Search

Search Results (367176 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-55053 1 Microsoft 9 365 Apps, Excel 2016, Office 2019 and 6 more 2026-07-16 7.8 High
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-55039 1 Microsoft 9 365 Apps, Excel 2016, Office 2019 and 6 more 2026-07-16 7.8 High
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-15809 1 Redhat 2 Confidential Compute Attestation, Openshift 2026-07-16 7.8 High
A flaw was found in CRI-O. The fix for a previous vulnerability (CVE-2022-4318) was incorrect, allowing it to be bypassed. An attacker capable of setting environment variables on a container can inject a newline character into the HOME environment variable. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.
CVE-2026-50675 1 Microsoft 9 365 Apps, Excel 2016, Office 2019 and 6 more 2026-07-16 7.8 High
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-54988 1 Microsoft 9 365 Apps, Excel 2016, Office 2019 and 6 more 2026-07-16 6.1 Medium
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-55124 1 Microsoft 11 365 Apps, Office 2019, Office 2021 and 8 more 2026-07-16 5.5 Medium
Improper validation of specified type of input in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-55051 1 Microsoft 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 2026-07-16 6.5 Medium
Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network.
CVE-2026-55138 1 Microsoft 10 365 Apps, Excel 2016, Microsoft Office 365 For Mac and 7 more 2026-07-16 5.5 Medium
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-54124 1 Microsoft 8 Terminal, Windows 10 21h2, Windows 10 22h2 and 5 more 2026-07-16 7.8 High
Integer overflow or wraparound in Windows Terminal allows an unauthorized attacker to execute code locally.
CVE-2026-48335 2026-07-16 7.8 High
Illustrator is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-48321 2026-07-16 9.3 Critical
ColdFusion is affected by an Incorrect Authorization vulnerability that could result in privilege escalation. An attacker could leverage this vulnerability to gain unauthorized read and write access. Exploitation of this issue does not require user interaction. Scope is changed.
CVE-2026-55899 1 Microsoft 14 365 Apps, Excel 2016, Microsoft Office 365 For Mac and 11 more 2026-07-16 7.8 High
Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-55947 1 Microsoft 13 365 Apps, Excel 2016, Microsoft Office Ltsc 2021 and 10 more 2026-07-16 7.8 High
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-8595 1 Grafana 1 Grafana 2026-07-16 6.8 Medium
A user with Editor permissions can craft a dashboard whose table (TableNG) panel contains a malicious field name that executes as a script in the browser of any user who views the dashboard (stored cross-site scripting).
CVE-2026-15642 1 Devolutions 1 Server 2026-07-16 3.3 Low
Insertion of sensitive information into a file in the Recovery Kit response file generation feature in Devolutions Server 2026.1.22.0, 2026.2.11.0 allows an attacker with access to the generated response file to obtain the Azure Key Vault client secret in cleartext, even when the option to exclude sensitive data is selected.
CVE-2026-45071 2026-07-16 N/A
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, Crawler::addXmlContent() set DOMDocument::$validateOnParse = true before loadXML(), re-enabling external entity resolution and allowing attacker-supplied XML to expand file:// entities such as local files. This issue is fixed in versions 5.4.52, 6.4.40, 7.4.12, and 8.0.12.
CVE-2026-48747 2026-07-16 N/A
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 7.4.13 and 8.0.13, MailomatRequestParser::validateSignature() parsed X-MOM-Webhook-Signature as algo=signature and passed the request-selected algorithm to hash_hmac(), allowing a signature algorithm downgrade instead of enforcing Mailomat's documented SHA-256 webhook signature. This issue is fixed in versions 7.4.13 and 8.0.13.
CVE-2026-47476 1 Nvidia 1 Triton Inference Server 2026-07-16 7.5 High
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause uncontrolled resource consumption. A successful exploit of this vulnerability might lead to denial of service.
CVE-2026-48001 2026-07-16 3.7 Low
Adobe Commerce is affected by an Information Exposure vulnerability that could lead to a limited disclosure of sensitive information. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction.
CVE-2026-47480 1 Nvidia 1 Triton Inference Server 2026-07-16 7.5 High
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause an uncaught exception. A successful exploit of this vulnerability might lead to denial of service.