Search

Search Results (366088 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-58602 1 Microsoft 4 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 1 more 2026-07-14 7.8 High
Use after free in Windows Kernel Mode Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-58631 1 Microsoft 1 Windows Admin Center 2026-07-14 7.8 High
Improper authorization in Windows Admin Center allows an authorized attacker to execute code locally.
CVE-2026-50652 1 Microsoft 1 Azure Active Directory 2026-07-14 7.5 High
Deserialization of untrusted data in Azure Active Directory allows an unauthorized attacker to deny service over a network.
CVE-2026-33842 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-14 5.5 Medium
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-40400 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-14 8 High
Relative path traversal in Windows PowerShell allows an authorized attacker to execute code over a network.
CVE-2026-48581 1 Microsoft 10 Surface Go 2, Surface Go 3, Surface Hub and 7 more 2026-07-14 7.8 High
Insufficient granularity of access control in Microsoft Surface allows an authorized attacker to elevate privileges locally.
CVE-2026-49183 1 Microsoft 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more 2026-07-14 7 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Clipboard Server allows an authorized attacker to elevate privileges locally.
CVE-2026-49789 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-14 7.3 High
Stack-based buffer overflow in Windows NTFS allows an authorized attacker to elevate privileges locally.
CVE-2026-45756 2026-07-14 N/A
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 7.3.0-BETA1 until 7.4.12 and 8.0.12, the JsonPath component compiles attacker-controlled match() and search() filter patterns directly into preg_match() without a length cap, i-regexp restriction, or bounded backtracking, allowing catastrophic-backtracking expressions to pin worker CPU and cause denial of service. This issue is fixed in versions 7.4.12 and 8.0.12.
CVE-2026-49795 1 Microsoft 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more 2026-07-14 8.8 High
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-50311 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-14 7.8 High
Improper access control in Windows Server allows an authorized attacker to elevate privileges locally.
CVE-2026-49801 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-14 5.5 Medium
Use of uninitialized resource in Windows SMB allows an authorized attacker to disclose information locally.
CVE-2026-49807 1 Microsoft 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more 2026-07-14 6.2 Medium
Exposure of sensitive information to an unauthorized actor in Windows DirectX allows an unauthorized attacker to disclose information locally.
CVE-2026-50297 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-14 7 High
Improper access control in Windows Win32K allows an authorized attacker to elevate privileges locally.
CVE-2026-50364 1 Microsoft 5 Windows 10 21h2, Windows 10 22h2, Windows 11 24h2 and 2 more 2026-07-14 7.3 High
Improper link resolution before file access ('link following') in Windows Server Backup allows an authorized attacker to elevate privileges locally.
CVE-2026-54989 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-14 7 High
Use after free in Quality Windows Audio/Video Experience (QWAVE) service allows an authorized attacker to elevate privileges locally.
CVE-2026-56197 1 Microsoft 1 Windows Admin Center 2026-07-14 8.8 High
Improper neutralization of special elements used in a command ('command injection') in Windows Admin Center allows an authorized attacker to execute code over a network.
CVE-2026-58540 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-14 7.8 High
Improper authorization in Windows Installer allows an authorized attacker to elevate privileges locally.
CVE-2026-57094 1 Microsoft 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more 2026-07-14 8.8 High
Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code over a network.
CVE-2026-54058 1 Python-pillow 1 Pillow 2026-07-14 N/A
Pillow is a Python imaging library. Prior to 12.3.0, when Pillow loads an uncompressed McIdas AREA image from a filename through the mmap raw codec path, attacker-controlled header words can set a row stride smaller than the natural row width, causing pixel access such as Image.tobytes(), getpixel, convert, or save to read beyond the mapped region and disclose adjacent process memory or fault. This issue is fixed in version 12.3.0.