Export limit exceeded: 351055 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351055 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-40413 | 1 Microsoft | 29 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 26 more | 2026-05-13 | 7.4 High |
| Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network. | ||||
| CVE-2026-40397 | 1 Microsoft | 29 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 26 more | 2026-05-13 | 7.8 High |
| Integer underflow (wrap or wraparound) in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-40382 | 1 Microsoft | 29 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 26 more | 2026-05-13 | 7.8 High |
| Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-42047 | 1 Inngest | 2 Inngest, Inngest-js | 2026-05-13 | 8.6 High |
| Inngest is a platform for running event-driven and scheduled background functions with queueing, retries, and step orchestration. Versions 3.22.0 through 3.53.1 contain a vulnerability that allows unauthenticated remote attackers to exfiltrate environment variables from the host process via the serve() HTTP handler. The serve() handler implements GET, POST, and PUT methods. Requests using PATCH, OPTIONS, or DELETE fall through to a generic handler that returns diagnostic information. A change introduced in v3.22.0 caused this diagnostic response to include the contents of process.env, exposing any secrets, API keys, or credentials present in the environment. An application is vulnerable if its serve() endpoint is reachable via PATCH, OPTIONS, or DELETE requests, which is common in setups like Next.js Pages Router or Express's app.use(...). Not affected are Next.js App Router handlers that export only GET, POST, and PUT, and applications using the connect worker method. This issue has been fixed in version 3.54.0. To work around this issue if upgrading is not immediately possible, restrict the serve() endpoint at the framework or reverse-proxy layer to accept only GET, POST, and PUT. The Inngest serve() endpoint does not require any other HTTP methods. | ||||
| CVE-2026-41096 | 1 Microsoft | 14 Windows 11 22h3, Windows 11 23h2, Windows 11 23h2 and 11 more | 2026-05-13 | 9.8 Critical |
| Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-41094 | 1 Microsoft | 2 Data Formulator, Data Formulator | 2026-05-13 | 8.8 High |
| Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-41089 | 1 Microsoft | 14 Windows Server 2012, Windows Server 2012 (server Core Installation), Windows Server 2012 R2 and 11 more | 2026-05-13 | 9.8 Critical |
| Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-40364 | 1 Microsoft | 7 365 Apps, Office 2019, Office 2021 and 4 more | 2026-05-13 | 8.4 High |
| Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-40363 | 1 Microsoft | 9 365 Apps, Office, Office 2016 and 6 more | 2026-05-13 | 8.4 High |
| Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-35440 | 1 Microsoft | 5 365 Apps, Office 2019, Office 2021 and 2 more | 2026-05-13 | 5.5 Medium |
| Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2026-35438 | 1 Microsoft | 1 Windows Admin Center | 2026-05-13 | 8.3 High |
| Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-35433 | 1 Microsoft | 1 .net | 2026-05-13 | 7.3 High |
| Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2026-43826 | 1 Apache | 2 Airflow Providers Opensearch, Apache-airflow-providers-opensearch | 2026-05-13 | 6.5 Medium |
| The OpenSearch logging provider, when configured with a `host` URL that embeds credentials (for example `https://user:password@server.example.com:9200`), wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend credentials. Users are advised to upgrade to `apache-airflow-providers-opensearch` 1.9.1 or later and, as a defense-in-depth measure, configure the backend credentials via a secret backend rather than embedding them in the `[opensearch] host` URL. | ||||
| CVE-2026-33117 | 1 Microsoft | 1 Azure Sdk For Java | 2026-05-13 | 9.1 Critical |
| Improper authentication in Azure SDK allows an unauthorized attacker to bypass a security feature over a network. | ||||
| CVE-2026-28872 | 1 Apple | 3 Ios And Ipados, Ipados, Iphone Os | 2026-05-13 | 7.5 High |
| A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4. A remote attacker may be able to cause a denial-of-service. | ||||
| CVE-2026-28906 | 1 Apple | 5 Ios And Ipados, Ipados, Iphone Os and 2 more | 2026-05-13 | 7.5 High |
| This issue was addressed through improved state management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. An attacker may be able to track users through their IP address. | ||||
| CVE-2026-28910 | 1 Apple | 1 Macos | 2026-05-13 | 3.3 Low |
| This issue was addressed with improved permissions checking. This issue is fixed in macOS Tahoe 26.4. A malicious app may be able to access arbitrary files. | ||||
| CVE-2026-28819 | 1 Apple | 4 Ios And Ipados, Ipados, Iphone Os and 1 more | 2026-05-13 | 5.4 Medium |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2026-28918 | 1 Apple | 7 Ios And Ipados, Ipados, Iphone Os and 4 more | 2026-05-13 | 6.5 Medium |
| An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Parsing a maliciously crafted file may lead to an unexpected app termination. | ||||
| CVE-2026-31214 | 2026-05-13 | 9.8 Critical | ||
| The torch-checkpoint-shrink.py script in the ml-engineering project in commit 0099885db36a8f06556efe1faf552518852cb1e0 (2025-20-27) contains an insecure deserialization vulnerability (CWE-502). The script uses torch.load() to process PyTorch checkpoint files (.pt) without enabling the security-restrictive weights_only=True parameter. This oversight allows the deserialization of arbitrary Python objects via the pickle module. A remote attacker can exploit this by providing a maliciously crafted checkpoint file, leading to arbitrary code execution in the context of the user running the script. | ||||