Search Results (5618 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-36720 1 Bookcars 1 Bookcars 2026-06-10 8.1 High
Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type.
CVE-2026-8863 7 Baramundi Software, Blancco Uk, Finland Matriculation Board and 4 more 12 Baramundi Management Suite, Whitecanyon Wipedrive, Abitti 1 and 9 more 2026-06-10 7.8 High
Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the operating system loads. Specific UEFI DBX update is required to block these vulnerable boot loaders.
CVE-2026-9067 2 Structured-data-for-wp, Wordpress 2 Download Schema \& Structured Data For Wp \& Amp, Wordpress 2026-06-10 9.1 Critical
The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and does not validate the actual content of uploaded files against the endpoint's intended media type, allowing unauthenticated users to upload any file type accepted by WordPress's media library through endpoints that should only accept images or videos.
CVE-2026-39169 1 Sem-cms 1 Semcms 2026-06-10 7.5 High
SEMCMS 5.0 is vulnerable to unauthorized access in SEMCMS_copy.php.
CVE-2026-45649 1 Microsoft 6 Excel, Excel For Android, Powerpoint and 3 more 2026-06-10 7.1 High
Improper access control in Office for Android allows an unauthorized attacker to perform spoofing locally.
CVE-2026-49161 1 Microsoft 1 Pc Manager 2026-06-10 7.8 High
Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security feature locally.
CVE-2026-41100 1 Microsoft 8 365 Copilot, 365 Copilot Android, 365 Copilot Android and 5 more 2026-06-09 4.4 Medium
Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.
CVE-2026-11274 2 Apple, Google 2 Iphone Os, Chrome 2026-06-09 4.3 Medium
Inappropriate implementation in DOM Distiller in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
CVE-2024-43600 1 Microsoft 1 Office 2026-06-09 7.8 High
Microsoft Office Elevation of Privilege Vulnerability
CVE-2024-49107 1 Microsoft 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more 2026-06-09 7.3 High
WmsRepair Service Elevation of Privilege Vulnerability
CVE-2024-49105 1 Microsoft 27 Remote Desktop, Remote Desktop Client, Windows 10 1507 and 24 more 2026-06-09 8.4 High
Remote Desktop Client Remote Code Execution Vulnerability
CVE-2024-49068 1 Microsoft 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 2026-06-09 8.2 High
Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2024-43594 1 Microsoft 4 System Center, System Center 2019, System Center 2022 and 1 more 2026-06-09 7.3 High
Microsoft System Center Elevation of Privilege Vulnerability
CVE-2024-38204 1 Microsoft 1 Azure Functions 2026-06-09 7.5 High
Improper access control in Imagine Cup allows an authorized attacker to elevate privileges over a network.
CVE-2024-43590 1 Microsoft 5 Visual C Plus Plus Redistributable Installer, Visual Studio, Visual Studio 2017 and 2 more 2026-06-09 7.8 High
Visual C++ Redistributable Installer Elevation of Privilege Vulnerability
CVE-2024-43456 1 Microsoft 9 Windows Server 2008, Windows Server 2008 R2, Windows Server 2012 and 6 more 2026-06-09 4.8 Medium
Windows Remote Desktop Services Tampering Vulnerability
CVE-2024-43503 1 Microsoft 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 2026-06-09 7.8 High
Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2026-11277 2 Apple, Google 2 Iphone Os, Chrome 2026-06-09 4.3 Medium
Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-11621 2 Dcat-admin, Dcatadmin 2 Dcat-admin, Dcat Admin 2026-06-09 4.7 Medium
A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulation of the argument editormd-image-file causes unrestricted upload. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2026-11474 1 Kushan2k 1 Student-management-system 2026-06-09 7.3 High
A security flaw has been discovered in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected is an unknown function of the file service/RegisterService.php of the component Registration Endpoint. Performing a manipulation of the argument stimg results in unrestricted upload. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet.