Export limit exceeded: 12851 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (12851 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-63579 1 Kyocera 1 Command Center Rx 2026-07-15 7.5 High
Unauthorized use of Kyocera printers, allows all information stored in the Kyocera address book to be exported. The security measure that encrypts incoming data ian be bypassed with this vulnerability, allowing encrypted data to be decrypted. Passwords and other sensitive information can be obtained. This affects Kyocera Command Center RX TASKalfa 2552ci, TASKalfa 3252ci, TASKalfa 2553ci, TASKalfa 3253ci, TASKalfa 3554ci, TASKalfa 4052ci, TASKalfa 5052ci, TASKalfa 6052ci, TASKalfa 7052ci, TASKalfa 8052ci, TASKalfa 7353ci, TASKalfa 8353ci, TASKalfa 2554ci, TASKalfa 3254ci, TASKalfa 505.
CVE-2026-55014 1 Microsoft 1 Windows-remote-help 2026-07-15 7.8 High
Improper access control in Windows Remote Help Defense allows an authorized attacker to elevate privileges locally.
CVE-2026-50335 1 Microsoft 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more 2026-07-15 7.8 High
Improper access control in Windows Operating Systems allows an authorized attacker to elevate privileges locally.
CVE-2026-50418 1 Microsoft 5 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 2 more 2026-07-15 5.1 Medium
Improper access control in Windows System allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-50344 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-15 7.8 High
Improper authorization in Windows OLE allows an authorized attacker to elevate privileges locally.
CVE-2026-50495 1 Microsoft 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more 2026-07-15 6.1 Medium
Improper access control in Microsoft Windows DNS allows an authorized attacker to perform tampering locally.
CVE-2026-15089 1 Drupal 1 Commerce Guest Registration 2026-07-15 9.1 Critical
vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest registration versions: *.*.
CVE-2026-5270 2026-07-15 9.8 Critical
An authentication bypass vulnerability exists in certain releases of Ciena Navigator Network Control Suite (NCS), Manage Control Plan (MCP), and Blue Planet products. The issue is caused by improper handling of HTTP request paths and headers, which allows an unauthenticated attacker to manipulate requests in a manner that bypasses authentication and associated audit logging controls.
CVE-2026-13800 1 Google 1 Chrome 2026-07-15 7.8 High
Inappropriate implementation in Updater in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)
CVE-2026-13864 1 Google 1 Chrome 2026-07-15 8.1 High
Insufficient policy enforcement in WebHID in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform privilege escalation via a crafted Chrome Extension. (Chromium security severity: Medium)
CVE-2026-13897 1 Google 1 Chrome 2026-07-15 8.8 High
Insufficient policy enforcement in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-50423 1 Microsoft 7 Windows 10 21h2, Windows 10 22h2, Windows 11 24h2 and 4 more 2026-07-15 7.8 High
Improper access control in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-13937 1 Google 1 Chrome 2026-07-15 6.5 Medium
Insufficient policy enforcement in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13953 1 Google 1 Chrome 2026-07-15 6.5 Medium
Inappropriate implementation in SplitView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-49170 1 Microsoft 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more 2026-07-15 7.8 High
Insufficient granularity of access control in Windows StateRepository API allows an authorized attacker to elevate privileges locally.
CVE-2026-50373 1 Microsoft 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more 2026-07-15 7.8 High
Improper access control in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally.
CVE-2026-12281 2026-07-15 8.1 High
The Shibboleth WordPress plugin before 2.5.4 does not fail closed when its HTTP header identity mode is enabled without an anti-spoofing key, treating any request that carries identity headers as an authenticated session without verifying them. On a deployment where untrusted client headers reach the application, an unauthenticated attacker can log in with forged identity headers and, when automatic account creation and the default administrator role mapping are enabled, create and sign in as a new administrator. Exploitation requires the non-default HTTP header attribute mode, an empty or absent spoof key, automatic account creation enabled, and a deployment that does not strip untrusted client headers before they reach the application.
CVE-2026-56169 1 Microsoft 1 Windows Admin Center 2026-07-15 8.1 High
Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
CVE-2026-57107 1 Microsoft 1 Windows Admin Center 2026-07-15 7.8 High
Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges locally.
CVE-2026-11781 2026-07-15 2.7 Low
The Adminify WordPress plugin before 4.2.10 does not perform per-user read-capability checks on the results returned by one of its administration search features, allowing users with a low-privilege role (Contributor) to disclose non-public content that WordPress would not otherwise expose to them, such as other authors' unpublished post titles, pending comment content, the site's Adminify WordPress plugin before 4.2.10 inventory, and user account names.