Export limit exceeded: 344777 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 344777 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344777 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-54358 | 2 Adivaha, Wordpress | 2 Wordpress Adivaha Travel Plugin, Wordpress | 2026-04-15 | 6.1 Medium |
| WordPress adivaha Travel Plugin 2.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the isMobile parameter. Attackers can craft malicious URLs containing JavaScript payloads in the isMobile GET parameter at the /mobile-app/v3/ endpoint to execute arbitrary code in victims' browsers and steal session tokens or credentials. | ||||
| CVE-2026-33698 | 1 Chamilo | 1 Chamilo Lms | 2026-04-15 | N/A |
| Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack can enable otherwise-blocked PHP code from the main/install/ directory and allow an unauthenticated attacker to modify existing files or create new files where allowed by system permissions. This only affects portals with the main/install/ directory still present and read-accessible. This vulnerability is fixed in 1.11.38. | ||||
| CVE-2026-30616 | 2026-04-15 | N/A | ||
| Jaaz 1.0.30 contains a remote code execution vulnerability in its MCP STDIO command execution handling. A remote attacker can send crafted network requests to the network-accessible Jaaz application, causing attacker-controlled commands to be executed on the server. Successful exploitation results in arbitrary command execution within the context of the Jaaz service, potentially allowing full compromise of the affected system. | ||||
| CVE-2026-32156 | 1 Microsoft | 15 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 12 more | 2026-04-15 | 7.4 High |
| Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-32157 | 1 Microsoft | 17 Remote Desktop, Windows 10 1607, Windows 10 1809 and 14 more | 2026-04-15 | 8.8 High |
| Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-32158 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 8 more | 2026-04-15 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-32159 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 8 more | 2026-04-15 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-32160 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 8 more | 2026-04-15 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-0390 | 1 Microsoft | 7 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 4 more | 2026-04-15 | 6.7 Medium |
| Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally. | ||||
| CVE-2026-32165 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 8 more | 2026-04-15 | 7.8 High |
| Use after free in Windows User Interface Core allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-32167 | 1 Microsoft | 10 Microsoft Sql Server 2016 Service Pack 3 Azure Connect Feature Pack, Microsoft Sql Server 2017 (gdr), Microsoft Sql Server 2019 (gdr) and 7 more | 2026-04-15 | 6.7 Medium |
| Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-32168 | 1 Microsoft | 2 Azure Monitor, Azure Monitor Agent | 2026-04-15 | 7.8 High |
| Improper input validation in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-32178 | 1 Microsoft | 2 .net, Visual Studio 2022 | 2026-04-15 | 7.5 High |
| Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-32181 | 1 Microsoft | 9 Windows 10 21h2, Windows 10 22h2, Windows 11 23h2 and 6 more | 2026-04-15 | 5.5 Medium |
| Improper privilege management in Microsoft Windows allows an authorized attacker to deny service locally. | ||||
| CVE-2026-32183 | 1 Microsoft | 15 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 12 more | 2026-04-15 | 7.8 High |
| Improper neutralization of special elements used in a command ('command injection') in Windows Snipping Tool allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-32184 | 1 Microsoft | 1 Microsoft Hpc Pack 2019 | 2026-04-15 | 7.8 High |
| Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-32188 | 1 Microsoft | 8 365 Apps, Excel 2016, Office 2019 and 5 more | 2026-04-15 | 7.1 High |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2026-32189 | 1 Microsoft | 7 365 Apps, Excel 2016, Office 2019 and 4 more | 2026-04-15 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-32192 | 1 Microsoft | 2 Azure Monitor, Azure Monitor Agent | 2026-04-15 | 7.8 High |
| Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-32195 | 1 Microsoft | 1 Windows 11 26h1 | 2026-04-15 | 7 High |
| Stack-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||