Export limit exceeded: 337358 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (337358 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25171 | 1 Microsoft | 29 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 26 more | 2026-03-11 | 7 High |
| Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-25172 | 1 Microsoft | 14 Windows Server 2012, Windows Server 2012 (server Core Installation), Windows Server 2012 R2 and 11 more | 2026-03-11 | 8.8 High |
| Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-25173 | 1 Microsoft | 29 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 26 more | 2026-03-11 | 8 High |
| Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-25174 | 1 Microsoft | 29 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 26 more | 2026-03-11 | 7.8 High |
| Out-of-bounds read in Windows Extensible File Allocation allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-25175 | 1 Microsoft | 21 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 18 more | 2026-03-11 | 7.8 High |
| Out-of-bounds read in Windows NTFS allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-25176 | 1 Microsoft | 29 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 26 more | 2026-03-11 | 7.8 High |
| Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-25177 | 1 Microsoft | 29 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 26 more | 2026-03-11 | 8.8 High |
| Improper restriction of names for files and other resources in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-25178 | 1 Microsoft | 29 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 26 more | 2026-03-11 | 7 High |
| Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-25181 | 1 Microsoft | 29 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 26 more | 2026-03-11 | 7.5 High |
| Out-of-bounds read in Windows GDI+ allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-25185 | 1 Microsoft | 29 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 26 more | 2026-03-11 | 5.3 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows Shell Link Processing allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-25186 | 1 Microsoft | 29 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 26 more | 2026-03-11 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-25190 | 1 Microsoft | 29 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 26 more | 2026-03-11 | 7.8 High |
| Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-25569 | 1 Siemens | 1 Sicam Siapp Sdk | 2026-03-11 | 7.4 High |
| A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). An out-of-bounds write vulnerability exists in SICAM SIAPP SDK. This could allow an attacker to write data beyond the intended buffer, potentially leading to denial of service, or arbitrary code execution. | ||||
| CVE-2026-25572 | 1 Siemens | 1 Sicam Siapp Sdk | 2026-03-11 | 5.1 Medium |
| A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The SICAM SIAPP SDK server component does not enforce maximum length checks on certain variables before use. This could allow an attacker to send an oversized input that could trigger a stack overflow crashing the process and potentially causing denial of service. | ||||
| CVE-2026-30969 | 1 Coral-protocol | 1 Coral-server | 2026-03-11 | N/A |
| Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, Coral Server did not enforce strong authentication between agents and the server within an active session. This could allow an attacker who obtained or predicted a session identifier to impersonate an agent or join an existing session. This vulnerability is fixed in 1.1.0. | ||||
| CVE-2026-25836 | 1 Fortinet | 1 Fortisandboxcloud | 2026-03-11 | 6.7 Medium |
| An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox Cloud 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code or commands via crafted HTTP requests. | ||||
| CVE-2026-26105 | 1 Microsoft | 4 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 and 1 more | 2026-03-11 | 8.1 High |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-29176 | 1 Craftcms | 1 Commerce | 2026-03-11 | N/A |
| Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, A stored XSS vulnerability exists in the Commerce Settings - Inventory Locations page. The Name field is rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript. This XSS triggers when an administrator (or user with product editing permissions) creates or edits a variant product. This vulnerability is fixed in 5.5.3. | ||||
| CVE-2026-26109 | 1 Microsoft | 10 365 Apps, Excel 2016, Microsoft 365 Apps For Enterprise and 7 more | 2026-03-11 | 8.4 High |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-26110 | 1 Microsoft | 8 365 Apps, Office, Office 2016 and 5 more | 2026-03-11 | 8.4 High |
| Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||