Export limit exceeded: 366805 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366805 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366805 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366805 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-51598 | 1 Mercury | 1 Mipc252w | 2026-07-15 | 6.5 Medium |
| An input validation vulnerability in the RTSP service of MERCURY MIPC252W IP Camera v1.0.5 Build 230306 Rel.79931n) allows an unauthenticated, network-adjacent attacker to cause a denial of service via a crafted DESCRIBE request with a malformed URL in the request line. | ||||
| CVE-2026-55002 | 1 Microsoft | 15 Microsoft Sql Server 2016 Service Pack 3 (gdr), Microsoft Sql Server 2016 Service Pack 3 Azure Connect Feature Pack, Microsoft Sql Server 2017 (cu 31) and 12 more | 2026-07-15 | 7.8 High |
| External control of file name or path in SQL Server allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-51604 | 1 Tenda | 1 Cp3 | 2026-07-15 | 7.5 High |
| A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.91) allows an unauthenticated remote attacker to cause a denial of service via a crafted PLAY request. | ||||
| CVE-2026-12505 | 1 Redhat | 4 Cifs-utils, Enterprise Linux, Openshift and 1 more | 2026-07-15 | 7.8 High |
| A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted request_key payload to trick the root-owned helper into entering a custom environment (namespace) containing a malicious NSS module. This forces the system to load the attacker's controlled NSS Module and configuration, allowing them to execute arbitrary commands as the root user, elevating their privileges and fully compromising the system. | ||||
| CVE-2026-54798 | 1 Siemens | 2 Cpci85 Central Processing\/communication, Sicore Base System | 2026-07-15 | 6.5 Medium |
| A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application includes a debugging interface that is accessible through HTTP endpoints. This could allow an authenticated attacker to disrupt the system by crashing the web process causing denial of service conditions. | ||||
| CVE-2026-50658 | 1 Microsoft | 1 Defender For Endpoint | 2026-07-15 | 7 High |
| Time-of-check time-of-use (toctou) race condition in Microsoft Defender allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-15427 | 2026-07-15 | N/A | ||
| An OS command injection vulnerability exists in the TR-069 / CWMP management interface of Archer VX1800v v1 due to insufficient input validation and sanitization of parameters, allowing crafted input to be executed as system-level commands. Exploitation requires specific conditions such as TR-069 being enabled and ability to influence ACS-delivered commands, compromise or control an ACS server. Successful exploitation may allow arbitrary command execution with root privileges, resulting in complete compromise of the device. | ||||
| CVE-2026-50499 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2026-07-15 | 7.8 High |
| Heap-based buffer overflow in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-44761 | 2026-07-15 | 9.1 Critical | ||
| SAP Commerce Cloud could retain a sample OAuth2 client with publicly documented sample credentials originating from sample configuration provided in SAP Help Portal documentation. If left unchanged, an unauthenticated attacker could use these well-known credentials to obtain a valid access token and invoke certain APIs to read and modify data. Successful exploitation results in high impact on confidentiality and integrity, with no impact on availability. | ||||
| CVE-2026-50677 | 1 Microsoft | 3 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 | 2026-07-15 | 7.8 High |
| Use after free in Windows Media allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-50688 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-15 | 7.8 High |
| Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-50674 | 1 Microsoft | 4 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 1 more | 2026-07-15 | 7 High |
| Use after free in Windows USB Print Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-50340 | 1 Microsoft | 4 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 1 more | 2026-07-15 | 8.5 High |
| Use after free in Windows Runtime allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-50385 | 1 Microsoft | 4 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 1 more | 2026-07-15 | 8.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-54125 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2026-07-15 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-50501 | 1 Microsoft | 4 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 1 more | 2026-07-15 | 7.8 High |
| Stack-based buffer overflow in Windows Resilient File System (ReFS) allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-55021 | 1 Microsoft | 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 | 2026-07-15 | 7.3 High |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||||
| CVE-2026-54121 | 1 Microsoft | 8 Windows 10 1607, Windows 10 1809, Windows Server 2012 and 5 more | 2026-07-15 | 8.8 High |
| Improper authorization in Active Directory Certificate Services (AD CS) allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-55033 | 1 Microsoft | 11 365 Apps, Office 2019, Office 2021 and 8 more | 2026-07-15 | 7.8 High |
| Integer overflow or wraparound in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-50354 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more | 2026-07-15 | 7.1 High |
| Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||