Export limit exceeded: 24924 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24924 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-4056 | 3 Gnome, Microsoft, Redhat | 4 Glib, Windows, Enterprise Linux and 1 more | 2026-06-25 | 7.5 High |
| A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to spawn a program using long command lines. | ||||
| CVE-2026-45475 | 1 Microsoft | 14 365 Apps, Microsoft 365 Apps For Enterprise, Office 2016 and 11 more | 2026-06-24 | 7.8 High |
| Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-45472 | 1 Microsoft | 11 365 Apps, Microsoft 365 Apps For Enterprise, Office and 8 more | 2026-06-24 | 8.4 High |
| Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-45471 | 1 Microsoft | 14 365 Apps, Microsoft 365 Apps For Enterprise, Office 2019 and 11 more | 2026-06-24 | 7.8 High |
| Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-45455 | 1 Microsoft | 10 365 Apps, Excel 2016, Microsoft 365 Apps For Enterprise and 7 more | 2026-06-24 | 3.3 Low |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-47937 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2026-06-23 | 7.7 High |
| Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. An attacker with high privileges could exploit this vulnerability to execute arbitrary code. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed. | ||||
| CVE-2026-47907 | 3 Adobe, Apple, Microsoft | 3 Dreamweaver, Macos, Windows | 2026-06-23 | 8.6 High |
| Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to execute arbitrary code. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed. | ||||
| CVE-2026-34694 | 5 Adobe, Apple, Google and 2 more | 7 Adobe Experience Manager, Experience Manager, Iphone Os and 4 more | 2026-06-23 | 4.8 Medium |
| Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed. | ||||
| CVE-2026-34662 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2026-06-23 | 5.5 Medium |
| Illustrator versions 29.8.6, 30.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2011-0627 | 7 Adobe, Apple, Google and 4 more | 7 Flash Player, Mac Os X, Android and 4 more | 2026-06-23 | 8.8 High |
| Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file. | ||||
| CVE-2026-32174 | 1 Microsoft | 1 Azure Ai Bot Service | 2026-06-23 | 7.7 High |
| Improper authentication in Azure Bot Service allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-42895 | 1 Microsoft | 1 365 Copilot | 2026-06-23 | 6.5 Medium |
| Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network. | ||||
| CVE-2025-66389 | 1 Microsoft | 1 Copilot | 2026-06-22 | 7.5 High |
| GitHub Copilot 1.372.0 allows filesystem access outside of a workspace folder (without user approval) via a file-handler URI parameter to fetch_webpage. Therefore, exfiltration could occur if there is indirect prompt injection. | ||||
| CVE-2026-54130 | 1 Microsoft | 1 365 Copilot | 2026-06-22 | 9.8 Critical |
| Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-32208 | 1 Microsoft | 1 Edge Chromium | 2026-06-22 | 8.8 High |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an authorized attacker to perform spoofing over a network. | ||||
| CVE-2026-50519 | 1 Microsoft | 2 Gihub Copilot Chat, Github Copilot Chat | 2026-06-22 | 6.5 Medium |
| Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-48584 | 1 Microsoft | 1 Azure Synapse | 2026-06-22 | 9.9 Critical |
| Execution with unnecessary privileges in Azure Synapse allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-45480 | 1 Microsoft | 1 Azure Active Directory | 2026-06-22 | 10 Critical |
| Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-62821 | 1 Microsoft | 1 Heif Image Extension | 2026-06-22 | 9.1 Critical |
| Microsoft HEIF Image Extensions 1.2.22.0 has an out-of-bounds read because CHEIFItemInfoEntry_GetDataSize can return success while leaving the reported data size as 0. This causes a caller to make a 1-byte allocation. Later, CopyPixels computes copy_size = stride * abs(roi_height) but does not check the source buffer length before a memmove call. | ||||
| CVE-2026-47633 | 1 Microsoft | 2 Azure Cost Management, Azure Cost Management | 2026-06-22 | 7.5 High |
| Exposure of sensitive information to an unauthorized actor in Cost Management Interactive Experiences allows an unauthorized attacker to disclose information over a network. | ||||