Export limit exceeded: 351812 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351812 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-33633 | 1 Kovidgoyal | 1 Kitty | 2026-05-19 | 7.5 High |
| Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in load_image_data() that allows any process which can write to the terminal's stdin to crash kitty immediately. The vulnerability is triggered by a single APC graphics protocol command with a PNG format declaration (f=100) whose payload exceeds twice the initial buffer capacity. The overflow is attacker-controlled in both length and content, causing DoS and potentially escalation to RCE itself. This issue has been fixed in version 0.47.0. | ||||
| CVE-2026-8750 | 2 H2o, H2oai | 2 H2o, H2o-3 | 2026-05-19 | 5.3 Medium |
| A vulnerability was identified in h2oai h2o-3 up to 7402. Affected by this issue is the function importFiles of the file h2o-core/src/main/java/water/persist/PersistNFS.java of the component ImportFile API. Such manipulation leads to information disclosure. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-35436 | 1 Microsoft | 6 365 Apps, Office, Office 2019 and 3 more | 2026-05-19 | 8.8 High |
| Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-35440 | 1 Microsoft | 8 365 Apps, Office, Office 2019 and 5 more | 2026-05-19 | 5.5 Medium |
| Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2026-40358 | 1 Microsoft | 9 365 Apps, Office, Office 2016 and 6 more | 2026-05-19 | 8.4 High |
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-40359 | 1 Microsoft | 11 365 Apps, Excel, Excel 2016 and 8 more | 2026-05-19 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-40360 | 1 Microsoft | 11 365 Apps, Excel, Excel 2016 and 8 more | 2026-05-19 | 7.8 High |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2026-40361 | 1 Microsoft | 10 365 Apps, Office, Office 2019 and 7 more | 2026-05-19 | 8.4 High |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-40362 | 1 Microsoft | 11 365 Apps, Excel, Excel 2016 and 8 more | 2026-05-19 | 7.8 High |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-40363 | 1 Microsoft | 10 365 Apps, Office, Office 2016 and 7 more | 2026-05-19 | 8.4 High |
| Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-40364 | 1 Microsoft | 10 365 Apps, Office, Office 2019 and 7 more | 2026-05-19 | 8.4 High |
| Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-40366 | 1 Microsoft | 10 365 Apps, Office, Office 2019 and 7 more | 2026-05-19 | 8.4 High |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-40418 | 1 Microsoft | 6 365 Apps, Office, Office 2019 and 3 more | 2026-05-19 | 7.8 High |
| Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-40419 | 1 Microsoft | 6 365 Apps, Office, Office 2019 and 3 more | 2026-05-19 | 7.8 High |
| Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-40420 | 1 Microsoft | 6 365 Apps, Office, Office 2019 and 3 more | 2026-05-19 | 8.8 High |
| Improper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-8945 | 1 Mozilla | 1 Firefox | 2026-05-19 | 7.5 High |
| Sandbox escape in Firefox and Firefox Focus for Android. This vulnerability was fixed in Firefox 151. | ||||
| CVE-2026-8959 | 1 Mozilla | 1 Firefox | 2026-05-19 | 9.6 Critical |
| Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | ||||
| CVE-2026-8960 | 1 Mozilla | 1 Firefox | 2026-05-19 | 7.5 High |
| Spoofing issue in WebExtensions. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | ||||
| CVE-2026-8974 | 1 Mozilla | 1 Firefox | 2026-05-19 | 9.8 Critical |
| Memory safety bugs present in Thunderbird 140.10 and Thunderbird 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | ||||
| CVE-2026-8706 | 1 Mozilla | 1 Firefox For Ios | 2026-05-19 | 6.5 Medium |
| Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive the response rendered with the signed-in user's cookies. This vulnerability was fixed in Firefox for iOS 151.0. | ||||