Export limit exceeded: 365362 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (365362 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-50335 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2026-07-15 | 7.8 High |
| Improper access control in Windows Operating Systems allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-50317 | 1 Microsoft | 4 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 1 more | 2026-07-15 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Operating Systems allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-7655 | 2 Surecart, Wordpress | 2 Surecart – Ecommerce Made Easy For Selling Physical Products, Digital Downloads, Subscriptions, Donations, & Payments, Wordpress | 2026-07-15 | 8.1 High |
| The SureCart plugin for WordPress is vulnerable to privilege escalation via account takeover in versions up to, and including, 4.2.3. This is due to the plugin not properly validating a user's identity prior to updating their details like email during customer profile synchronization from webhook events. This makes it possible for unauthenticated attackers to change linked user's email addresses, including administrators if the administrator account is linked to a SureCart customer record, and leverage that to reset the user's password and gain access to their account if the customer ID is known. | ||||
| CVE-2026-41087 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more | 2026-07-15 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-13968 | 2 Starboardsuite, Wordpress | 2 Starboard Suite Reservation Calendars, Wordpress | 2026-07-15 | 6.4 Medium |
| The Starboard Suite Reservation Calendars plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in the [starboard-suite-lightbox] shortcode in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-57831 | 2026-07-15 | N/A | ||
| The Joomla extension DP Calendar is vulnerable to an unauthenticated SQL injection. | ||||
| CVE-2026-50418 | 1 Microsoft | 5 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 2 more | 2026-07-15 | 5.1 Medium |
| Improper access control in Windows System allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2026-50387 | 1 Microsoft | 17 Office, Office 365, Office Macos 2021 and 14 more | 2026-07-15 | 7.8 High |
| Stack-based buffer overflow in Windows GDI allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-50352 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-15 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows Cryptographic Services allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-50442 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more | 2026-07-15 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-50302 | 1 Microsoft | 7 Windows 10 21h2, Windows 10 22h2, Windows 11 24h2 and 4 more | 2026-07-15 | 4.2 Medium |
| Improper certificate validation in Windows Cryptographic Services allows an unauthorized attacker to bypass a security feature over a network. | ||||
| CVE-2026-50419 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-15 | 3.3 Low |
| Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-50321 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-15 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-50425 | 1 Microsoft | 6 Windows 10 21h2, Windows 10 22h2, Windows 11 24h2 and 3 more | 2026-07-15 | 7.8 High |
| Use after free in Windows Internal System User Profile allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-50456 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-15 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-21039 | 1 Samsung | 1 Mobile Devices | 2026-07-15 | N/A |
| Improper access control in Settings prior to SMR Jul-2026 Release 1 allows local attackers to configure Theft protection settings. | ||||
| CVE-2026-21042 | 1 Samsung Mobile | 1 Samsung Mobile Devices | 2026-07-15 | N/A |
| Out-of-bounds write in libsavsac.so prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrary code. | ||||
| CVE-2026-21052 | 1 Samsung Mobile | 1 Samsung Mobile Devices | 2026-07-15 | N/A |
| Path traversal in SemClipboardService prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system privilege. | ||||
| CVE-2026-21053 | 1 Samsung Mobile | 1 Samsung Email | 2026-07-15 | N/A |
| Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to create arbitrary files within the application sandbox. | ||||
| CVE-2026-21054 | 1 Samsung Mobile | 1 Inputsharing | 2026-07-15 | N/A |
| Improper export of android application components in InputSharing prior to version 2.7.01.4 allows local attackers to access sharing data. | ||||