Export limit exceeded: 345207 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345207 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25965 | 1 Imagemagick | 1 Imagemagick | 2026-04-17 | 8.6 High |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick’s path security policy is enforced on the raw filename string before the filesystem resolves it. As a result, a policy rule such as /etc/* can be bypassed by a path traversal. The OS resolves the traversal and opens the sensitive file, but the policy matcher only sees the unnormalized path and therefore allows the read. This enables local file disclosure (LFI) even when policy-secure.xml is applied. Actions to prevent reading from files have been taken in versions .7.1.2-15 and 6.9.13-40 But it make sure writing is also not possible the following should be added to one's policy. This will also be included in ImageMagick's more secure policies by default. | ||||
| CVE-2026-33119 | 1 Microsoft | 1 Edge | 2026-04-17 | 5.4 Medium |
| User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-33118 | 1 Microsoft | 1 Edge Chromium | 2026-04-17 | 4.3 Medium |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||||
| CVE-2026-32214 | 1 Microsoft | 29 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 26 more | 2026-04-17 | 5.5 Medium |
| Improper access control in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-33115 | 1 Microsoft | 5 365 Apps, Office 2021, Office 2024 and 2 more | 2026-04-17 | 8.4 High |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-33114 | 1 Microsoft | 5 365 Apps, Office 2021, Office 2024 and 2 more | 2026-04-17 | 8.4 High |
| Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-33103 | 1 Microsoft | 1 Dynamics 365 | 2026-04-17 | 5.5 Medium |
| Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-32203 | 1 Microsoft | 3 .net, Microsoft Visual Studio 2022, Visual Studio 2022 | 2026-04-17 | 7.5 High |
| Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-26171 | 1 Microsoft | 1 .net | 2026-04-17 | 7.5 High |
| Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-32201 | 1 Microsoft | 4 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 and 1 more | 2026-04-17 | 6.5 Medium |
| Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-32200 | 1 Microsoft | 6 365 Apps, Microsoft 365 Apps For Enterprise, Office 2019 and 3 more | 2026-04-17 | 7.8 High |
| Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-32199 | 1 Microsoft | 8 365 Apps, Excel 2016, Office 2019 and 5 more | 2026-04-17 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-32198 | 1 Microsoft | 8 365 Apps, Excel 2016, Office 2019 and 5 more | 2026-04-17 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-32197 | 1 Microsoft | 8 365 Apps, Excel 2016, Office 2019 and 5 more | 2026-04-17 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-32196 | 1 Microsoft | 1 Windows Admin Center | 2026-04-17 | 6.1 Medium |
| Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-32190 | 1 Microsoft | 7 365 Apps, Office 2016, Office 2019 and 4 more | 2026-04-17 | 8.4 High |
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-32176 | 1 Microsoft | 15 Microsoft Sql Server 2016 Service Pack 3 (gdr), Microsoft Sql Server 2016 Service Pack 3 Azure Connect Feature Pack, Microsoft Sql Server 2017 (cu 31) and 12 more | 2026-04-17 | 6.7 Medium |
| Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-32171 | 1 Microsoft | 1 Azure Logic Apps | 2026-04-17 | 8.8 High |
| Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-32164 | 1 Microsoft | 24 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 21 more | 2026-04-17 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-32163 | 1 Microsoft | 21 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 18 more | 2026-04-17 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally. | ||||