Export limit exceeded: 344763 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344763 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-26183 | 1 Microsoft | 14 Windows Server 2012, Windows Server 2012 (server Core Installation), Windows Server 2012 R2 and 11 more | 2026-04-15 | 7.8 High |
| Improper access control in Windows RPC API allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-32167 | 1 Microsoft | 10 Microsoft Sql Server 2016 Service Pack 3 Azure Connect Feature Pack, Microsoft Sql Server 2017 (gdr), Microsoft Sql Server 2019 (gdr) and 7 more | 2026-04-15 | 6.7 Medium |
| Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-32168 | 1 Microsoft | 2 Azure Monitor, Azure Monitor Agent | 2026-04-15 | 7.8 High |
| Improper input validation in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-32188 | 1 Microsoft | 8 365 Apps, Excel 2016, Office 2019 and 5 more | 2026-04-15 | 7.1 High |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2026-32192 | 1 Microsoft | 2 Azure Monitor, Azure Monitor Agent | 2026-04-15 | 7.8 High |
| Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-33095 | 1 Microsoft | 5 365 Apps, Office 2021, Office 2024 and 2 more | 2026-04-15 | 7.8 High |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-33120 | 1 Microsoft | 1 Sql Server 2022 | 2026-04-15 | 8.8 High |
| Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-33822 | 1 Microsoft | 3 365 Apps, Office Macos 2021, Office Macos 2024 | 2026-04-15 | 6.1 Medium |
| Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2026-33826 | 1 Microsoft | 12 Windows Server 2012 R2, Windows Server 2012 R2, Windows Server 2012 R2 (server Core Installation) and 9 more | 2026-04-15 | 8 High |
| Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network. | ||||
| CVE-2026-27912 | 1 Microsoft | 14 Windows Server 2012, Windows Server 2012 (server Core Installation), Windows Server 2012 R2 and 11 more | 2026-04-15 | 8 High |
| Improper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network. | ||||
| CVE-2026-27913 | 1 Microsoft | 12 Windows Server 2012, Windows Server 2012 (server Core Installation), Windows Server 2012 R2 and 9 more | 2026-04-15 | 7.7 High |
| Improper input validation in Windows BitLocker allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2026-32080 | 1 Microsoft | 9 Windows Server 2016, Windows Server 2016 (server Core Installation), Windows Server 2019 and 6 more | 2026-04-15 | 7 High |
| Use after free in Windows WalletService allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-32171 | 1 Microsoft | 1 Azure Logic Apps | 2026-04-15 | 8.8 High |
| Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-32176 | 1 Microsoft | 15 Microsoft Sql Server 2016 Service Pack 3 (gdr), Microsoft Sql Server 2016 Service Pack 3 Azure Connect Feature Pack, Microsoft Sql Server 2017 (cu 31) and 12 more | 2026-04-15 | 6.7 Medium |
| Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-32190 | 1 Microsoft | 7 365 Apps, Office 2016, Office 2019 and 4 more | 2026-04-15 | 8.4 High |
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-32196 | 1 Microsoft | 1 Windows Admin Center | 2026-04-15 | 6.1 Medium |
| Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-32197 | 1 Microsoft | 8 365 Apps, Excel 2016, Office 2019 and 5 more | 2026-04-15 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-32198 | 1 Microsoft | 8 365 Apps, Excel 2016, Office 2019 and 5 more | 2026-04-15 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-32199 | 1 Microsoft | 8 365 Apps, Excel 2016, Office 2019 and 5 more | 2026-04-15 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-39399 | 1 Nuget | 1 Nugetgallery | 2026-04-15 | 9.6 Critical |
| NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can supply a crafted nuspec file with malicious metadata, leading to cross package metadata injection that may result in remote code execution (RCE) and/or arbitrary blob writes due to insufficient input validation. The issue is exploitable via URI fragment injection using unsanitized package identifiers, allowing an attacker to control the resolved blob path. This enables writes to arbitrary blobs within the storage container, not limited to .nupkg files, resulting in potential tampering of existing content. This issue has been patched in commit 0e80f87628349207cdcaf55358491f8a6f1ca276. | ||||