Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,598
Quick preset (or use dates below)
Clear Filters
Showing 9,781 - 9,800 of 13,923 CVEs
CVE-2026-26148 HIGH - 8.1

External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally.

Vendor: microsoft
Product: azure_ad_ssh_login_extension_for_linux
Published: Mar 10, 2026
Source: NVD
CVE-2026-26144 HIGH - 7.5

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.

Vendor: microsoft
Product: 365_apps
Published: Mar 10, 2026
Source: NVD
CVE-2026-26141 HIGH - 7.8

Improper authentication in Azure Arc allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: azure_automation_hybrid_worker_windows_extension
Published: Mar 10, 2026
Source: NVD
CVE-2026-26134 HIGH - 7.8

Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: office
Published: Mar 10, 2026
Source: NVD
CVE-2026-26132 HIGH - 7.8

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

Published: Mar 10, 2026
Source: NVD
CVE-2026-26131 HIGH - 7.8

Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally.

Vendor: nuget
Product: Microsoft.NetCore.App.Runtime.linux-arm
Published: Mar 10, 2026
Source: NVD
CVE-2026-26130 HIGH - 7.5

Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.

Vendor: nuget
Product: Microsoft.AspNetCore.App.Runtime.linux-arm
Published: Mar 10, 2026
Source: NVD
CVE-2026-26128 HIGH - 7.8

Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally.

Published: Mar 10, 2026
Source: NVD
CVE-2026-26127 HIGH - 7.5

Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network.

Vendor: nuget
Product: Microsoft.Bcl.Memory
Published: Mar 10, 2026
Source: NVD
CVE-2026-26121 HIGH - 7.5

Server-side request forgery (ssrf) in Azure IoT Explorer allows an unauthorized attacker to perform spoofing over a network.

Vendor: microsoft
Product: azure_iot_explorer
Published: Mar 10, 2026
Source: NVD
CVE-2026-26118 HIGH - 8.8

Azure MCP Server has Server-Side Request Forgery issue that allows authorized attacker to elevate privileges over a network

Vendor: nuget
Product: Azure.Mcp
Published: Mar 10, 2026
Source: NVD
CVE-2026-26117 HIGH - 7.8

Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: arc_enabled_servers_azure_connected_machine_agent
Published: Mar 10, 2026
Source: NVD
CVE-2026-26116 HIGH - 8.8

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

Vendor: microsoft
Product: sql_server_2016
Published: Mar 10, 2026
Source: NVD
CVE-2026-26115 HIGH - 8.8

Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network.

Vendor: microsoft
Product: sql_server_2016
Published: Mar 10, 2026
Source: NVD
CVE-2026-26114 HIGH - 8.8

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Vendor: microsoft
Product: sharepoint_server
Published: Mar 10, 2026
Source: NVD
CVE-2026-26113 HIGH - 8.4

Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.

Vendor: microsoft
Product: 365_apps
Published: Mar 10, 2026
Source: NVD
CVE-2026-26112 HIGH - 7.8

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Vendor: microsoft
Product: 365_apps
Published: Mar 10, 2026
Source: NVD
CVE-2026-26111 HIGH - 8.8

Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Vendor: microsoft
Product: windows_server_2012
Published: Mar 10, 2026
Source: NVD
CVE-2026-26110 HIGH - 8.4

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

Vendor: microsoft
Product: 365_apps
Published: Mar 10, 2026
Source: NVD
CVE-2026-26109 HIGH - 8.4

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Vendor: microsoft
Product: 365_apps
Published: Mar 10, 2026
Source: NVD