Total CVEs

132,015

Critical Severity

2,817

High Severity

10,081

Last 7 Days

1,555
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 3,161 - 3,180 of 28,420 CVEs
CVE-2026-42831 HIGH - 7.8

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Vendor: microsoft
Product: office
Published: May 12, 2026
Source: NVD
CVE-2026-42830 MEDIUM - 6.5

Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: azure_monitor_agent
Published: May 12, 2026
Source: NVD
CVE-2026-42825 HIGH - 7.0

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: May 12, 2026
Source: NVD
CVE-2026-42823 CRITICAL - 9.9

Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.

Vendor: microsoft
Product: azure_logic_apps
Published: May 12, 2026
Source: NVD
CVE-2026-42177 MEDIUM - 5.3

linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSO_URL + "/*", i.e. "https://login.microsoftonline.com/*". Chrome...

Vendor: siemens
Product: linux-entra-sso
Published: May 12, 2026
Source: NVD
CVE-2026-42141 HIGH - 7.7

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.1, an authenticated Server-Side Request Forgery (SSRF) vulnerability in the Xibo CMS allows users with Library upload permissions to make arbitrary HTTP requests fro...

Vendor: xibosignage
Product: xibo-cms
Published: May 12, 2026
Source: NVD
CVE-2026-41614 MEDIUM - 6.2

Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally.

Vendor: microsoft
Product: 365_copilot
Published: May 12, 2026
Source: NVD
CVE-2026-41613 HIGH - 8.8

Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.

Vendor: microsoft
Product: visual_studio_code
Published: May 12, 2026
Source: NVD
CVE-2026-41612 MEDIUM - 5.5

Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally.

Vendor: microsoft
Product: live_preview
Published: May 12, 2026
Source: NVD
CVE-2026-41611 HIGH - 7.8

Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally.

Vendor: microsoft
Product: visual_studio_code
Published: May 12, 2026
Source: NVD
CVE-2026-41610 MEDIUM - 6.3

Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.

Vendor: microsoft
Product: visual_studio_code
Published: May 12, 2026
Source: NVD
CVE-2026-41513

Horilla is an HR and CRM software. In 1.5.0, the notification endpoints trust the unvalidated next parameter and redirect users to arbitrary external URLs. This allows an attacker to turn trusted application links into phishing or social-engineering redirects.

Vendor: horilla
Product: horilla-hr
Published: May 12, 2026
Source: NVD
CVE-2026-41109 HIGH - 8.8

Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network.

Vendor: microsoft
Product: visual_studio_code
Published: May 12, 2026
Source: NVD
CVE-2026-41107 HIGH - 7.4

External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

Vendor: microsoft
Product: edge_chromium
Published: May 12, 2026
Source: NVD
CVE-2026-41103 CRITICAL - 9.1

Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.

Vendor: microsoft
Product: confluence_saml_sso
Published: May 12, 2026
Source: NVD
CVE-2026-41102 HIGH - 7.1

Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally.

Vendor: microsoft
Product: powerpoint
Published: May 12, 2026
Source: NVD
CVE-2026-41101 HIGH - 7.1

Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.

Vendor: microsoft
Product: word
Published: May 12, 2026
Source: NVD
CVE-2026-41100 MEDIUM - 4.4

Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.

Vendor: microsoft
Product: 365_copilot
Published: May 12, 2026
Source: NVD
CVE-2026-41097 MEDIUM - 6.7

Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

Vendor: microsoft
Product: windows_10_1809
Published: May 12, 2026
Source: NVD
CVE-2026-41096 CRITICAL - 9.8

Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.

Vendor: microsoft
Product: windows_11_23h2
Published: May 12, 2026
Source: NVD