Export limit exceeded: 359539 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359539 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-45472 | 1 Microsoft | 9 365 Apps, Office, Office 2016 and 6 more | 2026-06-10 | 8.4 High |
| Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-45471 | 1 Microsoft | 11 365 Apps, Office 2019, Office 2021 and 8 more | 2026-06-10 | 7.8 High |
| Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-44823 | 1 Microsoft | 9 365 Apps, Excel 2016, Office 2019 and 6 more | 2026-06-10 | 7.8 High |
| Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-45461 | 1 Microsoft | 9 365 Apps, Office, Office 2016 and 6 more | 2026-06-10 | 8.4 High |
| Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-45583 | 1 Microsoft | 3 Exchange Server 2016, Exchange Server 2019, Exchange Server Se | 2026-06-10 | 7.5 High |
| Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-45645 | 1 Microsoft | 8 365 Apps, Office 2016, Office 2019 and 5 more | 2026-06-10 | 7.8 High |
| Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-45649 | 1 Microsoft | 6 Excel, Excel For Android, Powerpoint and 3 more | 2026-06-10 | 7.1 High |
| Improper access control in Office for Android allows an unauthorized attacker to perform spoofing locally. | ||||
| CVE-2026-32193 | 1 Microsoft | 1 Azure Kubernetes Service | 2026-06-10 | 8.8 High |
| Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Azure Kubernetes Service allows an authorized attacker to execute code locally. | ||||
| CVE-2026-49161 | 1 Microsoft | 1 Pc Manager | 2026-06-10 | 7.8 High |
| Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security feature locally. | ||||
| CVE-2026-40371 | 1 Microsoft | 2 Dynamics 365, Dynamics 365 Server | 2026-06-10 | 8.8 High |
| Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-45463 | 1 Microsoft | 9 365 Apps, Office, Office 2016 and 6 more | 2026-06-10 | 8.4 High |
| Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-47281 | 1 Microsoft | 1 Visual Studio Code | 2026-06-10 | 9.6 Critical |
| Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2026-47293 | 1 Microsoft | 4 365 Apps, Office 2019, Office 2021 and 1 more | 2026-06-10 | 7 High |
| Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-42913 | 1 Microsoft | 13 Remote Desktop, Windows 11 23h2, Windows 11 23h2 and 10 more | 2026-06-10 | 7.5 High |
| Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-44963 | 1 Veeam | 1 Backup And Replication | 2026-06-10 | N/A |
| A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user. | ||||
| CVE-2026-4821 | 1 Github | 1 Enterprise Server | 2026-06-10 | N/A |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it was published in error. | ||||
| CVE-2026-49762 | 1 Elixir-lang | 1 Elixir | 2026-06-10 | 5.9 Medium |
| Uncontrolled Resource Consumption vulnerability in the Elixir standard library's Version module allows an attacker who controls a version string to cause a denial of service through CPU and memory exhaustion. The version parser converts numeric version components (major, minor, patch and numeric pre-release/build identifiers) to integers without bounding their length. A single large all-digit component therefore forces a super-linear, non-yielding base-10 to arbitrary-precision integer conversion (String.to_integer/1, i.e. :erlang.binary_to_integer/1) that pins a BEAM scheduler, and a larger component raises an uncaught SystemLimitError that crashes the calling process. A single moderately sized string (around one megabyte) is enough; no authentication is required. This is reachable from the public entry points Version.parse/1, Version.parse!/1, Version.match?/3, Version.compare/2, and Version.parse_requirement/1, which applications routinely call on untrusted input such as HTTP parameters, dependency-manifest fields, and package metadata. This vulnerability is associated with program files lib/version.ex and program routines 'Elixir.Version.Parser':parse_digits/2. This issue affects Elixir: from 1.5.0 before 1.20.1. | ||||
| CVE-2026-11434 | 1 Fluentcms | 1 Fluentcms | 2026-06-10 | 2.4 Low |
| A weakness has been identified in FluentCMS 0.0.5. The impacted element is an unknown function of the file /admin/blocks of the component Blocks Plugin. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-44750 | 1 Sap Se | 1 Sap Mdg (review Match Groups Application) | 2026-06-10 | 4.3 Medium |
| SAP MDG (Review Match Groups Application) does not perform the necessary authorization checks for authenticated users. This could allow a low-privileged user to perform actions that would otherwise be restricted, resulting in escalation of privileges. This has a low impact on integrity, while confidentiality and availability are not impacted. | ||||
| CVE-2026-44751 | 1 Sap Se | 1 Sap Netweaver And Abap Platform | 2026-06-10 | 7.1 High |
| Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an attacker to execute a report generation command which could overwrite information belonging to another user, resulting in escalation of privileges. This has high impact on integrity with low impact on availability and no impact on confidentiality of the application. | ||||