Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,916
Quick preset (or use dates below)
Clear Filters
Showing 10,021 - 10,040 of 14,108 CVEs
CVE-2026-24285 HIGH - 7.0

Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: office
Published: Mar 10, 2026
Source: NVD
CVE-2026-24283 HIGH - 8.8

Heap-based buffer overflow in Windows File Server allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_11_24h2
Published: Mar 10, 2026
Source: NVD
CVE-2026-24018 HIGH - 7.8

A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, FortiClientLinux 7.2.2 through 7.2.12 may allow a local and unprivileged user to escalate their privileges to root.

Vendor: Fortinet
Product: FortiClientLinux
Published: Mar 10, 2026
Source: NVD
CVE-2026-24017 HIGH - 8.1

An Improper Control of Interaction Frequency vulnerability [CWE-799] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to bypass...

Vendor: Fortinet
Product: FortiWeb
Published: Mar 10, 2026
Source: NVD
CVE-2026-23674 HIGH - 7.5

Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.

Vendor: microsoft
Product: windows_10_1607
Published: Mar 10, 2026
Source: NVD
CVE-2026-23673 HIGH - 7.8

Out-of-bounds read in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: Mar 10, 2026
Source: NVD
CVE-2026-23672 HIGH - 7.8

Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability

Vendor: microsoft
Product: windows_10_1607
Published: Mar 10, 2026
Source: NVD
CVE-2026-23671 HIGH - 7.0

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: Mar 10, 2026
Source: NVD
CVE-2026-23669 HIGH - 8.8

Use after free in Windows Print Spooler Components allows an authorized attacker to execute code over a network.

Vendor: microsoft
Product: windows_10_1607
Published: Mar 10, 2026
Source: NVD
CVE-2026-23668 HIGH - 7.0

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: Mar 10, 2026
Source: NVD
CVE-2026-23667 HIGH - 7.0

Use after free in Broadcast DVR allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1809
Published: Mar 10, 2026
Source: NVD
CVE-2026-23665 HIGH - 7.8

Heap-based buffer overflow in Azure Linux Virtual Machines allows an authorized attacker to elevate privileges locally.

Published: Mar 10, 2026
Source: NVD
CVE-2026-23664 HIGH - 7.5

Improper restriction of communication channel to intended endpoints in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.

Vendor: microsoft
Product: azure_iot_explorer
Published: Mar 10, 2026
Source: NVD
CVE-2026-23662 HIGH - 7.5

Missing authentication for critical function in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.

Vendor: microsoft
Product: azure_iot_explorer
Published: Mar 10, 2026
Source: NVD
CVE-2026-23661 HIGH - 7.5

Cleartext transmission of sensitive information in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.

Vendor: microsoft
Product: azure_iot_explorer
Published: Mar 10, 2026
Source: NVD
CVE-2026-23660 HIGH - 7.8

Improper access control in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally.

Published: Mar 10, 2026
Source: NVD
CVE-2026-23654 HIGH - 8.8

Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network.

Vendor: microsoft
Product: zero-shot-scfoundation
Published: Mar 10, 2026
Source: NVD
CVE-2026-22627 HIGH - 8.8

A buffer copy without checking size of input ('classic buffer overflow') vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an unauthenticated attacker within the same adjacent network to execute unauthorized code or commands on the device via sending a crafted LLDP...

Vendor: Fortinet
Product: FortiSwitchAXFixed
Published: Mar 10, 2026
Source: NVD
CVE-2026-22572 HIGH - 7.2

An authentication bypass using an alternate path or channel vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.2 through 7.2.11, FortiAnalyzer Cloud 7.6.0 through 7.6.3, FortiAnalyzer Cloud 7.4.0 through 7.4.7, FortiAnalyzer Cloud 7.2.2 ...

Vendor: Fortinet
Product: FortiManager Cloud, FortiManager, FortiAnalyzer Cloud, FortiAnalyzer
Published: Mar 10, 2026
Source: NVD
CVE-2026-21262 HIGH - 8.8

Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.

Vendor: microsoft
Product: sql_server_2016
Published: Mar 10, 2026
Source: NVD