Export limit exceeded: 79399 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79399 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25167 | 1 Microsoft | 8 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 5 more | 2026-04-14 | 7.4 High |
| Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2026-25165 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-04-14 | 7.8 High |
| Null pointer dereference in Windows Performance Counters allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-24296 | 1 Microsoft | 29 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 26 more | 2026-04-14 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Device Association Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-24294 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-04-14 | 7.8 High |
| Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-24293 | 1 Microsoft | 19 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 16 more | 2026-04-14 | 7.8 High |
| Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-24292 | 1 Microsoft | 22 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 19 more | 2026-04-14 | 7.8 High |
| Use after free in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-24290 | 1 Microsoft | 22 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 19 more | 2026-04-14 | 7.8 High |
| Improper access control in Windows Projected File System allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-24289 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-04-14 | 7.8 High |
| Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-24285 | 1 Microsoft | 30 Office, Office For Android, Windows 10 1607 and 27 more | 2026-04-14 | 7 High |
| Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-24283 | 1 Microsoft | 11 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 8 more | 2026-04-14 | 8.8 High |
| Heap-based buffer overflow in Windows File Server allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-23673 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-04-14 | 7.8 High |
| Out-of-bounds read in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-23672 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-04-14 | 7.8 High |
| Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability | ||||
| CVE-2026-23671 | 1 Microsoft | 25 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 22 more | 2026-04-14 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-23668 | 1 Microsoft | 22 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 19 more | 2026-04-14 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-23667 | 1 Microsoft | 14 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 11 more | 2026-04-14 | 7 High |
| Use after free in Broadcast DVR allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-23664 | 1 Microsoft | 1 Azure Iot Explorer | 2026-04-14 | 7.5 High |
| Improper restriction of communication channel to intended endpoints in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-23660 | 1 Microsoft | 3 Azure Portal Windows Admin Center, Windows Admin Center, Windows Admin Center In Azure Portal | 2026-04-14 | 7.8 High |
| Improper access control in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-21262 | 1 Microsoft | 15 Microsoft Sql Server 2016 Service Pack 3 (gdr), Microsoft Sql Server 2016 Service Pack 3 Azure Connect Feature Pack, Microsoft Sql Server 2017 (cu 31) and 12 more | 2026-04-14 | 8.8 High |
| Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-64759 | 2 Homarr, Homarr-labs | 2 Homarr, Homarr | 2026-04-14 | 8.1 High |
| Homarr is an open-source dashboard. Prior to version 1.43.3, stored XSS vulnerability exists, allowing the execution of arbitrary JavaScript in a user's browser, with minimal or no user interaction required, due to the rendering of a malicious uploaded SVG file. This could be abused to add an attacker's account to the "credentials-admin" group, giving them full administrative access, if a user logged in as an administrator was to view the page which renders or redirects to the SVG. This issue has been patched in version 1.43.3. | ||||
| CVE-2025-66453 | 1 Mozilla | 1 Rhino | 2026-04-14 | 7.5 High |
| Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed() function, it might lead to high CPU consumption and a potential Denial of Service. Small numbers go through this call stack: NativeNumber.numTo > DToA.JS_dtostr > DToA.JS_dtoa > DToA.pow5mult where pow5mult attempts to raise 5 to a ridiculous power. This vulnerability is fixed in 1.8.1, 1.7.15.1, and 1.7.14.1. | ||||