Export limit exceeded: 350802 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 350802 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (350802 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-40699 | 2026-05-13 | 6.5 Medium | ||
| A vulnerability exists in the undisclosed pages in the Configuration utility that may allow a low-privileged authenticated attacker to access to undisclosed sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2026-34019 | 2026-05-13 | 5.3 Medium | ||
| When Bidirectional Forwarding Detection (BFD) is configured in Static and Dynamic routing protocols, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to stop processing BFD packets and cause the configured routing protocol to fail over. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2026-40462 | 2026-05-13 | 6.5 Medium | ||
| Incorrect permission assignment vulnerabilities exist in iControl REST and TMOS shell (tmsh) undisclosed command which may allow an authenticated attacker to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2026-28758 | 2026-05-13 | 4.4 Medium | ||
| When BIG-IP DNS is provisioned, a vulnerability exists in the gtm_add and bigip_add iControl REST commands that return the ssh-password parameter in cleartext in the iControl REST response and is also logged in the audit log. This may allow a highly privileged, authenticated attacker with access to the audit log to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||
| CVE-2026-41954 | 2026-05-13 | 4.9 Medium | ||
| Sensitive information disclosure vulnerability exists in the undisclosed iControl REST endpoint and TMOS Shell (tmsh) command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2026-40435 | 2026-05-13 | 5.3 Medium | ||
| When configured, IP-based access restrictions for httpd do not cover all endpoints, which may allow connections from blocked addresses. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2026-43892 | 1 Antsword Project | 1 Antsword | 2026-05-13 | 8.8 High |
| AntSword is a cross-platform website management toolkit. Prior to 2.1.16, incomplete noxss() sanitization leads to 1-click RCE via jquery.terminal format code injection. This vulnerability is fixed in 2.1.16. | ||||
| CVE-2026-37430 | 2026-05-13 | N/A | ||
| An arbitrary file upload vulnerability in the ShopOrderImportController.java component of qihang-wms commit 75c15a allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2026-42833 | 1 Microsoft | 1 Dynamics 365 | 2026-05-13 | 9.1 Critical |
| Execution with unnecessary privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-40416 | 1 Microsoft | 1 Edge Chromium | 2026-05-13 | 4.3 Medium |
| User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-40413 | 1 Microsoft | 29 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 26 more | 2026-05-13 | 7.4 High |
| Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network. | ||||
| CVE-2026-40397 | 1 Microsoft | 29 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 26 more | 2026-05-13 | 7.8 High |
| Integer underflow (wrap or wraparound) in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-40382 | 1 Microsoft | 29 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 26 more | 2026-05-13 | 7.8 High |
| Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-40369 | 1 Microsoft | 8 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 5 more | 2026-05-13 | 7.8 High |
| Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-42896 | 1 Microsoft | 8 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 5 more | 2026-05-13 | 7.8 High |
| Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-41096 | 1 Microsoft | 14 Windows 11 22h3, Windows 11 23h2, Windows 11 23h2 and 11 more | 2026-05-13 | 9.8 Critical |
| Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-41094 | 1 Microsoft | 2 Data Formulator, Data Formulator | 2026-05-13 | 8.8 High |
| Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-41089 | 1 Microsoft | 14 Windows Server 2012, Windows Server 2012 (server Core Installation), Windows Server 2012 R2 and 11 more | 2026-05-13 | 9.8 Critical |
| Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-40380 | 1 Microsoft | 29 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 26 more | 2026-05-13 | 6.2 Medium |
| Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack. | ||||
| CVE-2026-40364 | 1 Microsoft | 7 365 Apps, Office 2019, Office 2021 and 4 more | 2026-05-13 | 8.4 High |
| Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||