Export limit exceeded: 351589 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351589 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-33148 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2026-05-19 | 7.8 High |
| Microsoft Office Elevation of Privilege Vulnerability | ||||
| CVE-2021-43256 | 1 Microsoft | 8 365 Apps, Excel, Excel Rt and 5 more | 2026-05-19 | 7.8 High |
| Microsoft Excel Remote Code Execution Vulnerability | ||||
| CVE-2022-29107 | 1 Microsoft | 5 365 Apps, Office, Office Long Term Servicing Channel and 2 more | 2026-05-19 | 5.5 Medium |
| Microsoft Office Security Feature Bypass Vulnerability | ||||
| CVE-2022-41107 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2026-05-19 | 7.8 High |
| Microsoft Office Graphics Remote Code Execution Vulnerability | ||||
| CVE-2022-41104 | 1 Microsoft | 4 365 Apps, Excel, Office and 1 more | 2026-05-19 | 5.5 Medium |
| Microsoft Excel Security Feature Bypass Vulnerability | ||||
| CVE-2022-26901 | 1 Microsoft | 7 365 Apps, Excel, Excel Rt and 4 more | 2026-05-19 | 7.8 High |
| Microsoft Excel Remote Code Execution Vulnerability | ||||
| CVE-2022-24462 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2026-05-19 | 5.5 Medium |
| Microsoft Word Security Feature Bypass Vulnerability | ||||
| CVE-2022-24509 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2026-05-19 | 7.8 High |
| Microsoft Office Visio Remote Code Execution Vulnerability | ||||
| CVE-2022-24511 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2026-05-19 | 5.5 Medium |
| Microsoft Office Word Tampering Vulnerability | ||||
| CVE-2026-8073 | 2026-05-19 | 7.5 High | ||
| The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation and missing capability check in the 'downloadZIP' function in all versions up to, and including, 6.0.6. This makes it possible for unauthenticated attackers to read and delete arbitrary files limited in the WordPress uploads base directory. | ||||
| CVE-2026-8096 | 2026-05-19 | 6.5 Medium | ||
| The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to view all Kirki frontend forms and read stored visitor form submission data, including contact details, messages, and any other visitor-provided information submitted through site forms. | ||||
| CVE-2026-8602 | 1 Scadabr | 1 Scadabr | 2026-05-19 | N/A |
| In ScadaBR version 1.2.0, a Missing Authentication for Critical Function vulnerability could allow an unauthenticated attacker to send a HTTP GET requests to the SCADA system and inject arbitrary sensor readings. | ||||
| CVE-2026-8603 | 1 Scadabr | 1 Scadabr | 2026-05-19 | N/A |
| In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system. | ||||
| CVE-2026-8604 | 1 Scadabr | 1 Scadabr | 2026-05-19 | N/A |
| In ScadaBR version 1.2.0, a CSRF vulnerability could allow an attacker to trigger any authenticated action through a victim's session by luring any logged-in user to a malicious webpage. | ||||
| CVE-2026-8605 | 1 Scadabr | 1 Scadabr | 2026-05-19 | N/A |
| In ScadaBR version 1.2.0, a Use of Hard-Coded Credentials vulnerability could allow an attacker to access the SCADA system as admin. | ||||
| CVE-2026-47107 | 1 Windmill-labs | 1 Windmill | 2026-05-19 | 9.6 Critical |
| Windmill prior to 1.703.2 contains an incorrect default permissions vulnerability in nsjail sandbox configuration files where /etc is bind-mounted without read-write restrictions, allowing authenticated users to write arbitrary entries to /etc/hosts, /etc/resolv.conf, and /etc/ssl/certs/ca-certificates.crt from within script execution sandboxes. Attackers can exploit persistent poisoned entries across all subsequent script executions on the same worker pod to redirect hostnames, intercept DNS queries, perform transparent HTTPS man-in-the-middle attacks, and intercept WM_TOKEN JWTs to gain workspace-admin access to victim workspaces across tenants. | ||||
| CVE-2026-33633 | 1 Kovidgoyal | 1 Kitty | 2026-05-19 | 7.5 High |
| Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in load_image_data() that allows any process which can write to the terminal's stdin to crash kitty immediately. The vulnerability is triggered by a single APC graphics protocol command with a PNG format declaration (f=100) whose payload exceeds twice the initial buffer capacity. The overflow is attacker-controlled in both length and content, causing DoS and potentially escalation to RCE itself. This issue has been fixed in version 0.47.0. | ||||
| CVE-2026-8750 | 2 H2o, H2oai | 2 H2o, H2o-3 | 2026-05-19 | 5.3 Medium |
| A vulnerability was identified in h2oai h2o-3 up to 7402. Affected by this issue is the function importFiles of the file h2o-core/src/main/java/water/persist/PersistNFS.java of the component ImportFile API. Such manipulation leads to information disclosure. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-26462 | 1 Sourceforge | 1 Offline Hospital Management System | 2026-05-19 | 7.3 High |
| Offline Hospital Management System 5.3.0 allows remote code execution due to an improper Electron renderer configuration. The application enables Node.js integration while disabling context isolation, allowing JavaScript executed in the renderer process to access Node.js APIs and execute arbitrary operating system commands. | ||||
| CVE-2026-8964 | 1 Mozilla | 1 Firefox | 2026-05-19 | 7.5 High |
| Spoofing issue in the Popup Blocker component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | ||||