ||||
| CVE-2026-42944 | 1 Nlnetlabs | 1 Unbound | 2026-05-20 | 7.5 High |
| NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in heap overflow when encoding multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options in the reply packet. The relevant options ('nsid', 'answer-cookie', 'pad-responses' (default)) need to be enabled for the vulnerability to be exploited. An adversary who can query Unbound can exploit the vulnerability by attaching multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options to the query. A flaw in the size calculation of the EDNS field truncates the correct value which allows the encoder to overflow the available space when writing. Those two combined lead to a heap overflow write of Unbound controlled data and eventually a crash. Unbound 1.25.1 contains a patch with a fix to de-duplicate the EDNS options and a fix to prevent truncation of the EDNS field size calculation. | ||||
| CVE-2026-42371 | 1 Uriparser Project | 1 Uriparser | 2026-05-18 | 5.1 Medium |
| uriparser before 1.0.1 has numeric truncation in text range comparison, if an application accepts URIs with a length in gigabytes. | ||||
| CVE-2026-40380 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-05-14 | 6.2 Medium |
| Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack. | ||||
| CVE-2026-44927 | 2026-05-08 | 2.9 Low | ||
| In uriparser before 1.0.2, there is pointer difference truncation to int in various places. | ||||
| CVE-2025-6965 | 1 Sqlite | 1 Sqlite | 2026-04-20 | 9.8 Critical |
| There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above. | ||||
| CVE-2026-32240 | 1 Capnproto | 1 Capnproto | 2026-03-23 | 6.5 Medium |
| Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, when using Transfer-Encoding: chunked, if a chunk's size parsed to a value of 2^64 or larger, it would be truncated to a 64-bit integer. In theory, this bug could enable HTTP request/response smuggling. This vulnerability is fixed in 1.4.0. | ||||
| CVE-2025-53723 | 2 Microsoft, Windows | 27 Windows, Windows 10, Windows 10 1507 and 24 more | 2026-02-26 | 7.8 High |
| Numeric truncation error in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-49679 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-02-13 | 7.8 High |
| Numeric truncation error in Windows Shell allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2024-38044 | 1 Microsoft | 9 Windows Server 2008 R2, Windows Server 2008 Sp2, Windows Server 2012 and 6 more | 2026-02-10 | 7.2 High |
| DHCP Server Service Remote Code Execution Vulnerability | ||||
| CVE-2025-10543 | 1 Eclipse | 2 Paho Go Mqtt, Paho Mqtt | 2026-01-16 | 5.3 Medium |
| In Eclipse Paho Go MQTT v3.1 library (paho.mqtt.golang) versions <=1.5.0 UTF-8 encoded strings, passed into the library, may be incorrectly encoded if their length exceeds 65535 bytes. This may lead to unexpected content in packets sent to the server (for example, part of an MQTT topic may leak into the message body in a PUBLISH packet). The issue arises because the length of the data passed in was converted from an int64/int32 (depending upon CPU) to an int16 without checks for overflows. The int16 length was then written, followed by the data (e.g. topic). This meant that when the data (e.g. topic) was over 65535 bytes then the amount of data written exceeds what the length field indicates. This could lead to a corrupt packet, or mean that the excess data leaks into another field (e.g. topic leaks into message body). | ||||