Export limit exceeded: 366508 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366508 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-50393 | 1 Microsoft | 4 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 1 more | 2026-07-15 | 7 High |
| Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-50490 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-15 | 7 High |
| Use after free in Windows Installer allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-48272 | 2026-07-15 | 7.8 High | ||
| Creative Cloud Desktop is affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction. Scope is changed. | ||||
| CVE-2026-48344 | 2026-07-15 | 7.8 High | ||
| Creative Cloud Desktop is affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction. Scope is changed. | ||||
| CVE-2026-48318 | 2026-07-15 | 9.9 Critical | ||
| ColdFusion is affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue does not require user interaction. Scope is changed. | ||||
| CVE-2026-48322 | 2026-07-15 | 9.6 Critical | ||
| ColdFusion is affected by an Improper Control of Generation of Code ('Code Injection') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed. | ||||
| CVE-2026-48284 | 2026-07-15 | 9.6 Critical | ||
| ColdFusion is affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed. | ||||
| CVE-2026-48325 | 2026-07-15 | 9.3 Critical | ||
| ColdFusion is affected by a Missing Authentication for Critical Function vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed. | ||||
| CVE-2026-11579 | 2026-07-15 | 5.3 Medium | ||
| The Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.17 does not verify that a file upload is made against an existing form configured with a file-upload field, accepting uploads regardless of whether any such form exists, which allows unauthenticated users to upload files to the WordPress Media Library; the uploads are limited to WordPress's default-allowed MIME types, so this does not lead to code execution. | ||||
| CVE-2026-48319 | 2026-07-15 | 9.1 Critical | ||
| ColdFusion is affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed. | ||||
| CVE-2026-48324 | 2026-07-15 | 9.1 Critical | ||
| ColdFusion is affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed. | ||||
| CVE-2026-48327 | 2026-07-15 | 9 Critical | ||
| ColdFusion is affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed. | ||||
| CVE-2026-62187 | 2026-07-15 | 8.1 High | ||
| OpenClaw Feishu tools (npm package @openclaw/feishu) in versions <= 2026.6.6 could ignore per-account disablement. A lower-trust caller or a configured input path could perform actions that should have required a stronger authorization or policy check, resulting in unauthorized operations. The issue is fixed in version 2026.6.9. Impact depends on the operator's configuration and whether lower-trust input can reach the affected feature. | ||||
| CVE-2026-48311 | 2026-07-15 | 7.8 High | ||
| Bridge is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-48343 | 2026-07-15 | 7.8 High | ||
| Bridge is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-48341 | 2026-07-15 | 7.8 High | ||
| Bridge is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-48339 | 2026-07-15 | 7.8 High | ||
| Bridge is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-48340 | 2026-07-15 | 7.8 High | ||
| Bridge is affected by an Untrusted Pointer Dereference vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-11580 | 2026-07-15 | 5.5 Medium | ||
| The Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.17 does not perform a per-object capability check in its post-duplication AJAX action, allowing users with Contributor-level access or above to duplicate any post (regardless of owner, post type, or status) into a published post they own and read its private post metadata, including secrets stored by other Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.17. | ||||
| CVE-2026-48342 | 2026-07-15 | 7.8 High | ||
| Bridge is affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||