Total CVEs

131,504

Critical Severity

2,798

High Severity

10,012

Last 7 Days

1,131
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 2,641 - 2,660 of 27,909 CVEs
CVE-2026-43892 HIGH - 8.8

AntSword is a cross-platform website management toolkit. Prior to 2.1.16, incomplete noxss() sanitization leads to 1-click RCE via jquery.terminal format code injection. This vulnerability is fixed in 2.1.16.

Vendor: AntSwordProject
Product: antSword
Published: May 12, 2026
Source: NVD
CVE-2026-42899 HIGH - 7.5

Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.

Vendor: microsoft
Product: .net
Published: May 12, 2026
Source: NVD
CVE-2026-42898 CRITICAL - 9.9

Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.

Vendor: microsoft
Product: dynamics_365
Published: May 12, 2026
Source: NVD
CVE-2026-42896 HIGH - 7.8

Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_11_24h2
Published: May 12, 2026
Source: NVD
CVE-2026-42893 HIGH - 7.4

Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to perform tampering over a network.

Vendor: microsoft
Product: outlook
Published: May 12, 2026
Source: NVD
CVE-2026-42891 MEDIUM - 6.5

User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Vendor: microsoft
Product: edge_chromium
Published: May 12, 2026
Source: NVD
CVE-2026-42838 MEDIUM - 5.4

Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network.

Vendor: microsoft
Product: edge_chromium
Published: May 12, 2026
Source: NVD
CVE-2026-42833 CRITICAL - 9.1

Execution with unnecessary privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.

Vendor: microsoft
Product: dynamics_365
Published: May 12, 2026
Source: NVD
CVE-2026-42832 HIGH - 7.7

Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.

Vendor: microsoft
Product: excel
Published: May 12, 2026
Source: NVD
CVE-2026-42831 HIGH - 7.8

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Vendor: microsoft
Product: office
Published: May 12, 2026
Source: NVD
CVE-2026-42830 MEDIUM - 6.5

Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: azure_monitor_agent
Published: May 12, 2026
Source: NVD
CVE-2026-42825 HIGH - 7.0

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: May 12, 2026
Source: NVD
CVE-2026-42823 CRITICAL - 9.9

Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.

Vendor: microsoft
Product: azure_logic_apps
Published: May 12, 2026
Source: NVD
CVE-2026-42177 MEDIUM - 5.3

linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSO_URL + "/*", i.e. "https://login.microsoftonline.com/*". Chrome...

Vendor: siemens
Product: linux-entra-sso
Published: May 12, 2026
Source: NVD
CVE-2026-42141 HIGH - 7.7

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.1, an authenticated Server-Side Request Forgery (SSRF) vulnerability in the Xibo CMS allows users with Library upload permissions to make arbitrary HTTP requests fro...

Vendor: xibosignage
Product: xibo-cms
Published: May 12, 2026
Source: NVD
CVE-2026-41614 MEDIUM - 6.2

Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally.

Vendor: microsoft
Product: 365_copilot
Published: May 12, 2026
Source: NVD
CVE-2026-41613 HIGH - 8.8

Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.

Vendor: microsoft
Product: visual_studio_code
Published: May 12, 2026
Source: NVD
CVE-2026-41612 MEDIUM - 5.5

Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally.

Vendor: microsoft
Product: live_preview
Published: May 12, 2026
Source: NVD
CVE-2026-41611 HIGH - 7.8

Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally.

Vendor: microsoft
Product: visual_studio_code
Published: May 12, 2026
Source: NVD
CVE-2026-41610 MEDIUM - 6.3

Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.

Vendor: microsoft
Product: visual_studio_code
Published: May 12, 2026
Source: NVD