Search

Expected end of text, found '.' (at char 20), (line:1, col:21)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (339569 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-23651 1 Microsoft 2 Aci Confidential Containers, Microsoft Aci Confidential Containers 2026-03-23 6.7 Medium
Permissive regular expression in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.
CVE-2026-23674 1 Microsoft 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more 2026-03-23 7.5 High
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-26127 2 Microsoft, Redhat 4 .net, Bcl Memory, Bcl Memory and 1 more 2026-03-23 7.5 High
Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network.
CVE-2026-26134 1 Microsoft 1 Office 2026-03-23 7.8 High
Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVE-2026-26132 1 Microsoft 18 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 15 more 2026-03-23 7.8 High
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-26131 1 Microsoft 1 .net 2026-03-23 7.8 High
Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally.
CVE-2026-26128 1 Microsoft 29 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 26 more 2026-03-23 7.8 High
Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally.
CVE-2026-26116 1 Microsoft 5 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 2 more 2026-03-23 8.8 High
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-26115 1 Microsoft 15 Microsoft Sql Server 2016 Service Pack 3 (gdr), Microsoft Sql Server 2016 Service Pack 3 Azure Connect Feature Pack, Microsoft Sql Server 2017 (cu 31) and 12 more 2026-03-23 8.8 High
Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-26121 1 Microsoft 1 Azure Iot Explorer 2026-03-23 7.5 High
Server-side request forgery (ssrf) in Azure IoT Explorer allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-20967 1 Microsoft 4 System Center Operations Manager, System Center Operations Manager 2019, System Center Operations Manager 2022 and 1 more 2026-03-23 8.8 High
Improper input validation in System Center Operations Manager allows an authorized attacker to elevate privileges over a network.
CVE-2026-23656 1 Microsoft 2 Windows App, Windows App Client For Windows Desktop 2026-03-23 5.9 Medium
Insufficient verification of data authenticity in Windows App Installer allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-26114 1 Microsoft 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 2026-03-23 8.8 High
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-26113 1 Microsoft 14 365 Apps, Microsoft 365 Apps For Enterprise, Office and 11 more 2026-03-23 8.4 High
Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2024-10996 1 1000projects 1 Bookstore Management System 2026-03-23 7.3 High
A vulnerability was found in 1000 Projects Bookstore Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/process_category_edit.php. The manipulation of the argument cat leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2026-26112 1 Microsoft 11 365 Apps, Excel, Excel 2016 and 8 more 2026-03-23 7.8 High
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-26111 1 Microsoft 22 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 19 more 2026-03-23 8 High
Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
CVE-2026-26105 1 Microsoft 4 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 and 1 more 2026-03-23 8.1 High
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-25190 1 Microsoft 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more 2026-03-23 7.8 High
Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally.
CVE-2026-25189 1 Microsoft 8 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 5 more 2026-03-23 7.8 High
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.