Search

Search Results (366372 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-50328 1 Microsoft 8 Windows 10 1607, Windows 10 1809, Windows Server 2012 and 5 more 2026-07-15 7.5 High
Uncaught exception in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network.
CVE-2026-50360 1 Microsoft 7 Windows 10 21h2, Windows 10 22h2, Windows 11 24h2 and 4 more 2026-07-15 8.8 High
Incorrect implementation of authentication algorithm in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-50343 1 Microsoft 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more 2026-07-15 7.8 High
Improper privilege management in Microsoft Install Service allows an authorized attacker to elevate privileges locally.
CVE-2026-50430 1 Microsoft 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more 2026-07-15 5.5 Medium
Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally.
CVE-2026-11802 2026-07-15 5.3 Medium
The FoodBook Lite - Online Food Ordering System plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5.6. The registration() function, accessible via the wp_ajax_nopriv_registration_action AJAX action, lacks any nonce verification or capability check, and does not check the WordPress users_can_register option before calling wp_insert_user(). This makes it possible for unauthenticated attackers to create new user accounts with the 'customer' role and receive authentication cookies, even when the site administrator has explicitly disabled user registration.
CVE-2026-50335 1 Microsoft 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more 2026-07-15 7.8 High
Improper access control in Windows Operating Systems allows an authorized attacker to elevate privileges locally.
CVE-2026-50317 1 Microsoft 4 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 1 more 2026-07-15 7.8 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Operating Systems allows an authorized attacker to elevate privileges locally.
CVE-2026-41087 1 Microsoft 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more 2026-07-15 5.5 Medium
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2025-13968 2 Starboardsuite, Wordpress 2 Starboard Suite Reservation Calendars, Wordpress 2026-07-15 6.4 Medium
The Starboard Suite Reservation Calendars plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in the [starboard-suite-lightbox] shortcode in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2026-57831 2026-07-15 N/A
The Joomla extension DP Calendar is vulnerable to an unauthenticated SQL injection.
CVE-2026-50418 1 Microsoft 5 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 2 more 2026-07-15 5.1 Medium
Improper access control in Windows System allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-50387 1 Microsoft 17 Office, Office 365, Office Macos 2021 and 14 more 2026-07-15 7.8 High
Stack-based buffer overflow in Windows GDI allows an authorized attacker to elevate privileges locally.
CVE-2026-50352 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-15 5.5 Medium
Exposure of sensitive information to an unauthorized actor in Windows Cryptographic Services allows an authorized attacker to disclose information locally.
CVE-2026-50302 1 Microsoft 7 Windows 10 21h2, Windows 10 22h2, Windows 11 24h2 and 4 more 2026-07-15 4.2 Medium
Improper certificate validation in Windows Cryptographic Services allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-50419 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-15 3.3 Low
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2026-50321 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-15 7.8 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-50425 1 Microsoft 6 Windows 10 21h2, Windows 10 22h2, Windows 11 24h2 and 3 more 2026-07-15 7.8 High
Use after free in Windows Internal System User Profile allows an authorized attacker to elevate privileges locally.
CVE-2026-50456 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-15 5.5 Medium
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-21039 1 Samsung 1 Mobile Devices 2026-07-15 N/A
Improper access control in Settings prior to SMR Jul-2026 Release 1 allows local attackers to configure Theft protection settings.
CVE-2026-21042 1 Samsung Mobile 1 Samsung Mobile Devices 2026-07-15 N/A
Out-of-bounds write in libsavsac.so prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrary code.