Export limit exceeded: 366372 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366372 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-12512 | 2026-07-15 | 8.6 High | ||
| The Quotes llama WordPress plugin before 3.1.6 does not properly sanitize and escape a user-supplied parameter before using it in a SQL query, allowing unauthenticated attackers to perform UNION-based SQL injection and read arbitrary data from the database, including password hashes. | ||||
| CVE-2026-50439 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-15 | 8.1 High |
| Use after free in Microsoft Message Queuing Queue Manager allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-56169 | 1 Microsoft | 1 Windows Admin Center | 2026-07-15 | 8.1 High |
| Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-50518 | 1 Microsoft | 8 Windows 10 1607, Windows 10 1809, Windows Server 2012 and 5 more | 2026-07-15 | 9.8 Critical |
| Heap-based buffer overflow in Windows DHCP Server allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-54128 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-15 | 8.4 High |
| Use after free in Windows DHCP Client allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-50683 | 1 Microsoft | 8 Windows 10 1607, Windows 10 1809, Windows Server 2012 and 5 more | 2026-07-15 | 8 High |
| Heap-based buffer overflow in Windows DHCP Server allows an authorized attacker to elevate privileges over an adjacent network. | ||||
| CVE-2026-5040 | 2026-07-15 | N/A | ||
| TP-Link Deco M5 v1 uses a weak password hashing mechanism to store user credentials. An attacker who obtains the password hash through system compromise or privileged access could perform brute-force or dictionary attacks. Successful exploitation may result in disclosure of authentication credentials, enabling unauthorized access to device management functions, depending on the privileges associated with the recovered password. The primary security impact is loss of confidentiality. | ||||
| CVE-2026-47992 | 2026-07-15 | 7.2 High | ||
| Adobe Commerce is affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could exploit this vulnerability to execute malicious SQL commands, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue does not require user interaction. | ||||
| CVE-2026-48356 | 2026-07-15 | 9.6 Critical | ||
| Adobe Commerce is affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed. | ||||
| CVE-2026-48358 | 2026-07-15 | 9.1 Critical | ||
| Adobe Commerce is affected by an Improper Encoding or Escaping of Output vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed. | ||||
| CVE-2026-49164 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-15 | 8.1 High |
| Heap-based buffer overflow in Active Directory Domain Services allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-49178 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-15 | 8.8 High |
| Heap-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-57107 | 1 Microsoft | 1 Windows Admin Center | 2026-07-15 | 7.8 High |
| Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-24245 | 1 Nvidia | 1 Megatron-bridge | 2026-07-15 | 7.8 High |
| NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure. | ||||
| CVE-2026-14385 | 1 Google | 1 Chrome | 2026-07-15 | 8.8 High |
| Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-14407 | 1 Google | 1 Chrome | 2026-07-15 | 8.8 High |
| Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-14406 | 1 Google | 1 Chrome | 2026-07-15 | 5.9 Medium |
| Out of bounds read in V8 in Google Chrome prior to 150.0.7871.46 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. (Chromium security severity: Medium) | ||||
| CVE-2026-14397 | 1 Google | 1 Chrome | 2026-07-15 | 9.6 Critical |
| Out of bounds write in ANGLE in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-14392 | 1 Google | 1 Chrome | 2026-07-15 | 9.6 Critical |
| Out of bounds write in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-14402 | 1 Google | 1 Chrome | 2026-07-15 | 6.5 Medium |
| Uninitialized Use in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) | ||||