Export limit exceeded: 366475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366475 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-54800 | 1 Siemens | 2 Cpci85 Central Processing\/communication, Sicore Base System | 2026-07-15 | 4.8 Medium |
| A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application ships with a default configuration that disables all OPC UA security mechanisms. This could allow an attacker to gain unauthorized access and control over critical system functions. | ||||
| CVE-2026-55058 | 1 Microsoft | 9 365 Apps, Excel 2016, Office 2019 and 6 more | 2026-07-15 | 7.8 High |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-8920 | 1 Asus | 1 Aura Wallpaper Service | 2026-07-15 | N/A |
| Improper Restriction of Communication Channel to Intended Endpoints and External Control of File Name or Path in Aura Wallpaper Service allow a local user to perform file operations by sending crafted commands containing an arbitrary file path and bypassing the service’s path restrictions . On specific models , this can also cause a single feature to become unavailable . Refer to the ' Security Update for Aura Wallpaper Service ' section on the ASUS Security Advisory for more information. | ||||
| CVE-2026-47282 | 1 Microsoft | 1 Visual Studio Code | 2026-07-15 | 6.5 Medium |
| Insufficiently protected credentials in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-58551 | 2026-07-15 | 5.1 Medium | ||
| Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2026-55014 | 1 Microsoft | 1 Windows-remote-help | 2026-07-15 | 7.8 High |
| Improper access control in Windows Remote Help Defense allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-58647 | 1 Microsoft | 1 Power Bi Report Server | 2026-07-15 | 8 High |
| Improper neutralization of input during web page generation ('cross-site scripting') in Power BI allows an authorized attacker to perform spoofing over a network. | ||||
| CVE-2026-59838 | 1 Fortinet | 1 Fortisiem | 2026-07-15 | 5.3 Medium |
| A improper neutralization of script-related html tags in a web page (basic xss) vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.2.0 through 7.2.6, FortiSIEM 7.1 all versions, FortiSIEM 7.0 all versions, FortiSIEM 6.7 all versions, FortiSIEM 6.6 all versions, FortiSIEM 6.5 all versions, FortiSIEM 6.4 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here> | ||||
| CVE-2026-50328 | 1 Microsoft | 8 Windows 10 1607, Windows 10 1809, Windows Server 2012 and 5 more | 2026-07-15 | 7.5 High |
| Uncaught exception in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network. | ||||
| CVE-2026-50360 | 1 Microsoft | 7 Windows 10 21h2, Windows 10 22h2, Windows 11 24h2 and 4 more | 2026-07-15 | 8.8 High |
| Incorrect implementation of authentication algorithm in Windows SMB Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-50400 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-15 | 7.8 High |
| Stack-based buffer overflow in Windows App Installer allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-50343 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2026-07-15 | 7.8 High |
| Improper privilege management in Microsoft Install Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-50430 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more | 2026-07-15 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-11802 | 2026-07-15 | 5.3 Medium | ||
| The FoodBook Lite - Online Food Ordering System plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5.6. The registration() function, accessible via the wp_ajax_nopriv_registration_action AJAX action, lacks any nonce verification or capability check, and does not check the WordPress users_can_register option before calling wp_insert_user(). This makes it possible for unauthenticated attackers to create new user accounts with the 'customer' role and receive authentication cookies, even when the site administrator has explicitly disabled user registration. | ||||
| CVE-2026-50335 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2026-07-15 | 7.8 High |
| Improper access control in Windows Operating Systems allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-50317 | 1 Microsoft | 4 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 1 more | 2026-07-15 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Operating Systems allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-7655 | 2 Surecart, Wordpress | 2 Surecart – Ecommerce Made Easy For Selling Physical Products, Digital Downloads, Subscriptions, Donations, & Payments, Wordpress | 2026-07-15 | 8.1 High |
| The SureCart plugin for WordPress is vulnerable to privilege escalation via account takeover in versions up to, and including, 4.2.3. This is due to the plugin not properly validating a user's identity prior to updating their details like email during customer profile synchronization from webhook events. This makes it possible for unauthenticated attackers to change linked user's email addresses, including administrators if the administrator account is linked to a SureCart customer record, and leverage that to reset the user's password and gain access to their account if the customer ID is known. | ||||
| CVE-2026-41087 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more | 2026-07-15 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-13968 | 2 Starboardsuite, Wordpress | 2 Starboard Suite Reservation Calendars, Wordpress | 2026-07-15 | 6.4 Medium |
| The Starboard Suite Reservation Calendars plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in the [starboard-suite-lightbox] shortcode in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-57831 | 2026-07-15 | N/A | ||
| The Joomla extension DP Calendar is vulnerable to an unauthenticated SQL injection. | ||||