Export limit exceeded: 367158 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 367158 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 367158 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 367158 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (367158 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-54988 1 Microsoft 9 365 Apps, Excel 2016, Office 2019 and 6 more 2026-07-16 6.1 Medium
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-55124 1 Microsoft 11 365 Apps, Office 2019, Office 2021 and 8 more 2026-07-16 5.5 Medium
Improper validation of specified type of input in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-55051 1 Microsoft 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 2026-07-16 6.5 Medium
Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network.
CVE-2026-55138 1 Microsoft 10 365 Apps, Excel 2016, Microsoft Office 365 For Mac and 7 more 2026-07-16 5.5 Medium
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-54124 1 Microsoft 8 Terminal, Windows 10 21h2, Windows 10 22h2 and 5 more 2026-07-16 7.8 High
Integer overflow or wraparound in Windows Terminal allows an unauthorized attacker to execute code locally.
CVE-2026-48335 2026-07-16 7.8 High
Illustrator is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-48321 2026-07-16 9.3 Critical
ColdFusion is affected by an Incorrect Authorization vulnerability that could result in privilege escalation. An attacker could leverage this vulnerability to gain unauthorized read and write access. Exploitation of this issue does not require user interaction. Scope is changed.
CVE-2026-55899 1 Microsoft 14 365 Apps, Excel 2016, Microsoft Office 365 For Mac and 11 more 2026-07-16 7.8 High
Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-55947 1 Microsoft 13 365 Apps, Excel 2016, Microsoft Office Ltsc 2021 and 10 more 2026-07-16 7.8 High
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-8595 1 Grafana 1 Grafana 2026-07-16 6.8 Medium
A user with Editor permissions can craft a dashboard whose table (TableNG) panel contains a malicious field name that executes as a script in the browser of any user who views the dashboard (stored cross-site scripting).
CVE-2026-15642 1 Devolutions 1 Server 2026-07-16 3.3 Low
Insertion of sensitive information into a file in the Recovery Kit response file generation feature in Devolutions Server 2026.1.22.0, 2026.2.11.0 allows an attacker with access to the generated response file to obtain the Azure Key Vault client secret in cleartext, even when the option to exclude sensitive data is selected.
CVE-2026-45071 2026-07-16 N/A
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, Crawler::addXmlContent() set DOMDocument::$validateOnParse = true before loadXML(), re-enabling external entity resolution and allowing attacker-supplied XML to expand file:// entities such as local files. This issue is fixed in versions 5.4.52, 6.4.40, 7.4.12, and 8.0.12.
CVE-2026-48747 2026-07-16 N/A
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 7.4.13 and 8.0.13, MailomatRequestParser::validateSignature() parsed X-MOM-Webhook-Signature as algo=signature and passed the request-selected algorithm to hash_hmac(), allowing a signature algorithm downgrade instead of enforcing Mailomat's documented SHA-256 webhook signature. This issue is fixed in versions 7.4.13 and 8.0.13.
CVE-2026-47476 1 Nvidia 1 Triton Inference Server 2026-07-16 7.5 High
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause uncontrolled resource consumption. A successful exploit of this vulnerability might lead to denial of service.
CVE-2026-48001 2026-07-16 3.7 Low
Adobe Commerce is affected by an Information Exposure vulnerability that could lead to a limited disclosure of sensitive information. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction.
CVE-2026-47480 1 Nvidia 1 Triton Inference Server 2026-07-16 7.5 High
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause an uncaught exception. A successful exploit of this vulnerability might lead to denial of service.
CVE-2026-61436 2 Mervinpraison, Praison 2 Praisonai, Praisonai 2026-07-16 8.6 High
PraisonAI before 4.6.78 fails to verify Svix webhook signatures in AgentMail webhook mode, allowing unauthenticated attackers to forge message.received events. Attackers can send crafted JSON payloads to the webhook endpoint to invoke configured agents with arbitrary sender addresses and message content.
CVE-2026-61859 1 Imagemagick 1 Imagemagick 2026-07-16 3.3 Low
ImageMagick before 7.1.2-26 and 6.9.13-x before 6.9.13-51 contains a policy bypass vulnerability in the -script operation due to missing security policy checks. This allows reading files from paths that are otherwise disallowed by the configured security policy.
CVE-2026-61863 1 Imagemagick 1 Imagemagick 2026-07-16 2.9 Low
ImageMagick before 7.1.2-26 (and 6.x before 6.9.13-51) contains a memory leak in the TIFF encoder that occurs when a temporary file cannot be created, resulting in a small memory leak.
CVE-2026-49458 1 Cure53 1 Dompurify 2026-07-16 6.1 Medium
DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Prior to 3.4.6, DOMPurify.sanitize(node, { IN_PLACE: true }) accepted same-origin foreign-realm DOM nodes while follow-on checks used parent-realm constructors, causing instanceof checks for forms, named node maps, document fragments, and elements to fail and skip clobber, template-content, and shadow-DOM sanitization branches so executable markup could survive. This issue is fixed in version 3.4.6.