Export limit exceeded: 83218 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (83218 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-45476 | 1 Microsoft | 2 Linux Kernel - Microsoft Mana Network Driver, Linux Kernel Mana Network Driver | 2026-06-10 | 8.2 High |
| Use after free in Linux MANA Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-48565 | 1 Microsoft | 1 Windows Narrator Braille | 2026-06-10 | 7.8 High |
| Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-8863 | 7 Baramundi Software, Blancco Uk, Finland Matriculation Board and 4 more | 12 Baramundi Management Suite, Whitecanyon Wipedrive, Abitti 1 and 9 more | 2026-06-10 | 7.8 High |
| Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the operating system loads. Specific UEFI DBX update is required to block these vulnerable boot loaders. | ||||
| CVE-2026-47908 | 1 Adobe | 1 Dreamweaver | 2026-06-10 | 7.8 High |
| Dreamweaver Desktop versions 21.7 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-47906 | 1 Adobe | 1 Dreamweaver | 2026-06-10 | 8.6 High |
| Dreamweaver Desktop versions 21.7 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed. | ||||
| CVE-2026-47907 | 1 Adobe | 1 Dreamweaver | 2026-06-10 | 8.2 High |
| Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed. | ||||
| CVE-2026-41729 | 1 Spring | 1 Spring Data Rest | 2026-06-10 | 8.1 High |
| Spring Data REST is vulnerable to SpEL expression injection through map-typed properties when processing JSON Patch (application/json-patch+json) requests. When a persistent entity exposes a Map-typed property, the JSON Pointer path segment used as the map key is embedded directly into a SpEL expression without sanitization or validation. Affected versions: Spring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14; 4.5.0 through 4.5.11; 5.0.0 through 5.0.5. | ||||
| CVE-2026-41732 | 1 Spring | 1 Spring For Apache Pulsar | 2026-06-10 | 8.1 High |
| JsonPulsarHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package implicitly trusted all of its subpackages. Additionally, an empty trusted-packages configuration fell back to trusting all packages rather than applying a safe default allow-list. Affected versions: Spring for Apache Pulsar 2.0.0 through 2.0.5; 1.2.0 through 1.2.17; 1.1.0 through 1.1.17. | ||||
| CVE-2026-3326 | 2 Wordpress, Xstore | 2 Wordpress, Xstore | 2026-06-10 | 8.6 High |
| The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection | ||||
| CVE-2026-8071 | 2 Cleantalk, Wordpress | 2 Spam Protection, Wordpress | 2026-06-10 | 8.8 High |
| The Anti-Spam by CleanTalk. Spam protection WordPress plugin before 6.79 does not properly sanitize content within a custom shortcode used in its email-encoding feature, allowing unauthenticated attackers to inject arbitrary web scripts into approved comments that will execute when any user (including administrators) views the post. | ||||
| CVE-2026-39169 | 1 Sem-cms | 1 Semcms | 2026-06-10 | 7.5 High |
| SEMCMS 5.0 is vulnerable to unauthorized access in SEMCMS_copy.php. | ||||
| CVE-2026-45474 | 1 Microsoft | 10 365 Apps, Office, Office 2016 and 7 more | 2026-06-10 | 8.4 High |
| Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-45487 | 1 Microsoft | 15 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 12 more | 2026-06-10 | 7.8 High |
| Time-of-check time-of-use (TOCTOU) race condition in Program Compatibility Assistant Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-45490 | 1 Microsoft | 1 .net | 2026-06-10 | 7.8 High |
| Improper authorization in .NET allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-45605 | 1 Microsoft | 21 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 18 more | 2026-06-10 | 7.8 High |
| Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-45640 | 1 Microsoft | 15 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 12 more | 2026-06-10 | 7 High |
| Use after free in Windows Bluetooth Port Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-45607 | 1 Microsoft | 21 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 18 more | 2026-06-10 | 8.4 High |
| Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-45641 | 1 Microsoft | 15 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 12 more | 2026-06-10 | 8.4 High |
| Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-45656 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-06-10 | 7.8 High |
| Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally. | ||||
| CVE-2026-47289 | 1 Microsoft | 27 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 24 more | 2026-06-10 | 8.8 High |
| Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||||