Search

Search Results (366276 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-57107 1 Microsoft 1 Windows Admin Center 2026-07-14 7.8 High
Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges locally.
CVE-2026-56185 1 Microsoft 1 Windows Admin Center 2026-07-14 6.5 Medium
Improper authentication in Windows Admin Center allows an authorized attacker to disclose information over a network.
CVE-2026-49783 1 Microsoft 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more 2026-07-14 7.8 High
Improperly implemented security check for standard in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-54127 1 Microsoft 5 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 2 more 2026-07-14 7.4 High
Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.
CVE-2026-49184 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-14 8.4 High
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
CVE-2026-50694 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-14 8.1 High
Use after free in Windows Secure Socket Tunneling Protocol (SSTP) allows an unauthorized attacker to execute code over a network.
CVE-2026-56169 1 Microsoft 1 Windows Admin Center 2026-07-14 8.1 High
Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
CVE-2026-49178 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-14 8.8 High
Heap-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code over a network.
CVE-2026-48564 1 Microsoft 8 Windows 10 1607, Windows 10 1809, Windows Server 2012 and 5 more 2026-07-14 8.8 High
Heap-based buffer overflow in Windows DHCP Server allows an authorized attacker to execute code over a network.
CVE-2026-47632 1 Microsoft 1 Azure Monitor Agent Metrics Extension 2026-07-14 8.8 High
Improper certificate validation in Azure Monitor Agent allows an unauthorized attacker to elevate privileges over an adjacent network.
CVE-2026-55899 1 Microsoft 8 365 Apps, Excel 2016, Office 2019 and 5 more 2026-07-14 7.8 High
Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-44800 1 Microsoft 5 Windows 11 23h2, Windows 11 24h2, Windows 11 25h2 and 2 more 2026-07-14 7.8 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-50675 1 Microsoft 8 365 Apps, Excel 2016, Office 2019 and 5 more 2026-07-14 7.8 High
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-54118 1 Microsoft 5 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 2 more 2026-07-14 8.8 High
Deserialization of untrusted data in SQL Server allows an authorized attacker to execute code over a network.
CVE-2026-55012 1 Microsoft 1 Malware Protection Engine 2026-07-14 7.8 High
Integer overflow or wraparound in Microsoft Defender allows an unauthorized attacker to execute code locally.
CVE-2026-55005 1 Microsoft 3 Exchange Server 2016, Exchange Server 2019, Exchange Server Se 2026-07-14 8.8 High
Heap-based buffer overflow in Microsoft Exchange Server allows an authorized attacker to execute code over a network.
CVE-2026-15427 2026-07-14 N/A
An OS command injection vulnerability exists in the TR-069 / CWMP management interface of Archer VX1800v v1 due to insufficient input validation and sanitization of parameters, allowing crafted input to be executed as system-level commands. Exploitation requires specific conditions such as TR-069 being enabled and ability to influence ACS-delivered commands, compromise or control an ACS server. Successful exploitation may allow arbitrary command execution with root privileges, resulting in complete compromise of the device.
CVE-2026-15703 1 Sourcecodester 1 Simple And Nice Shopping Cart Script 2026-07-14 7.3 High
A vulnerability was detected in SourceCodester Simple and Nice Shopping Cart Script 1.0. This vulnerability affects unknown code of the file /admin/userproductdeletequery.php. Performing a manipulation of the argument user_id results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.
CVE-2026-9108 1 Rockwellautomation 1 Studio 5000 Logix Designer 2026-07-14 N/A
A path traversal security issue exists within Studio 5000 Logix Designer® due to improper limitation of file paths within ACD project files. The software does not sanitize or validate file names embedded in the ACD file structure during the project opening procedure, allowing path traversal sequences to escape the intended extraction directory. If exploited, an attacker could craft a malicious ACD project file that results in arbitrary files being written to attacker-controlled locations on the file system, potentially leading to code execution.
CVE-2026-9128 1 Rockwellautomation 1 Studio 5000 Logix Designer 2026-07-14 N/A
A code execution security issue exists within Studio 5000 Logix Designer® due to an unquoted search path in the External Tools configuration. The executable paths specified in the external tools configuration file are not properly quoted, and because these paths contain spaces, the operating system may resolve them to unintended executables placed earlier in the search order. If exploited, an attacker could plant a malicious executable in a location within the search path, resulting in arbitrary code execution with the same permissions of the user running the application.