Export limit exceeded: 365413 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (365413 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-47999 | 2026-07-14 | 4.8 Medium | ||
| Adobe Commerce is affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed. | ||||
| CVE-2026-47998 | 2026-07-14 | 5.9 Medium | ||
| Adobe Commerce is affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction. | ||||
| CVE-2026-48000 | 2026-07-14 | 4.3 Medium | ||
| Adobe Commerce is affected by an Improper Redirect (Open Redirect) vulnerability that could result in a Security feature bypass. An attacker could construct a malicious URL that redirects a victim to an attacker-controlled site, potentially enabling credential theft and account takeover. Exploitation of this issue requires user interaction in that a victim must click on a malicious link. | ||||
| CVE-2026-48001 | 2026-07-14 | 3.7 Low | ||
| Adobe Commerce is affected by an Information Exposure vulnerability that could lead to a limited disclosure of sensitive information. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction. | ||||
| CVE-2026-47994 | 2026-07-14 | 8.7 High | ||
| Adobe Commerce is affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field, potentially gaining elevated access or control over the victim's account or session. Scope is changed. | ||||
| CVE-2026-55121 | 1 Microsoft | 11 365 Apps, Office 2016, Office 2019 and 8 more | 2026-07-14 | 5.5 Medium |
| Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2026-56181 | 1 Microsoft | 4 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 1 more | 2026-07-14 | 8.3 High |
| Origin validation error in Windows Network Address Translation (NAT) allows an unauthorized attacker to perform spoofing over an adjacent network. | ||||
| CVE-2026-57102 | 1 Microsoft | 1 Visual Studio Code | 2026-07-14 | 8.8 High |
| Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network. | ||||
| CVE-2026-57101 | 1 Microsoft | 1 Visual Studio Code | 2026-07-14 | 7.1 High |
| Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2026-57092 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-14 | 9.9 Critical |
| Use after free in Windows VMSwitch allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-57085 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-14 | 5.5 Medium |
| Out-of-bounds read in Windows Print Spooler Components allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-57091 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more | 2026-07-14 | 7.8 High |
| Stack-based buffer overflow in Windows File History Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-57084 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-14 | 5.5 Medium |
| Use of uninitialized resource in Windows File Explorer allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2026-56647 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2026-07-14 | 8.8 High |
| Integer overflow or wraparound in Windows Remote Access Service Infrastructure allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-56644 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more | 2026-07-14 | 7.8 High |
| Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-56189 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-14 | 7.8 High |
| Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-56182 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-14 | 7.8 High |
| Integer overflow or wraparound in Windows NTFS allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-56168 | 1 Microsoft | 7 Windows 10 21h2, Windows 10 22h2, Windows 11 24h2 and 4 more | 2026-07-14 | 6.5 Medium |
| Null pointer dereference in Windows SMB Server allows an authorized attacker to deny service over a network. | ||||
| CVE-2026-56159 | 1 Microsoft | 8 Windows 10 1607, Windows 10 1809, Windows Server 2012 and 5 more | 2026-07-14 | 9.8 Critical |
| Heap-based buffer overflow in Windows DHCP Server allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-55130 | 1 Microsoft | 8 365 Apps, Office 2019, Office 2021 and 5 more | 2026-07-14 | 7.8 High |
| Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||