Export limit exceeded: 366753 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 366753 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366753 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-58537 1 Microsoft 4 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 1 more 2026-07-16 7.8 High
Use after free in Microsoft NAT Helper Components (ipnathlp.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-57982 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-16 6.5 Medium
Use of uninitialized resource in Windows RDP allows an authorized attacker to disclose information over a network.
CVE-2026-57083 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-16 5.5 Medium
Use of uninitialized resource in Microsoft Windows Codecs Library allows an unauthorized attacker to disclose information locally.
CVE-2026-56192 1 Microsoft 11 365 Apps, Office 2016, Office 2019 and 8 more 2026-07-16 5.5 Medium
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-56184 1 Microsoft 7 Windows 10 21h2, Windows 10 22h2, Windows 11 24h2 and 4 more 2026-07-16 5.5 Medium
Exposure of sensitive information to an unauthorized actor in Windows Win32K allows an authorized attacker to disclose information locally.
CVE-2026-35140 2026-07-16 3 Low
HCL DFXAnalytics is affected by a Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability. The application fails to set the "secure" attribute on session cookies generated during authentication, which could allow a remote attacker to intercept network traffic and capture sensitive cookies, session tokens, or credentials sent in cleartext over unencrypted channels.
CVE-2026-54116 1 Microsoft 3 Microsoft Sql Server 2025 (cu 2), Microsoft Sql Server 2025 For X64-based Systems (gdr), Sql Server 2025 2026-07-16 6.5 Medium
Access of resource using incompatible type ('type confusion') in SQL Server allows an authorized attacker to disclose information over a network.
CVE-2026-35141 2026-07-16 2.6 Low
HCL DFXAnalytics is affected by a Login Replay Attack vulnerability. The application allows a remote attacker to intercept, delay, or fraudulently retransmit valid authentication data to achieve unauthorized access. To mitigate this risk, the application must implement a mechanism to include timestamps with every message, ensuring that messages exceeding a specific age threshold are automatically rejected by the recipient system.
CVE-2026-50478 1 Microsoft 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more 2026-07-16 7.8 High
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-35142 2026-07-16 2.6 Low
HCL DFXAnalytics is affected by an Internal IP Address Disclosure vulnerability. The application includes internal IP address details within its generated server responses, which could allow a remote attacker to gather sensitive network topology information and use it to map the internal infrastructure for further targeted attacks.
CVE-2026-56456 2026-07-16 5.3 Medium
HCL DFXAnalytics is affected by an Internal File Path Disclosure vulnerability. The application dashboard inadvertently leaks sensitive information regarding its internal file structure and directory paths through unhandled error messages, system logs, or debugging output, which could allow a remote attacker to map the underlying server environment and identify targets for further exploitation.
CVE-2026-12382 1 Redhat 3 Ansible Automation Platform, Ansible Automation Platform Developer, Ansible Automation Platform Inside 2026-07-16 8.2 High
A flaw was found in the AAP Gateway Envoy proxy configuration. The non-mTLS route to EDA event streams does not remove the Subject HTTP header from client requests, despite the source code defining requestHeadersToRemove for this header. An unauthenticated remote attacker can inject a spoofed Subject header matching a legitimate client certificate DN to bypass mTLS authentication and inject arbitrary events into protected EDA event streams.
CVE-2026-55135 1 Microsoft 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 2026-07-16 4.6 Medium
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-55050 1 Microsoft 11 365 Apps, Office 2019, Office 2021 and 8 more 2026-07-16 5.5 Medium
Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-5674 1 Redhat 1 Enterprise Linux 2026-07-16 8.8 High
A flaw was found in PipeWire, a multimedia server. This vulnerability allows an attacker to escape sandboxed applications, such as Flatpak, by exploiting PipeWire's PulseAudio compatibility layer. An attacker with minimal permissions within a sandboxed environment can load a malicious library, leading to arbitrary code execution outside the sandbox and potential compromise of the user's system.
CVE-2026-55026 1 Microsoft 11 365 Apps, Office 2016, Office 2019 and 8 more 2026-07-16 6.2 Medium
Integer overflow or wraparound in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-55020 1 Microsoft 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 2026-07-16 4.6 Medium
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-59840 1 Fortinet 4 Fortios, Fortipam, Fortiproxy and 1 more 2026-07-16 4.1 Medium
A buffer over-read vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.5, FortiProxy 7.4.0 through 7.4.13, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions may allow attacker to information disclosure via <insert attack vector here>
CVE-2025-43892 1 Fortinet 1 Fortios 2026-07-16 4.1 Medium
A buffer over-read vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions may allow an authenticated remote attacker to return a portion of device memory in the redirect response via submitting a specially crafted request.
CVE-2026-58380 2 Gnome, Redhat 2 Gimp, Enterprise Linux 2026-07-16 7.3 High
A flaw was found in GIMP's PNM file format parser. When parsing a specially crafted PNM file, the pnmscanner_gettoken() function writes a null terminator one byte past the end of a stack-allocated buffer due to an off-by-one error in the loop boundary check. This could lead to memory corruption, potentially resulting in denial of service or arbitrary code execution.