Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,590
Quick preset (or use dates below)
Clear Filters
Showing 9,841 - 9,860 of 13,923 CVEs
CVE-2026-23673 HIGH - 7.8

Out-of-bounds read in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: Mar 10, 2026
Source: NVD
CVE-2026-23672 HIGH - 7.8

Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability

Vendor: microsoft
Product: windows_10_1607
Published: Mar 10, 2026
Source: NVD
CVE-2026-23671 HIGH - 7.0

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: Mar 10, 2026
Source: NVD
CVE-2026-23669 HIGH - 8.8

Use after free in Windows Print Spooler Components allows an authorized attacker to execute code over a network.

Vendor: microsoft
Product: windows_10_1607
Published: Mar 10, 2026
Source: NVD
CVE-2026-23668 HIGH - 7.0

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: Mar 10, 2026
Source: NVD
CVE-2026-23667 HIGH - 7.0

Use after free in Broadcast DVR allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1809
Published: Mar 10, 2026
Source: NVD
CVE-2026-23665 HIGH - 7.8

Heap-based buffer overflow in Azure Linux Virtual Machines allows an authorized attacker to elevate privileges locally.

Published: Mar 10, 2026
Source: NVD
CVE-2026-23664 HIGH - 7.5

Improper restriction of communication channel to intended endpoints in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.

Vendor: microsoft
Product: azure_iot_explorer
Published: Mar 10, 2026
Source: NVD
CVE-2026-23662 HIGH - 7.5

Missing authentication for critical function in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.

Vendor: microsoft
Product: azure_iot_explorer
Published: Mar 10, 2026
Source: NVD
CVE-2026-23661 HIGH - 7.5

Cleartext transmission of sensitive information in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.

Vendor: microsoft
Product: azure_iot_explorer
Published: Mar 10, 2026
Source: NVD
CVE-2026-23660 HIGH - 7.8

Improper access control in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally.

Published: Mar 10, 2026
Source: NVD
CVE-2026-23654 HIGH - 8.8

Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network.

Vendor: microsoft
Product: zero-shot-scfoundation
Published: Mar 10, 2026
Source: NVD
CVE-2026-22627 HIGH - 8.8

A buffer copy without checking size of input ('classic buffer overflow') vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an unauthenticated attacker within the same adjacent network to execute unauthorized code or commands on the device via sending a crafted LLDP...

Vendor: Fortinet
Product: FortiSwitchAXFixed
Published: Mar 10, 2026
Source: NVD
CVE-2026-22572 HIGH - 7.2

An authentication bypass using an alternate path or channel vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.2 through 7.2.11, FortiAnalyzer Cloud 7.6.0 through 7.6.3, FortiAnalyzer Cloud 7.4.0 through 7.4.7, FortiAnalyzer Cloud 7.2.2 ...

Vendor: Fortinet
Product: FortiManager Cloud, FortiManager, FortiAnalyzer Cloud, FortiAnalyzer
Published: Mar 10, 2026
Source: NVD
CVE-2026-21262 HIGH - 8.8

Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.

Vendor: microsoft
Product: sql_server_2016
Published: Mar 10, 2026
Source: NVD
CVE-2026-20967 HIGH - 8.8

Improper input validation in System Center Operations Manager allows an authorized attacker to elevate privileges over a network.

Vendor: microsoft
Product: system_center_operations_manager
Published: Mar 10, 2026
Source: NVD
CVE-2026-1261 HIGH - 7.2

The MetForm Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Quiz feature in all versions up to, and including, 3.9.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

Published: Mar 10, 2026
Source: NVD
CVE-2025-68648 HIGH - 7.2

A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.7, FortiAnalyzer...

Vendor: Fortinet
Product: FortiManager Cloud, FortiAnalyzer, FortiManager, FortiAnalyzer Cloud
Published: Mar 10, 2026
Source: NVD
CVE-2025-66178 HIGH - 7.2

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2.0 through 7.2.12, FortiWeb 7.0.0 through 7.0.12 may allow an authen...

Vendor: Fortinet
Product: FortiWeb
Published: Mar 10, 2026
Source: NVD
CVE-2025-56421 HIGH - 7.5

SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710 allows a remote attacker to obtain sensitive information from the database.

Vendor: composer
Product: limesurvey/limesurvey
Published: Mar 10, 2026
Source: NVD