Search

Expected end of text, found '/' (at char 44), (line:1, col:45)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (351911 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2023-33152 1 Microsoft 3 365 Apps, Office, Office Long Term Servicing Channel 2026-05-19 7 High
Microsoft ActiveX Remote Code Execution Vulnerability
CVE-2023-33162 1 Microsoft 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more 2026-05-19 5.5 Medium
Microsoft Excel Information Disclosure Vulnerability
CVE-2024-30103 1 Microsoft 7 365 Apps, Office, Office 2019 and 4 more 2026-05-19 8.8 High
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2025-21338 1 Microsoft 29 Office, Office Long Term Servicing Channel, Office Macos and 26 more 2026-05-19 7.8 High
GDI+ Remote Code Execution Vulnerability
CVE-2025-21361 1 Microsoft 5 Office, Office Long Term Servicing Channel, Office Macos 2021 and 2 more 2026-05-19 7.8 High
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2025-21402 1 Microsoft 6 Office, Office Long Term Servicing Channel, Office Macos 2021 and 3 more 2026-05-19 7.8 High
Microsoft Office OneNote Remote Code Execution Vulnerability
CVE-2022-41104 1 Microsoft 4 365 Apps, Excel, Office and 1 more 2026-05-19 5.5 Medium
Microsoft Excel Security Feature Bypass Vulnerability
CVE-2021-42293 1 Microsoft 3 365 Apps, Office, Office Long Term Servicing Channel 2026-05-19 6.5 Medium
Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability
CVE-2021-43255 1 Microsoft 3 365 Apps, Office, Office Long Term Servicing Channel 2026-05-19 5.5 Medium
Microsoft Office Trust Center Spoofing Vulnerability
CVE-2021-43875 1 Microsoft 3 365 Apps, Office, Office Long Term Servicing Channel 2026-05-19 7.8 High
Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2026-40421 1 Microsoft 8 365 Apps, Office, Office 2019 and 5 more 2026-05-19 4.3 Medium
External control of file name or path in Microsoft Office Word allows an unauthorized attacker to disclose information over a network.
CVE-2023-29335 1 Microsoft 16 365 Apps, Office, Office Long Term Servicing Channel and 13 more 2026-05-19 7.5 High
Microsoft Word Security Feature Bypass Vulnerability
CVE-2023-23398 1 Microsoft 4 365 Apps, Excel, Office and 1 more 2026-05-19 7.1 High
Microsoft Excel Spoofing Vulnerability
CVE-2022-26901 1 Microsoft 7 365 Apps, Excel, Excel Rt and 4 more 2026-05-19 7.8 High
Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-8602 1 Scadabr 1 Scadabr 2026-05-19 N/A
In ScadaBR version 1.2.0, a Missing Authentication for Critical Function vulnerability could allow an unauthenticated attacker to send a HTTP GET requests to the SCADA system and inject arbitrary sensor readings.
CVE-2026-8401 1 Mozilla 1 Firefox 2026-05-19 9.8 Critical
Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.
CVE-2026-8603 1 Scadabr 1 Scadabr 2026-05-19 N/A
In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system.
CVE-2026-8604 1 Scadabr 1 Scadabr 2026-05-19 N/A
In ScadaBR version 1.2.0, a CSRF vulnerability could allow an attacker to trigger any authenticated action through a victim's session by luring any logged-in user to a malicious webpage.
CVE-2026-8605 1 Scadabr 1 Scadabr 2026-05-19 N/A
In ScadaBR version 1.2.0, a Use of Hard-Coded Credentials vulnerability could allow an attacker to access the SCADA system as admin.
CVE-2026-33633 1 Kovidgoyal 1 Kitty 2026-05-19 7.5 High
Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in load_image_data() that allows any process which can write to the terminal's stdin to crash kitty immediately. The vulnerability is triggered by a single APC graphics protocol command with a PNG format declaration (f=100) whose payload exceeds twice the initial buffer capacity. The overflow is attacker-controlled in both length and content, causing DoS and potentially escalation to RCE itself. This issue has been fixed in version 0.47.0.