Export limit exceeded: 346387 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 78882 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (78882 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-26110 | 1 Microsoft | 9 365 Apps, Office, Office 2016 and 6 more | 2026-04-14 | 8.4 High |
| Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-40200 | 1 Musl-libc | 1 Musl | 2026-04-14 | 8.1 High |
| An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical). | ||||
| CVE-2026-26109 | 1 Microsoft | 13 365 Apps, Excel, Excel 2016 and 10 more | 2026-04-14 | 8.4 High |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-26108 | 1 Microsoft | 11 365 Apps, Excel, Excel 2016 and 8 more | 2026-04-14 | 7.8 High |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-26107 | 1 Microsoft | 11 365 Apps, Excel, Excel 2016 and 8 more | 2026-04-14 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-26106 | 1 Microsoft | 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 | 2026-04-14 | 8.8 High |
| Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-23665 | 1 Microsoft | 2 Azure Linux Virtual Machines Azure Diagnostics, Linux Diagnostic Extension | 2026-04-14 | 7.8 High |
| Heap-based buffer overflow in Azure Linux Virtual Machines allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-22750 | 1 Vmware | 1 Spring Cloud Gateway | 2026-04-14 | 7.5 High |
| When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead. Note: The 4.2.x branch is no longer under open source support. If you are using Spring Cloud Gateway 4.2.0 and are not an enterprise customer, you can upgrade to any Spring Cloud Gateway 4.2.x release newer than 4.2.0 available on Maven Centeral https://repo1.maven.org/maven2/org/springframework/cloud/spring-cloud-gateway/ . Ideally if you are not an enterprise customer, you should be upgrading to 5.0.2 or 5.1.1 which are the current supported open source releases. | ||||
| CVE-2026-23662 | 1 Microsoft | 1 Azure Iot Explorer | 2026-04-14 | 7.5 High |
| Missing authentication for critical function in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-23661 | 1 Microsoft | 1 Azure Iot Explorer | 2026-04-14 | 7.5 High |
| Cleartext transmission of sensitive information in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-23654 | 1 Microsoft | 3 Gihub Repo Zero Shot Scfoundation, Gihub Repo Zero Shot Scfoundation, Zero-shot-scfoundation | 2026-04-14 | 8.8 High |
| Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-40217 | 1 Berriai | 1 Litellm | 2026-04-14 | 8.8 High |
| LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/test_custom_code URI. | ||||
| CVE-2026-23659 | 1 Microsoft | 1 Azure Data Factory | 2026-04-14 | 8.6 High |
| Exposure of sensitive information to an unauthorized actor in Azure Data Factory allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-23658 | 1 Microsoft | 2 Azure Devops, Azure Devops Msazure | 2026-04-14 | 8.6 High |
| Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2026-26138 | 1 Microsoft | 2 Office Purview, Purview | 2026-04-14 | 8.6 High |
| Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2026-26139 | 1 Microsoft | 2 Office Purview, Purview | 2026-04-14 | 8.6 High |
| Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2026-26148 | 1 Microsoft | 1 Azure Ad Ssh Login Extension For Linux | 2026-04-14 | 8.1 High |
| External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2026-26127 | 4 Apple, Linux, Microsoft and 1 more | 8 Macos, Linux Kernel, .net and 5 more | 2026-04-14 | 7.5 High |
| Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-26134 | 1 Microsoft | 1 Office | 2026-04-14 | 7.8 High |
| Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-26132 | 1 Microsoft | 19 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 16 more | 2026-04-14 | 7.8 High |
| Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||