Export limit exceeded: 352732 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 352732 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (352732 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-21338 | 1 Microsoft | 29 Office, Office Long Term Servicing Channel, Office Macos and 26 more | 2026-05-19 | 7.8 High |
| GDI+ Remote Code Execution Vulnerability | ||||
| CVE-2025-21361 | 1 Microsoft | 5 Office, Office Long Term Servicing Channel, Office Macos 2021 and 2 more | 2026-05-19 | 7.8 High |
| Microsoft Outlook Remote Code Execution Vulnerability | ||||
| CVE-2025-21402 | 1 Microsoft | 6 Office, Office Long Term Servicing Channel, Office Macos 2021 and 3 more | 2026-05-19 | 7.8 High |
| Microsoft Office OneNote Remote Code Execution Vulnerability | ||||
| CVE-2022-41104 | 1 Microsoft | 4 365 Apps, Excel, Office and 1 more | 2026-05-19 | 5.5 Medium |
| Microsoft Excel Security Feature Bypass Vulnerability | ||||
| CVE-2021-43875 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2026-05-19 | 7.8 High |
| Microsoft Office Graphics Remote Code Execution Vulnerability | ||||
| CVE-2026-8401 | 1 Mozilla | 1 Firefox | 2026-05-19 | 9.8 Critical |
| Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11. | ||||
| CVE-2026-8750 | 2 H2o, H2oai | 2 H2o, H2o-3 | 2026-05-19 | 5.3 Medium |
| A vulnerability was identified in h2oai h2o-3 up to 7402. Affected by this issue is the function importFiles of the file h2o-core/src/main/java/water/persist/PersistNFS.java of the component ImportFile API. Such manipulation leads to information disclosure. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-35436 | 1 Microsoft | 6 365 Apps, Office, Office 2019 and 3 more | 2026-05-19 | 8.8 High |
| Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-35440 | 1 Microsoft | 8 365 Apps, Office, Office 2019 and 5 more | 2026-05-19 | 5.5 Medium |
| Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2026-40358 | 1 Microsoft | 9 365 Apps, Office, Office 2016 and 6 more | 2026-05-19 | 8.4 High |
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-40359 | 1 Microsoft | 11 365 Apps, Excel, Excel 2016 and 8 more | 2026-05-19 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-40360 | 1 Microsoft | 11 365 Apps, Excel, Excel 2016 and 8 more | 2026-05-19 | 7.8 High |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2026-40361 | 1 Microsoft | 10 365 Apps, Office, Office 2019 and 7 more | 2026-05-19 | 8.4 High |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-40362 | 1 Microsoft | 11 365 Apps, Excel, Excel 2016 and 8 more | 2026-05-19 | 7.8 High |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-40364 | 1 Microsoft | 10 365 Apps, Office, Office 2019 and 7 more | 2026-05-19 | 8.4 High |
| Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-40366 | 1 Microsoft | 10 365 Apps, Office, Office 2019 and 7 more | 2026-05-19 | 8.4 High |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-40418 | 1 Microsoft | 6 365 Apps, Office, Office 2019 and 3 more | 2026-05-19 | 7.8 High |
| Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-40419 | 1 Microsoft | 6 365 Apps, Office, Office 2019 and 3 more | 2026-05-19 | 7.8 High |
| Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-40420 | 1 Microsoft | 6 365 Apps, Office, Office 2019 and 3 more | 2026-05-19 | 8.8 High |
| Improper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-6333 | 1 Mattermost | 2 Mattermost, Mattermost Server | 2026-05-19 | 3.5 Low |
| Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to validate the Host header when constructing response URLs for custom slash commands which allows an authenticated attacker to redirect slash command responses to an attacker-controlled server via a spoofed Host header.. Mattermost Advisory ID: MMSA-2026-00582 | ||||