Export limit exceeded: 366787 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366787 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-55048 1 Microsoft 9 365 Apps, Excel 2016, Office 2019 and 6 more 2026-07-15 7.8 High
Integer overflow or wraparound in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-41122 1 Dell 1 Powerprotect Data Domain 2026-07-15 7.1 High
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain a stored cross-site scripting vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability. Exploitation may lead to information disclosure, session theft, or client-side request forgery.
CVE-2026-53480 1 Dell 1 Powerprotect Data Domain 2026-07-15 2.7 Low
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper limitation of a pathname to a restricted directory ('path traversal') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized file modification.
CVE-2026-55054 1 Microsoft 9 365 Apps, Excel 2016, Office 2019 and 6 more 2026-07-15 6.5 Medium
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
CVE-2026-15108 1 Google 1 Chrome 2026-07-15 4.3 Medium
Integer overflow in Extensions API in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension. (Chromium security severity: High)
CVE-2026-15110 1 Google 1 Chrome 2026-07-15 8.8 High
Use after free in Extensions in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
CVE-2026-15114 1 Google 1 Chrome 2026-07-15 8.8 High
Out of bounds read and write in Codecs in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: High)
CVE-2026-15117 1 Google 1 Chrome 2026-07-15 7.5 High
Use after free in Payments in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2026-15119 1 Google 1 Chrome 2026-07-15 8.3 High
Race in GetUserMedia in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2026-15122 1 Google 1 Chrome 2026-07-15 8.3 High
Insufficient validation of untrusted input in Codecs in Google Chrome on Windows prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2026-51601 1 Tenda 1 Cp3 2026-07-15 7.5 High
Tenda CP3 V3.0 firmware V31.1.9.91 contains a stack-based buffer overflow in the RTSP service. The device fails to validate the length of the clock= value in the Range header field when processing a PLAY request. An unauthenticated remote attacker who has completed a standard RTSP session handshake can send a PLAY request with an excessively long clock= value to cause the RTSP service to crash.
CVE-2026-51598 1 Mercury 1 Mipc252w 2026-07-15 6.5 Medium
An input validation vulnerability in the RTSP service of MERCURY MIPC252W IP Camera v1.0.5 Build 230306 Rel.79931n) allows an unauthenticated, network-adjacent attacker to cause a denial of service via a crafted DESCRIBE request with a malformed URL in the request line.
CVE-2026-55002 1 Microsoft 15 Microsoft Sql Server 2016 Service Pack 3 (gdr), Microsoft Sql Server 2016 Service Pack 3 Azure Connect Feature Pack, Microsoft Sql Server 2017 (cu 31) and 12 more 2026-07-15 7.8 High
External control of file name or path in SQL Server allows an authorized attacker to elevate privileges locally.
CVE-2026-51604 1 Tenda 1 Cp3 2026-07-15 7.5 High
A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.91) allows an unauthenticated remote attacker to cause a denial of service via a crafted PLAY request.
CVE-2026-12505 1 Redhat 4 Cifs-utils, Enterprise Linux, Openshift and 1 more 2026-07-15 7.8 High
A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted request_key payload to trick the root-owned helper into entering a custom environment (namespace) containing a malicious NSS module. This forces the system to load the attacker's controlled NSS Module and configuration, allowing them to execute arbitrary commands as the root user, elevating their privileges and fully compromising the system.
CVE-2026-54798 1 Siemens 2 Cpci85 Central Processing\/communication, Sicore Base System 2026-07-15 6.5 Medium
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application includes a debugging interface that is accessible through HTTP endpoints. This could allow an authenticated attacker to disrupt the system by crashing the web process causing denial of service conditions.
CVE-2026-50658 1 Microsoft 1 Defender For Endpoint 2026-07-15 7 High
Time-of-check time-of-use (toctou) race condition in Microsoft Defender allows an authorized attacker to elevate privileges locally.
CVE-2026-15427 2026-07-15 N/A
An OS command injection vulnerability exists in the TR-069 / CWMP management interface of Archer VX1800v v1 due to insufficient input validation and sanitization of parameters, allowing crafted input to be executed as system-level commands. Exploitation requires specific conditions such as TR-069 being enabled and ability to influence ACS-delivered commands, compromise or control an ACS server. Successful exploitation may allow arbitrary command execution with root privileges, resulting in complete compromise of the device.
CVE-2026-50499 1 Microsoft 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more 2026-07-15 7.8 High
Heap-based buffer overflow in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.
CVE-2026-44761 2026-07-15 9.1 Critical
SAP Commerce Cloud could retain a sample OAuth2 client with publicly documented sample credentials originating from sample configuration provided in SAP Help Portal documentation. If left unchanged, an unauthenticated attacker could use these well-known credentials to obtain a valid access token and invoke certain APIs to read and modify data. Successful exploitation results in high impact on confidentiality and integrity, with no impact on availability.