Export limit exceeded: 24292 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24292 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-33821 | 1 Microsoft | 2 Dynamics 365, Dynamics 365 Customer Insights | 2026-05-15 | 7.7 High |
| Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-41089 | 1 Microsoft | 15 Windows Server 2012, Windows Server 2012 (server Core Installation), Windows Server 2012 R2 and 12 more | 2026-05-15 | 9.8 Critical |
| Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-41095 | 1 Microsoft | 14 Windows Server 2012, Windows Server 2012 R2, Windows Server 2012 R2 and 11 more | 2026-05-15 | 7.8 High |
| Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-41096 | 1 Microsoft | 15 Windows 11 22h3, Windows 11 23h2, Windows 11 23h2 and 12 more | 2026-05-15 | 9.8 Critical |
| Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-41097 | 1 Microsoft | 22 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 19 more | 2026-05-15 | 6.7 Medium |
| Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. | ||||
| CVE-2026-40382 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-05-15 | 7.8 High |
| Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-41107 | 1 Microsoft | 1 Edge Chromium | 2026-05-15 | 7.4 High |
| External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-40398 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-05-15 | 7.8 High |
| Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-40402 | 1 Microsoft | 4 Windows 11 22h3, Windows 11 23h2, Windows 11 23h2 and 1 more | 2026-05-15 | 9.3 Critical |
| Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2026-40403 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-05-15 | 8.8 High |
| Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally. | ||||
| CVE-2026-40405 | 1 Microsoft | 8 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 5 more | 2026-05-15 | 7.5 High |
| Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-40406 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-05-15 | 7.5 High |
| Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-40408 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-05-15 | 7.8 High |
| Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-40410 | 1 Microsoft | 29 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 26 more | 2026-05-15 | 7 High |
| Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-40415 | 1 Microsoft | 22 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 19 more | 2026-05-15 | 8.1 High |
| Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-41611 | 1 Microsoft | 1 Visual Studio Code | 2026-05-15 | 7.8 High |
| Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally. | ||||
| CVE-2024-3566 | 7 Haskell, Microsoft, Nodejs and 4 more | 8 Process Library, Windows, Node.js and 5 more | 2026-05-15 | 9.8 Critical |
| A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied. | ||||
| CVE-2026-41612 | 1 Microsoft | 2 Live Preview, Visual Studio Code | 2026-05-15 | 5.5 Medium |
| Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2026-41134 | 1 Microsoft | 1 Kiota | 2026-05-14 | 7.8 High |
| Kiota is an OpenAPI based HTTP Client code generator. Versions prior to 1.31.1 are affected by a code-generation literal injection vulnerability in multiple writer sinks (for example: serialization/deserialization keys, path/query parameter mappings, URL template metadata, enum/property metadata, and default value emission). When malicious values from an OpenAPI description are emitted into generated source without context-appropriate escaping, an attacker can break out of string literals and inject additional code into generated clients. This issue is only practically exploitable when the OpenAPI description used for generation is from an untrusted source, or a normally trusted OpenAPI description has been compromised/tampered with. Only generating from trusted, integrity-protected API descriptions significantly reduces the risk. To remediate the issue, upgrade Kiota to 1.31.1 or later and regenerate/refresh existing generated clients as a precaution. Refreshing generated clients ensures previously generated vulnerable code is replaced with hardened output. | ||||
| CVE-2026-35424 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-05-14 | 7.5 High |
| Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network. | ||||