Export limit exceeded: 358957 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 358957 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 358957 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (358957 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-42980 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-06-15 | 7.8 High |
| Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-45654 | 1 Microsoft | 8 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 5 more | 2026-06-15 | 7.9 High |
| Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. | ||||
| CVE-2026-45600 | 1 Microsoft | 8 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 5 more | 2026-06-15 | 7.8 High |
| Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-45593 | 1 Microsoft | 18 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 15 more | 2026-06-15 | 7.8 High |
| Use after free in Windows SDK allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-25006 | 1 Microsoft | 5 Exchange Server, Exchange Server 2016, Exchange Server 2019 and 2 more | 2026-06-15 | 5.3 Medium |
| Improper handling of additional special element in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-33051 | 1 Microsoft | 5 Exchange Server, Exchange Server 2016, Exchange Server 2019 and 2 more | 2026-06-15 | 7.5 High |
| Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-41092 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-06-15 | 7.8 High |
| Improper access control in Microsoft Kinect allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-45656 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-06-15 | 7.8 High |
| Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally. | ||||
| CVE-2026-45655 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-06-15 | 5.3 Medium |
| Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | ||||
| CVE-2025-25005 | 1 Microsoft | 5 Exchange Server, Exchange Server 2016, Exchange Server 2019 and 2 more | 2026-06-15 | 6.5 Medium |
| Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network. | ||||
| CVE-2025-25007 | 1 Microsoft | 5 Exchange Server, Exchange Server 2016, Exchange Server 2019 and 2 more | 2026-06-15 | 5.3 Medium |
| Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-59248 | 1 Microsoft | 7 Exchange, Exchange Server, Exchange Server 2016 and 4 more | 2026-06-15 | 7.5 High |
| Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-53782 | 1 Microsoft | 5 Exchange Server, Exchange Server 2016, Exchange Server 2019 and 2 more | 2026-06-15 | 8.4 High |
| Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2025-59249 | 1 Microsoft | 7 Exchange, Exchange Server, Exchange Server 2016 and 4 more | 2026-06-15 | 8.8 High |
| Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-64667 | 1 Microsoft | 5 Exchange Server, Exchange Server 2016, Exchange Server 2019 and 2 more | 2026-06-15 | 5.3 Medium |
| User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-64666 | 1 Microsoft | 5 Exchange Server, Exchange Server 2016, Exchange Server 2019 and 2 more | 2026-06-15 | 7.5 High |
| Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-21527 | 1 Microsoft | 9 Exchange Server, Exchange Server 2016, Exchange Server 2019 and 6 more | 2026-06-15 | 6.5 Medium |
| User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-41854 | 2 Spring, Vmware | 2 Spring Framework, Spring Framework | 2026-06-15 | 4.2 Medium |
| Due to incorrect host parsing, applications that rely on UriComponentsBuilder to parse and validate an externally provided URL string may be exposed to a server-side request forgery (SSRF) attack. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18. | ||||
| CVE-2026-11290 | 1 Google | 2 Android, Chrome | 2026-06-15 | 5 Medium |
| Integer overflow in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to cause a denial of service via a malicious file. (Chromium security severity: Low) | ||||
| CVE-2026-46389 | 1 Defenseunicorns | 2 Uds-identity-config, Uds Identity Config | 2026-06-15 | 10 Critical |
| UDS Identity Config builds the Keycloak configuration image (realm, plugins, theme, truststore, JARs) consumed by UDS Core's Identity deployment. In versions 0.11.0 through 0.26.0, a logic error in the `client-kubernetes-secret` Keycloak client authenticator (shipped by `uds-identity-config` and consumed by UDS Core) causes the submitted `client_secret` to be overwritten with the mounted Kubernetes secret before comparison. An attacker who can reach the Keycloak token endpoint and knows a `client_id` using this authenticator can authenticate as that client with any `client_secret` value and obtain OAuth2 tokens scoped to the client's service account. In the case of the `uds-operator` client this token can be used to registry/modify other clients. Version 0.26.1 patches the issue. | ||||