Export limit exceeded: 345464 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345464 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-26179 | 1 Microsoft | 13 Windows 11 22h3, Windows 11 23h2, Windows 11 23h2 and 10 more | 2026-04-20 | 7.8 High |
| Double free in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-26175 | 1 Microsoft | 24 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 21 more | 2026-04-20 | 4.6 Medium |
| Use of uninitialized resource in Windows Boot Manager allows an unauthorized attacker to bypass a security feature with a physical attack. | ||||
| CVE-2026-26174 | 1 Microsoft | 29 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 26 more | 2026-04-20 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Server Update Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-26167 | 1 Microsoft | 24 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 21 more | 2026-04-20 | 8.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-26166 | 1 Microsoft | 14 Windows 11 22h3, Windows 11 23h2, Windows 11 23h2 and 11 more | 2026-04-20 | 7 High |
| Double free in Windows Shell allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-26165 | 1 Microsoft | 14 Windows 11 22h3, Windows 11 23h2, Windows 11 23h2 and 11 more | 2026-04-20 | 7 High |
| Use after free in Windows Shell allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-26162 | 1 Microsoft | 29 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 26 more | 2026-04-20 | 7.8 High |
| Access of resource using incompatible type ('type confusion') in Windows OLE allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-26161 | 1 Microsoft | 21 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 18 more | 2026-04-20 | 7.8 High |
| Untrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-26160 | 1 Microsoft | 29 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 26 more | 2026-04-20 | 7.8 High |
| Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-26155 | 1 Microsoft | 24 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 21 more | 2026-04-20 | 6.5 Medium |
| Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | ||||
| CVE-2026-26154 | 1 Microsoft | 14 Windows Server 2012, Windows Server 2012 (server Core Installation), Windows Server 2012 R2 and 11 more | 2026-04-20 | 7.5 High |
| Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network. | ||||
| CVE-2026-26151 | 1 Microsoft | 29 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 26 more | 2026-04-20 | 7.1 High |
| Insufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-23670 | 1 Microsoft | 24 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 21 more | 2026-04-20 | 5.7 Medium |
| Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally. | ||||
| CVE-2026-20945 | 1 Microsoft | 5 Sharepoint Enterprise Server 2016, Sharepoint Server, Sharepoint Server 2016 and 2 more | 2026-04-20 | 4.6 Medium |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||||
| CVE-2026-25184 | 1 Microsoft | 13 Windows 11 22h3, Windows 11 23h2, Windows 11 23h2 and 10 more | 2026-04-20 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Applocker Filter Driver (applockerfltr.sys) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-23653 | 1 Microsoft | 1 Visual Studio Code Copilot Chat Extension | 2026-04-20 | 5.7 Medium |
| Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network. | ||||
| CVE-2026-20930 | 1 Microsoft | 19 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 16 more | 2026-04-20 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-33631 | 1 Craigjbass | 1 Clearancekit | 2026-04-20 | 8.7 High |
| ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. In versions on the 4.1 branch and earlier, the opfilter Endpoint Security system extension enforced file access policy exclusively by intercepting ES_EVENT_TYPE_AUTH_OPEN events. Seven additional file operation event types were not intercepted, allowing any locally running process to bypass the configured FAA policy without triggering a denial. Commit a3d1733 adds subscriptions for all seven event types and routes them through the existing FAA policy evaluator. AUTH_RENAME and AUTH_UNLINK additionally preserve XProtect change detection: events on the XProtect path are allowed and trigger the existing onXProtectChanged callback rather than being evaluated against user policy. All versions on the 4.2 branch contain the fix. No known workarounds are available. | ||||
| CVE-2026-33340 | 2 Lollms, Parisneo | 2 Lollms Web Ui, Lollms-webui | 2026-04-20 | 9.1 Critical |
| LoLLMs WEBUI provides the Web user interface for Lord of Large Language and Multi modal Systems. A critical Server-Side Request Forgery (SSRF) vulnerability has been identified in all known existing versions of `lollms-webui`. The `@router.post("/api/proxy")` endpoint allows unauthenticated attackers to force the server into making arbitrary GET requests. This can be exploited to access internal services, scan local networks, or exfiltrate sensitive cloud metadata (e.g., AWS/GCP IAM tokens). As of time of publication, no known patched versions are available. | ||||
| CVE-2026-33849 | 1 Linkingvision | 1 Rapidvms | 2026-04-20 | 8.8 High |
| Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvision rapidvms.This issue affects rapidvms: before PR#96. | ||||