Search

Search Results (366043 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-59200 1 Python-pillow 1 Pillow 2026-07-14 7.5 High
Pillow is a Python imaging library. From 5.1.0 until 12.3.0, PdfParser.PdfStream.decode() in PIL/PdfParser.py calls zlib.decompress() with bufsize set to the PDF stream Length field without bounding the decompressed output size, allowing a crafted FlateDecode PDF stream to exhaust memory from a small file. This issue is fixed in version 12.3.0.
CVE-2026-59197 1 Python-pillow 1 Pillow 2026-07-14 8.2 High
Pillow is a Python imaging library. Prior to 12.3.0, Pillow's public rank-filter API can trigger a native heap out-of-bounds write when given a very large odd filter size because ImageFilter.RankFilter.filter() calls image.expand(size // 2, size // 2) before rank-filter size validation and ImagingExpand() computes output dimensions with unchecked signed int arithmetic. This issue is fixed in version 12.3.0.
CVE-2026-59886 1 Pyasn1 1 Pyasn1 2026-07-14 7.5 High
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the univ.Real type converted its mantissa, base, and exponent value to a Python float using exact big-integer exponentiation. A BER, CER, or DER encoded REAL value only a few bytes long can carry a very large exponent, causing float conversion through prettyPrint(), str(), comparison, arithmetic, int(), or an explicit float() call to consume excessive CPU and memory and hang applications that decode untrusted ASN.1 data and then print, log, or compare decoded objects. This issue is fixed in version 0.6.4.
CVE-2026-4017 2026-07-14 7.4 High
Buffer Overflow in the entry handler of the TraceEvent() system call could allow an attacker with local access to cause information disclosure, data tampering or a crash of the QNX Neutrino kernel.
CVE-2026-62642 1 Roundcube 1 Webmail 2026-07-14 4.3 Medium
In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, an infinite loop was discovered in the TNEF decoder, which may lead to denial of service upon opening an email with a TNEF attachment.
CVE-2026-58529 1 Microsoft 1 Windows 11 26h1 2026-07-14 7.1 High
Out-of-bounds read in Active Directory Federation Services (AD FS) allows an authorized attacker to disclose information over a network.
CVE-2026-55121 1 Microsoft 11 365 Apps, Office 2016, Office 2019 and 8 more 2026-07-14 5.5 Medium
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-56181 1 Microsoft 4 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 1 more 2026-07-14 8.3 High
Origin validation error in Windows Network Address Translation (NAT) allows an unauthorized attacker to perform spoofing over an adjacent network.
CVE-2026-58638 1 Microsoft 12 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 9 more 2026-07-14 6 Medium
Missing cryptographic step in Windows Boot Loader allows an authorized attacker to bypass a security feature locally.
CVE-2026-58637 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-14 7 High
Use after free in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.
CVE-2026-58634 1 Microsoft 1 Windows 11 26h1 2026-07-14 7.8 High
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-58633 1 Microsoft 1 Windows 11 26h1 2026-07-14 7.8 High
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-58632 1 Microsoft 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more 2026-07-14 7.8 High
Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally.
CVE-2026-58629 1 Microsoft 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more 2026-07-14 7 High
Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.
CVE-2026-58628 1 Microsoft 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more 2026-07-14 7.8 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Wireless Networking allows an authorized attacker to elevate privileges locally.
CVE-2026-58627 1 Microsoft 8 Windows 10 1607, Windows 10 1809, Windows Server 2012 and 5 more 2026-07-14 7.5 High
Uncontrolled resource consumption in Windows DHCP Server allows an unauthorized attacker to deny service over a network.
CVE-2026-58626 1 Microsoft 7 Windows 10 21h2, Windows 10 22h2, Windows 11 24h2 and 4 more 2026-07-14 8.8 High
Use after free in Windows Remote Desktop Services allows an authorized attacker to execute code over a network.
CVE-2026-58619 1 Microsoft 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more 2026-07-14 7 High
Use after free in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally.
CVE-2026-58617 1 Microsoft 1 365 Copilot Ios 2026-07-14 8.1 High
Improper access control in Microsoft 365 Copilot for iOS allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-58613 1 Microsoft 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more 2026-07-14 7.8 High
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.