Total CVEs

138,502

Critical Severity

3,573

High Severity

12,821

Last 7 Days

2,015
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 3,781 - 3,800 of 12,518 CVEs
CVE-2026-42141 HIGH - 7.7

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.1, an authenticated Server-Side Request Forgery (SSRF) vulnerability in the Xibo CMS allows users with Library upload permissions to make arbitrary HTTP requests fro...

Vendor: xibosignage
Product: xibo-cms
Published: May 12, 2026
Source: NVD
CVE-2026-41613 HIGH - 8.8

Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.

Vendor: microsoft
Product: visual_studio_code
Published: May 12, 2026
Source: NVD
CVE-2026-41611 HIGH - 7.8

Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally.

Vendor: microsoft
Product: visual_studio_code
Published: May 12, 2026
Source: NVD
CVE-2026-41109 HIGH - 8.8

Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network.

Vendor: microsoft
Product: visual_studio_code
Published: May 12, 2026
Source: NVD
CVE-2026-41107 HIGH - 7.4

External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

Vendor: microsoft
Product: edge_chromium
Published: May 12, 2026
Source: NVD
CVE-2026-41102 HIGH - 7.1

Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally.

Vendor: microsoft
Product: powerpoint
Published: May 12, 2026
Source: NVD
CVE-2026-41101 HIGH - 7.1

Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.

Vendor: microsoft
Product: word
Published: May 12, 2026
Source: NVD
CVE-2026-41095 HIGH - 7.8

Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_server_2012
Published: May 12, 2026
Source: NVD
CVE-2026-41094 HIGH - 8.8

Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network.

Vendor: microsoft
Product: data_formulator
Published: May 12, 2026
Source: NVD
CVE-2026-41088 HIGH - 7.8

External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_21h2
Published: May 12, 2026
Source: NVD
CVE-2026-41086 HIGH - 8.8

Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

Vendor: microsoft
Product: windows_admin_center
Published: May 12, 2026
Source: NVD
CVE-2026-40420 HIGH - 8.8

Improper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: 365_apps
Published: May 12, 2026
Source: NVD
CVE-2026-40419 HIGH - 7.8

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: 365_apps
Published: May 12, 2026
Source: NVD
CVE-2026-40418 HIGH - 7.8

Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: 365_apps
Published: May 12, 2026
Source: NVD
CVE-2026-40417 HIGH - 7.8

Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally.

Published: May 12, 2026
Source: NVD
CVE-2026-40415 HIGH - 8.1

Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.

Vendor: microsoft
Product: windows_10_1809
Published: May 12, 2026
Source: NVD
CVE-2026-40414 HIGH - 7.4

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.

Vendor: microsoft
Product: windows_10_1607
Published: May 12, 2026
Source: NVD
CVE-2026-40413 HIGH - 7.4

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.

Vendor: microsoft
Product: windows_10_1607
Published: May 12, 2026
Source: NVD
CVE-2026-40410 HIGH - 7.0

Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: May 12, 2026
Source: NVD
CVE-2026-40408 HIGH - 7.8

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: May 12, 2026
Source: NVD