Export limit exceeded: 24290 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24290 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-40368 | 1 Microsoft | 4 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 and 1 more | 2026-05-13 | 8 High |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-40357 | 1 Microsoft | 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 | 2026-05-13 | 8.8 High |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-3087 | 2 Microsoft, Python | 3 Windows, Cpython, Python | 2026-05-13 | 7.5 High |
| If `shutil.unpack_archive()` is given a ZIP archive with an absolute Windows path containing a drive (`C:\\...`) then the archive will be extracted outside the target directory which is different than other operating systems. Only Windows is affected by this vulnerability. | ||||
| CVE-2026-41610 | 1 Microsoft | 1 Visual Studio Code | 2026-05-13 | 6.3 Medium |
| Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2026-34636 | 3 Adobe, Apple, Microsoft | 3 Premiere Pro, Macos, Windows | 2026-05-13 | 7.8 High |
| Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-34637 | 3 Adobe, Apple, Microsoft | 3 Premiere Pro, Macos, Windows | 2026-05-13 | 7.8 High |
| Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-34638 | 3 Adobe, Apple, Microsoft | 3 Premiere Pro, Macos, Windows | 2026-05-13 | 7.8 High |
| Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-35438 | 1 Microsoft | 1 Windows Admin Center | 2026-05-13 | 8.3 High |
| Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-40417 | 1 Microsoft | 7 Dynamics 365 Business Central 2024, Dynamics 365 Business Central 2024 Wave 1, Dynamics 365 Business Central 2024 Wave 2 and 4 more | 2026-05-13 | 7.8 High |
| Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-34350 | 1 Microsoft | 2 Windows Server 2025, Windows Server 2025 (server Core Installation) | 2026-05-13 | 6.5 Medium |
| Null pointer dereference in Windows Storport Miniport Driver allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-33833 | 1 Microsoft | 1 Azure Machine Learning | 2026-05-13 | 8.2 High |
| Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-42893 | 1 Microsoft | 1 Outlook | 2026-05-13 | 7.4 High |
| Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to perform tampering over a network. | ||||
| CVE-2026-32204 | 1 Microsoft | 2 Azure Monitor, Azure Monitor Agent | 2026-05-13 | 7.8 High |
| External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-41102 | 1 Microsoft | 2 Powerpoint, Powerpoint For Android | 2026-05-13 | 7.1 High |
| Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally. | ||||
| CVE-2026-41109 | 1 Microsoft | 1 Visual Studio Code | 2026-05-13 | 8.8 High |
| Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network. | ||||
| CVE-2026-32185 | 1 Microsoft | 1 Teams | 2026-05-13 | 5.5 Medium |
| Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally. | ||||
| CVE-2026-34332 | 1 Microsoft | 2 Windows Server 2025, Windows Server 2025 (server Core Installation) | 2026-05-13 | 8 High |
| Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-40370 | 1 Microsoft | 10 Microsoft Sql Server 2016 Service Pack 3 Azure Connect Feature Pack, Microsoft Sql Server 2017 (gdr), Microsoft Sql Server 2019 (gdr) and 7 more | 2026-05-13 | 8.8 High |
| External control of file name or path in SQL Server allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-40381 | 1 Microsoft | 1 Azure Connected Machine Agent | 2026-05-13 | 7.8 High |
| Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-34661 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2026-05-13 | 7.8 High |
| Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||