Search

Search Results (364271 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-47636 1 Microsoft 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 2026-07-08 5.4 Medium
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-47635 1 Microsoft 1 Office 2024 2026-07-08 8.4 High
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-45645 1 Microsoft 8 365 Apps, Office 2016, Office 2019 and 5 more 2026-07-08 7.8 High
Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-45641 1 Microsoft 15 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 12 more 2026-07-08 8.4 High
Access of resource using incompatible type ('type confusion') in Windows Hyper-V allows an unauthorized attacker to execute code locally.
CVE-2026-45503 1 Microsoft 9 Exchange Server, Exchange Server 2016, Exchange Server 2019 and 6 more 2026-07-08 8.1 High
Improper authorization in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.
CVE-2026-45501 1 Microsoft 9 Exchange Server, Exchange Server 2016, Exchange Server 2019 and 6 more 2026-07-08 6.5 Medium
Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to perform spoofing over a network.
CVE-2026-45461 1 Microsoft 9 365 Apps, Office, Office 2016 and 6 more 2026-07-08 8.4 High
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-45460 1 Microsoft 8 365 Apps, Office, Office 2019 and 5 more 2026-07-08 4.7 Medium
Buffer over-read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-45458 1 Microsoft 13 365 Apps, Microsoft 365, Office 2019 and 10 more 2026-07-08 8.4 High
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-45453 1 Microsoft 5 Sharepoint Enterprise Server 2016, Sharepoint Server, Sharepoint Server 2016 and 2 more 2026-07-08 5.4 Medium
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-44823 1 Microsoft 9 365 Apps, Excel 2016, Office 2019 and 6 more 2026-07-08 7.8 High
Numeric truncation error in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-44820 1 Microsoft 11 365 Apps, Excel, Excel 2016 and 8 more 2026-07-08 7.8 High
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-44818 1 Microsoft 11 365 Apps, Excel, Excel 2016 and 8 more 2026-07-08 7 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-44817 1 Microsoft 11 365 Apps, Excel, Excel 2016 and 8 more 2026-07-08 7.8 High
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-45486 1 Microsoft 7 365 Apps, Microsoft 365, Office 2021 and 4 more 2026-07-08 7.8 High
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-45474 1 Microsoft 10 365 Apps, Office, Office 2016 and 7 more 2026-07-08 8.4 High
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-45472 1 Microsoft 11 365 Apps, Microsoft 365 Apps For Enterprise, Office and 8 more 2026-07-08 8.4 High
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-15134 1 Codeastro 1 Simple Online Leave Management System 2026-07-08 7.3 High
A vulnerability was determined in CodeAstro Simple Online Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /SimpleOnlineLeave/index.php. Executing a manipulation of the argument email can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
CVE-2026-35211 1 Opencti-platform 1 Opencti 2026-07-08 6.5 Medium
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260401.0, the OpenCTI GraphQL API exposes a script filter operator in its FilterOperator enum that allows any authenticated user with the KNOWLEDGE capability to pass user-supplied Elasticsearch Painless script values directly into search queries without validation or sanitization, allowing computationally expensive scripts to consume cluster CPU resources and degrade or deny service for all users. This issue is fixed in version 7.260401.0.
CVE-2026-14891 1 Hashicorp 2 Nomad, Nomad Enterprise 2026-07-08 8.7 High
HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver that may allow a job submitter to bind-mount a host path into a container even when volume bind mounts are disabled, potentially leading to reading and writing files on the host. This vulnerability, CVE-2026-14891, is fixed in Nomad Community Edition 2.0.4 and Nomad Enterprise 2.0.4, 1.11.8, and 1.10.14.