Search Results (5619 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-41837 1 Spring 1 Spring Data Rest 2026-06-10 5.3 Medium
Spring Data REST's Querydsl integration accepts arbitrary persistent property paths as request-parameter filter keys and does not consider Jackson customizations before handing them to Querydsl. Affected versions: Spring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14; 4.5.0 through 4.5.11; 5.0.0 through 5.0.5.
CVE-2026-48578 1 Microsoft 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more 2026-06-10 7.9 High
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-36720 1 Bookcars 1 Bookcars 2026-06-10 8.1 High
Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type.
CVE-2026-8863 7 Baramundi Software, Blancco Uk, Finland Matriculation Board and 4 more 12 Baramundi Management Suite, Whitecanyon Wipedrive, Abitti 1 and 9 more 2026-06-10 7.8 High
Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the operating system loads. Specific UEFI DBX update is required to block these vulnerable boot loaders.
CVE-2026-9067 2 Structured-data-for-wp, Wordpress 2 Download Schema \& Structured Data For Wp \& Amp, Wordpress 2026-06-10 9.1 Critical
The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and does not validate the actual content of uploaded files against the endpoint's intended media type, allowing unauthenticated users to upload any file type accepted by WordPress's media library through endpoints that should only accept images or videos.
CVE-2026-39169 1 Sem-cms 1 Semcms 2026-06-10 7.5 High
SEMCMS 5.0 is vulnerable to unauthorized access in SEMCMS_copy.php.
CVE-2026-45649 1 Microsoft 6 Excel, Excel For Android, Powerpoint and 3 more 2026-06-10 7.1 High
Improper access control in Office for Android allows an unauthorized attacker to perform spoofing locally.
CVE-2026-49161 1 Microsoft 1 Pc Manager 2026-06-10 7.8 High
Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security feature locally.
CVE-2026-41100 1 Microsoft 8 365 Copilot, 365 Copilot Android, 365 Copilot Android and 5 more 2026-06-09 4.4 Medium
Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.
CVE-2026-11274 2 Apple, Google 2 Iphone Os, Chrome 2026-06-09 4.3 Medium
Inappropriate implementation in DOM Distiller in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
CVE-2024-43600 1 Microsoft 1 Office 2026-06-09 7.8 High
Microsoft Office Elevation of Privilege Vulnerability
CVE-2024-49107 1 Microsoft 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more 2026-06-09 7.3 High
WmsRepair Service Elevation of Privilege Vulnerability
CVE-2024-49105 1 Microsoft 27 Remote Desktop, Remote Desktop Client, Windows 10 1507 and 24 more 2026-06-09 8.4 High
Remote Desktop Client Remote Code Execution Vulnerability
CVE-2024-49068 1 Microsoft 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 2026-06-09 8.2 High
Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2024-43594 1 Microsoft 4 System Center, System Center 2019, System Center 2022 and 1 more 2026-06-09 7.3 High
Microsoft System Center Elevation of Privilege Vulnerability
CVE-2024-38204 1 Microsoft 1 Azure Functions 2026-06-09 7.5 High
Improper access control in Imagine Cup allows an authorized attacker to elevate privileges over a network.
CVE-2024-43590 1 Microsoft 5 Visual C Plus Plus Redistributable Installer, Visual Studio, Visual Studio 2017 and 2 more 2026-06-09 7.8 High
Visual C++ Redistributable Installer Elevation of Privilege Vulnerability
CVE-2024-43456 1 Microsoft 9 Windows Server 2008, Windows Server 2008 R2, Windows Server 2012 and 6 more 2026-06-09 4.8 Medium
Windows Remote Desktop Services Tampering Vulnerability
CVE-2024-43503 1 Microsoft 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 2026-06-09 7.8 High
Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2026-11277 2 Apple, Google 2 Iphone Os, Chrome 2026-06-09 4.3 Medium
Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low)